Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp1393070pxb; Fri, 18 Feb 2022 06:58:30 -0800 (PST) X-Google-Smtp-Source: ABdhPJyOgQRyHhrzaSclTHB7NKm12w1L3EQn69HY3Twlg3K0OUmlX/PEe82aaD0HOIJccVlEsMCs X-Received: by 2002:a62:3085:0:b0:4e0:1218:6d03 with SMTP id w127-20020a623085000000b004e012186d03mr8230573pfw.19.1645196310297; Fri, 18 Feb 2022 06:58:30 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1645196310; cv=none; d=google.com; s=arc-20160816; b=Q9qtsXJUcCGxGv9vPQnhTsN/M0O+CvP+kOrO5YSphE2w9iJ6z2SNUfBQKVymaPxw9z 96sXBOXB6Z3ZaEkyGbgJM8WWtQMp2GoiD+0gA1oHVnU5giU5MlyUfqj/BqSZywcV4BiE wZeChzU5Zwg9HJ9+bsz63sN4bfNBNWTIgep0w29kIHEUMRc8xALyRequvwOSvH09CUPl dlD9Fa46eDvFeHDnTVjI13H+lUx9ydJKkJdCZU+OkxV3TeTw98X4eRGy44Cv0JHuH23J V8BRP19iz/x+dV0bwsKjdXRrgC2TE84G6eigTxiHTLYnKr3r0Abrkehsx9dBUzmSpbE0 aa8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=jJgOTQPudt3oISjf/fwwnqfpU9cTacKU+8yA9PWlr3E=; b=mAfknRN5BYSSFU8Yh4yYVZVeSHbuiHyCLxpopS44Vv+glmY+wx8rDg+XHuqH2VFXpp MxoJakZgTLuSlDu/uGov8Qb36OwnL28EdC/FsJNorOduXonC/NRpeVWCDfMGsposM/R2 FaoooYhHnLf3EPz/mMBQwSVWoK136u8Yq6hQ61oVD9bOtzAxLp9KjIqwgrshrURMoe+F JlJcQkrg2hiuvm0yIU0yfzqJBygKhm0tJbXYNWqouf5mmfVzrHNJOtl0bYCGH5X3Ytyh HjrJgMAjI9IgNDQIEqgMUaazVMy44A3hOnyzMvaz+9EzrwJCsw0Hf7dAaQW1OtaUbuHV 2ajw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ucloud.cn Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id om2si3923481pjb.186.2022.02.18.06.58.14; Fri, 18 Feb 2022 06:58:30 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=ucloud.cn Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S236101AbiBROg1 (ORCPT + 99 others); Fri, 18 Feb 2022 09:36:27 -0500 Received: from mxb-00190b01.gslb.pphosted.com ([23.128.96.19]:39910 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S231318AbiBROg0 (ORCPT ); Fri, 18 Feb 2022 09:36:26 -0500 Received: from mail-m2838.qiye.163.com (mail-m2838.qiye.163.com [103.74.28.38]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5F63E281989; Fri, 18 Feb 2022 06:35:50 -0800 (PST) Received: from localhost.localdomain (unknown [124.126.138.100]) by mail-m2838.qiye.163.com (Hmail) with ESMTPA id 3CD763C00E8; Fri, 18 Feb 2022 22:35:34 +0800 (CST) From: Tao Liu To: davem@davemloft.net, yoshfuji@linux-ipv6.org, dsahern@kernel.org, kuba@kernel.org, edumazet@google.com Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Tao Liu Subject: [PATCH net v3] gso: do not skip outer ip header in case of ipip and net_failover Date: Fri, 18 Feb 2022 22:35:24 +0800 Message-Id: <20220218143524.61642-1-thomas.liu@ucloud.cn> X-Mailer: git-send-email 2.30.1 (Apple Git-130) MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-HM-Spam-Status: e1kfGhgUHx5ZQUtXWQgPGg8OCBgUHx5ZQUlOS1dZCBgUCR5ZQVlLVUtZV1 kWDxoPAgseWUFZKDYvK1lXWShZQUlCN1dZLVlBSVdZDwkaFQgSH1lBWUJNTx5WQx4aH05MShhJHk IYVRkRExYaEhckFA4PWVdZFhoPEhUdFFlBWVVLWQY+ X-HM-Sender-Digest: e1kMHhlZQR0aFwgeV1kSHx4VD1lBWUc6MRQ6HDo5TDI4EQ1WODo0NRoz DB8aCjNVSlVKTU9OSkJPQkhPT05IVTMWGhIXVQ8TFBYaCFUXEg47DhgXFA4fVRgVRVlXWRILWUFZ SklPVUpJTVVKSENVSktLWVdZCAFZQU9KTUk3Bg++ X-HM-Tid: 0a7f0d4278268420kuqw3cd763c00e8 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H4,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_NONE, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org We encounter a tcp drop issue in our cloud environment. Packet GROed in host forwards to a VM virtio_net nic with net_failover enabled. VM acts as a IPVS LB with ipip encapsulation. The full path like: host gro -> vm virtio_net rx -> net_failover rx -> ipvs fullnat -> ipip encap -> net_failover tx -> virtio_net tx When net_failover transmits a ipip pkt (gso_type = 0x0103, which means SKB_GSO_TCPV4, SKB_GSO_DODGY and SKB_GSO_IPXIP4), there is no gso did because it supports TSO and GSO_IPXIP4. But network_header points to inner ip header. Call Trace: tcp4_gso_segment ------> return NULL inet_gso_segment ------> inner iph, network_header points to ipip_gso_segment inet_gso_segment ------> outer iph skb_mac_gso_segment Afterwards virtio_net transmits the pkt, only inner ip header is modified. And the outer one just keeps unchanged. The pkt will be dropped in remote host. Call Trace: inet_gso_segment ------> inner iph, outer iph is skipped skb_mac_gso_segment __skb_gso_segment validate_xmit_skb validate_xmit_skb_list sch_direct_xmit __qdisc_run __dev_queue_xmit ------> virtio_net dev_hard_start_xmit __dev_queue_xmit ------> net_failover ip_finish_output2 ip_output iptunnel_xmit ip_tunnel_xmit ipip_tunnel_xmit ------> ipip dev_hard_start_xmit __dev_queue_xmit ip_finish_output2 ip_output ip_forward ip_rcv __netif_receive_skb_one_core netif_receive_skb_internal napi_gro_receive receive_buf virtnet_poll net_rx_action The root cause of this issue is specific with the rare combination of SKB_GSO_DODGY and a tunnel device that adds an SKB_GSO_ tunnel option. SKB_GSO_DODGY is set from external virtio_net. We need to reset network header when callbacks.gso_segment() returns NULL. This patch also includes ipv6_gso_segment(), considering SIT, etc. Fixes: cb32f511a70b ("ipip: add GSO/TSO support") Signed-off-by: Tao Liu --- net/ipv4/af_inet.c | 5 ++++- net/ipv6/ip6_offload.c | 2 ++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c index 9c465ba..72fde28 100644 --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -1376,8 +1376,11 @@ struct sk_buff *inet_gso_segment(struct sk_buff *skb, } ops = rcu_dereference(inet_offloads[proto]); - if (likely(ops && ops->callbacks.gso_segment)) + if (likely(ops && ops->callbacks.gso_segment)) { segs = ops->callbacks.gso_segment(skb, features); + if (!segs) + skb->network_header = skb_mac_header(skb) + nhoff - skb->head; + } if (IS_ERR_OR_NULL(segs)) goto out; diff --git a/net/ipv6/ip6_offload.c b/net/ipv6/ip6_offload.c index b29e9ba..5f577e2 100644 --- a/net/ipv6/ip6_offload.c +++ b/net/ipv6/ip6_offload.c @@ -114,6 +114,8 @@ static struct sk_buff *ipv6_gso_segment(struct sk_buff *skb, if (likely(ops && ops->callbacks.gso_segment)) { skb_reset_transport_header(skb); segs = ops->callbacks.gso_segment(skb, features); + if (!segs) + skb->network_header = skb_mac_header(skb) + nhoff - skb->head; } if (IS_ERR_OR_NULL(segs)) -- 1.8.3.1