Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp614315rwp; Wed, 12 Jul 2023 20:20:54 -0700 (PDT) X-Google-Smtp-Source: APBJJlEvhOvjSPhtAOUTddUdaP+GW9oNTaMfB9q2/0it4N3gogO0wQs7OTQgH21VKN6b1ONs0+O9 X-Received: by 2002:aa7:dd0f:0:b0:51a:3159:53c7 with SMTP id i15-20020aa7dd0f000000b0051a315953c7mr551713edv.30.1689218454105; Wed, 12 Jul 2023 20:20:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689218454; cv=none; d=google.com; s=arc-20160816; b=QNfKvApAt31RJWrNCkvL4/Ilez15vHXGnkFCpzA0Ga+l/whSQxZ9L9eD9oSOVFvQFv yuXY5xbmjX+/nZneDFnFNwj71fa/pGFaAwAAnz4GqFrnaAvVpQLgbfGpr86TOci8jtSU CDiimkhKBxfsZAWZRhr/zkatSSt2+tvpzPtnZhu1T6DRxuxpUBzZ2r37t0Xh13pOnnib acTp97zBv4/TtqWLr+9mmxHKuoTC0NfgEv/erKyBcAEO77DFxmSUtdfXAVB0JMG8E163 07icwhVtvmG6ByYGbTgfeRRx+U08IN0b/2HSOZQHch4r46o3spcstmA7NpakjgO9coAx pI7A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=pcUmUBG+buBnUUKxuWUBu0zne1uUM8qt3ZmnplNd4A0=; fh=DhfsODxSlS5S7s23TKftj2PJ81YKUD0tRoJomBSNEek=; b=n7sdzOMIQ9Ha+oBFLP1gaxrF9vk8bq5PMtHdjAFVuVk6Phsl+qKDt4Ye/JPJHkLk09 yo3o4/bA5yoNE1w3YtXxv6sEHR+9h70agWoRzfAsFyyVZvpVsB7jaun5YR21P//rbdI7 JCtSoLItgLnO0fEcwxviUhBMODhRFvR1oWOr1DIebf/uG9FP/3OAqeCC9QQaTtgNj++6 z8vIV8UM9kQFwqlcid8E3oxQCuhhw7D3YKoHrw20ZelP+1W1Y6SCD0NTRlDk4zwQ0xvR +nqx3Hv6Bo/VFm5QEmYMm1WbmSaqB6NqQu8+BepLdyYEiRpzaQknSs6Lcl95EnxKnvBP FfPw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=Y9DJJuAD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id r21-20020aa7cb95000000b0051e5cb47373si6044860edt.44.2023.07.12.20.20.30; Wed, 12 Jul 2023 20:20:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=Y9DJJuAD; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233146AbjGMC5b (ORCPT + 99 others); Wed, 12 Jul 2023 22:57:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34260 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232992AbjGMC53 (ORCPT ); Wed, 12 Jul 2023 22:57:29 -0400 Received: from mail-lf1-x12b.google.com (mail-lf1-x12b.google.com [IPv6:2a00:1450:4864:20::12b]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B3E8B2111 for ; Wed, 12 Jul 2023 19:57:22 -0700 (PDT) Received: by mail-lf1-x12b.google.com with SMTP id 2adb3069b0e04-4fb77f21c63so405667e87.2 for ; Wed, 12 Jul 2023 19:57:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; t=1689217041; x=1691809041; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=pcUmUBG+buBnUUKxuWUBu0zne1uUM8qt3ZmnplNd4A0=; b=Y9DJJuADk71eDXSadrloLIiCwbXwFq8kNypgpNrRju8dSohFo5Q2QT0ycfwAVeEi6Z EsZpLzUm6hqJ3/+RD3KCEle4WDsUwsdzmXQ95Zpqf7WAf2Fck6khwamv5FB8iOzUdV0+ NQoDR0YmxBLKUJD360IuxaXZVju52JtbKkRPA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689217041; x=1691809041; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=pcUmUBG+buBnUUKxuWUBu0zne1uUM8qt3ZmnplNd4A0=; b=KjI0JDRTQlRmpBTri0u5GDgeh3BFes1VwNW6THFj+OIglgQR2mcOvcWdjLzYUgyr+X 59ypVhStWR21R/j10Mg9VKOL3cHmE4DYK/oFGaG1X2tYMH8QTDob2VSHwsRD0QfD2D5L vgRgLjXzsHTdASn6RJBbPcVt2c2WFd3gz3Ly8AL5WKlltdg7vhI9xZ/U9ztGcJaa7NaE pwwRT8K4TNQh1Np1Bkg1wquSgeKxN1efXElV0j1kaaRrKqqx26gPfkCn3Rzg6o0y2vbW J5vO1q/MyTwDahb3X5u6M0HU3QmBc19mWZyXuMkbQmPfj0k06BBFvwVw3KAl/NbJv7pQ 6RqQ== X-Gm-Message-State: ABy/qLae7B6F/86uTcXmvDE9CpZNhU8lJj+1i/bkGkNTLdiEd9cze4HJ aSGb8ZiGbrLo2llafcDSH9oBs8R+lVqu936AyKXj6Q== X-Received: by 2002:a05:6512:2315:b0:4f8:5cde:a44f with SMTP id o21-20020a056512231500b004f85cdea44fmr127793lfu.10.1689217040774; Wed, 12 Jul 2023 19:57:20 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Yan Zhai Date: Wed, 12 Jul 2023 21:57:09 -0500 Message-ID: Subject: Re: [PATCH net] gso: fix GSO_DODGY bit handling for related protocols To: Willem de Bruijn Cc: "open list:NETWORKING [TCP]" , kernel-team@cloudflare.com, Eric Dumazet , "David S. Miller" , David Ahern , Jakub Kicinski , Paolo Abeni , Marcelo Ricardo Leitner , Xin Long , Herbert Xu , Andrew Melnychenko , Jason Wang , open list , "open list:SCTP PROTOCOL" Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Jul 12, 2023 at 9:02=E2=80=AFPM Willem de Bruijn wrote: > > On Wed, Jul 12, 2023 at 9:55=E2=80=AFPM Yan Zhai wro= te: > > > > SKB_GSO_DODGY bit indicates a GSO packet comes from an untrusted source= . > > The canonical way is to recompute the gso_segs to avoid device driver > > issues. Afterwards, the DODGY bit can be removed to avoid re-check at t= he > > egress of later devices, e.g. packets can egress to a vlan device backe= d > > by a real NIC. > > > > Commit 1fd54773c267 ("udp: allow header check for dodgy GSO_UDP_L4 > > packets.") checks DODGY bit for UDP, but for packets that can be fed > > directly to the device after gso_segs reset, it actually falls through > > to fragmentation [1]. > > > > Commit 90017accff61 ("sctp: Add GSO support") and commit 3820c3f3e417 > > ("[TCP]: Reset gso_segs if packet is dodgy") both didn't remove the DOD= GY > > bit after recomputing gso_segs. > > > > This change fixes the GSO_UDP_L4 handling case, and remove the DODGY bi= t > > at other places. > > These two things should not be conflated. > > Only the USO fix is strictly needed to fix the reported issue. > It's my OCD of wanting to avoid a cover letter for two patches... Let's address just this UDP issue then this time. The removal of DODGY is in fact more suitable as RFC for small improvements. > > Fixes: 90017accff61 ("sctp: Add GSO support") > > Fixes: 3820c3f3e417 ("[TCP]: Reset gso_segs if packet is dodgy") > > Fixes: 1fd54773c267 ("udp: allow header check for dodgy GSO_UDP_L4 pack= ets.") > > Link: https://lore.kernel.org/all/CAJPywTKDdjtwkLVUW6LRA2FU912qcDmQOQGt2W= aDo28KzYDg+A@mail.gmail.com/ > > > Signed-off-by: Yan Zhai > > > > --- > > [1]: > > https://lore.kernel.org/all/CAJPywTKDdjtwkLVUW6LRA2FU912qcDmQOQGt2WaDo2= 8KzYDg+A@mail.gmail.com/ > > > > --- > > net/ipv4/tcp_offload.c | 1 + > > net/ipv4/udp_offload.c | 19 +++++++++++++++---- > > net/ipv6/udp_offload.c | 19 +++++++++++++++---- > > net/sctp/offload.c | 2 ++ > > 4 files changed, 33 insertions(+), 8 deletions(-) > > > > diff --git a/net/ipv4/tcp_offload.c b/net/ipv4/tcp_offload.c > > index 8311c38267b5..f9b93708c22e 100644 > > --- a/net/ipv4/tcp_offload.c > > +++ b/net/ipv4/tcp_offload.c > > @@ -87,6 +87,7 @@ struct sk_buff *tcp_gso_segment(struct sk_buff *skb, > > /* Packet is from an untrusted source, reset gso_segs. = */ > > > > skb_shinfo(skb)->gso_segs =3D DIV_ROUND_UP(skb->len, ms= s); > > + skb_shinfo(skb)->gso_type &=3D ~SKB_GSO_DODGY; > > > > segs =3D NULL; > > goto out; > > diff --git a/net/ipv4/udp_offload.c b/net/ipv4/udp_offload.c > > index 75aa4de5b731..bd29cf19bb6b 100644 > > --- a/net/ipv4/udp_offload.c > > +++ b/net/ipv4/udp_offload.c > > @@ -388,11 +388,22 @@ static struct sk_buff *udp4_ufo_fragment(struct s= k_buff *skb, > > if (!pskb_may_pull(skb, sizeof(struct udphdr))) > > goto out; > > > > - if (skb_shinfo(skb)->gso_type & SKB_GSO_UDP_L4 && > > - !skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) > > - return __udp_gso_segment(skb, features, false); > > - > > mss =3D skb_shinfo(skb)->gso_size; > > Why move the block below this line? > if we move the dodgy handling into __udp_gso_segment then it does not need to move below this line. > > + > > + if (skb_shinfo(skb)->gso_type & SKB_GSO_UDP_L4) { > > + if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) { > > + /* Packet is from an untrusted source, reset ac= tual gso_segs */ > > + skb_shinfo(skb)->gso_segs =3D DIV_ROUND_UP(skb-= >len - sizeof(*uh), > > + mss); > > + skb_shinfo(skb)->gso_type &=3D ~SKB_GSO_DODGY; > > + > > + segs =3D NULL; > > + goto out; > > + } else { > > + return __udp_gso_segment(skb, features, false); > > + } > > + } > > + > > The validation should take place inside __udp_gso_segment. > > Revert the previous patch to always enter that function for USO packets: > > if (skb_shinfo(skb)->gso_type & SKB_GSO_UDP_L4) > return __udp_gso_segment(skb, features, false); > > And in that function decide to return NULL after validation. > Good call, that's indeed better. Thanks > > > if (unlikely(skb->len <=3D mss)) > > goto out; > > > > diff --git a/net/ipv6/udp_offload.c b/net/ipv6/udp_offload.c > > index ad3b8726873e..6857d9f7bd06 100644 > > --- a/net/ipv6/udp_offload.c > > +++ b/net/ipv6/udp_offload.c > > @@ -43,11 +43,22 @@ static struct sk_buff *udp6_ufo_fragment(struct sk_= buff *skb, > > if (!pskb_may_pull(skb, sizeof(struct udphdr))) > > goto out; > > > > - if (skb_shinfo(skb)->gso_type & SKB_GSO_UDP_L4 && > > - !skb_gso_ok(skb, features | NETIF_F_GSO_ROBUST)) > > - return __udp_gso_segment(skb, features, true); > > - > > mss =3D skb_shinfo(skb)->gso_size; > > + > > + if (skb_shinfo(skb)->gso_type & SKB_GSO_UDP_L4) { > > + if (skb_gso_ok(skb, features | NETIF_F_GSO_ROBU= ST)) { > > + /* Packet is from an untrusted source, = reset actual gso_segs */ > > + skb_shinfo(skb)->gso_segs =3D DIV_ROUND= _UP(skb->len - sizeof(*uh), > > + = mss); > > + skb_shinfo(skb)->gso_type &=3D ~SKB_GSO= _DODGY; > > + > > + segs =3D NULL; > > + goto out; > > + } else { > > + return __udp_gso_segment(skb, features,= true); > > + } > > + } > > + > > if (unlikely(skb->len <=3D mss)) > > goto out; > > > > diff --git a/net/sctp/offload.c b/net/sctp/offload.c > > index 502095173d88..3d2b44db0d42 100644 > > --- a/net/sctp/offload.c > > +++ b/net/sctp/offload.c > > @@ -65,6 +65,8 @@ static struct sk_buff *sctp_gso_segment(struct sk_buf= f *skb, > > skb_walk_frags(skb, frag_iter) > > pinfo->gso_segs++; > > > > + pinfo->gso_type &=3D ~SKB_GSO_DODGY; > > + > > segs =3D NULL; > > goto out; > > } > > -- > > 2.30.2 > > --=20 Yan