Received: by 2002:a05:6358:7058:b0:131:369:b2a3 with SMTP id 24csp9000113rwp; Wed, 19 Jul 2023 20:18:54 -0700 (PDT) X-Google-Smtp-Source: APBJJlHhUOCSvMdRKo39mZLtVnjNMMIFepBIgPQTEiTj24MRPLkLAlync/IPixe0lgYn2IQsEIvg X-Received: by 2002:a05:6a00:2285:b0:66c:9e97:aece with SMTP id f5-20020a056a00228500b0066c9e97aecemr4983979pfe.10.1689823134076; Wed, 19 Jul 2023 20:18:54 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1689823134; cv=none; d=google.com; s=arc-20160816; b=HtNk+U9zQ7hn3hH0gU0RdP3CQ04bMVQB9Lh4Z9P/z79d23OjBhg6qSsLWVmTcUYA3X qgeQfTh6NhdI5oXN8uFx91GxzTYevXdPw9HcPB9HxDCmjstTiQ8DsYxyQuq17s4g3hge x1W3dM87vwSY65+L3EwFm5r+I5Ex7YRcIAzrA+zRHR0F9S8WWJhziEXvXT7cueJQWL6u dQ82Dx8gjsDKbAA2+SQbOhBbUk+m1VhXC0gB8PY050FCnm74h5CR7VnmHkh4PRJfUeJt RslSfbjhps6OhIq4E5GPOiZbx3mdusliYho+dqHfoPp7bRKRtu2dqALmA8rxPviY7PYk Y40w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:cc:to:subject :message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=H6WYVWYrbXb8iJtFoUKTJHuArrTvnYpoCUNdm9ArDBU=; fh=l/A3qOx6MWyWqewAleHUPhGx4cTylZPH+Yga5k1IWaI=; b=fDBaT//UgFOaRfnmRAnPSVawa1niuRyrXrBxqdF3DFaa/u1CUzT3GaoUG3YD35jhPm O/yYC/rsgBxz9orc1fBHbqkIPHTBQ8w70BGwdrr+oYneaTR4kSLiZ7EbbVIuSKPt6oV1 z0MT987/oKe9jxA0YAMmrkJn7bEajR4/4c52bq/4dGU/28PZ2o1I4G/NReM0ksm/m2+r 5pjGzId3VoeSbLA+/V5v1d4NkVdbETIglKUQ9NvM6s8UgM5NrMNOaQrcWvzTKyEALOUD G7MoKQBqZ1wr1AyvOOHYuQcvcgWBZhT5PXmN8G4w4NF21buRjaYC9URDdKBQCvW2txGL UbfA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=vcpSq5ef; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id g4-20020a056a0023c400b0065addb172d1si4890446pfc.380.2023.07.19.20.18.42; Wed, 19 Jul 2023 20:18:54 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@cloudflare.com header.s=google header.b=vcpSq5ef; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=cloudflare.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229692AbjGTCs6 (ORCPT + 99 others); Wed, 19 Jul 2023 22:48:58 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:34720 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229529AbjGTCs5 (ORCPT ); Wed, 19 Jul 2023 22:48:57 -0400 Received: from mail-ed1-x531.google.com (mail-ed1-x531.google.com [IPv6:2a00:1450:4864:20::531]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 55ACC1FD9 for ; Wed, 19 Jul 2023 19:48:52 -0700 (PDT) Received: by mail-ed1-x531.google.com with SMTP id 4fb4d7f45d1cf-5216569f9e3so344612a12.0 for ; Wed, 19 Jul 2023 19:48:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; t=1689821330; x=1690426130; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=H6WYVWYrbXb8iJtFoUKTJHuArrTvnYpoCUNdm9ArDBU=; b=vcpSq5efiWfRoeEuQ8DIpdemJ/kEyExu1pg4fGvQDP9AqI6EHLqRkrkvQ3LzqedoQ8 +5eOgLm5sUSffZnSTGRjU1uQV80HONokEyIl5FocvTQvle3W0Ef6LmGvKPf1DRuqce6q NB/h5wq2mOhw1TW6bGfFARGLwoTv1d1x9oE90= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1689821330; x=1690426130; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=H6WYVWYrbXb8iJtFoUKTJHuArrTvnYpoCUNdm9ArDBU=; b=CnWxjk42eHKRcjs5Y27WJTAz5PY3PO8u5FetVYMhvnNdovl4E2gBo77KlBXIhkJ+Um hqr6xz/yo7j656HdHiEtO7PxigDildobwe7Lnnqy0rgRMmyed30R8jXbVfZmghuQJBG4 +b6sZlk16SVdnyAqqEc2Sczbg6aIsFjSNq2lFtTMnCQ8lR/AwPXoxKbEQb1X9cNQGIFA pTN/cMQIJV/PKVAEXLBqViOASKYQsz51ab/pR/IirmpPHmVJREFdK4lXd+0VwBaFSjkG QgcIprfhU2Rj+4HL3UKbg30ommSu+yHGTbQ1EDd1HZjdaxalTf24fkwkuLerbsLcuuGo uJoQ== X-Gm-Message-State: ABy/qLZcfwygTvP/5v66DoQW9Z4+cSmzj6YSLk7H1MGeposFlIxNDRFe PD0yCfvcGHnncZQVsbZDa9mj5mjfK2PeUPWwy+UpSA== X-Received: by 2002:a05:6402:1295:b0:51a:3159:53c7 with SMTP id w21-20020a056402129500b0051a315953c7mr3643380edv.30.1689821330554; Wed, 19 Jul 2023 19:48:50 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Yan Zhai Date: Wed, 19 Jul 2023 21:48:39 -0500 Message-ID: Subject: Re: [PATCH v2 net] bpf: do not return NET_XMIT_xxx values on bpf_redirect To: Alexei Starovoitov Cc: Network Development , kernel-team , Martin KaFai Lau , Daniel Borkmann , John Fastabend , Alexei Starovoitov , Andrii Nakryiko , Song Liu , Yonghong Song , KP Singh , Stanislav Fomichev , Hao Luo , Jiri Olsa , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , bpf , LKML , Jordan Griege Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_MED, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF, RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_NONE,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Jul 18, 2023 at 10:42=E2=80=AFPM Alexei Starovoitov wrote: > > On Tue, Jul 18, 2023 at 8:30=E2=80=AFPM Yan Zhai wro= te: > > > > skb_do_redirect handles returns error code from both rx and tx path. Th= e > > tx path codes are special, e.g. NET_XMIT_CN: they are non-negative, and > > can conflict with LWTUNNEL_XMIT_xxx values. Directly returning such cod= e > > can cause unexpected behavior. We found at least one bug that will pani= c > > the kernel through KASAN report when we are redirecting packets to a > > down or carrier-down device at lwt xmit hook: > > > > https://gist.github.com/zhaiyan920/8fbac245b261fe316a7ef04c9b1eba48 > > > > Above bug is hit because NET_XMIT_CN is returned by noop_qdisc of the > > down device, and it propagates from dev_queue_xmit all way to the lwt > > logic. The result is skb that has been freed by the qdisc continues to > > neighbor subsystem and triggers the bug. > > I'm struggling to parse the above paragraph. > Where bpf prog is installed? > Is this lwt bpf prog that returns BPF_REDIRECT ? > that redirects to netdev with noop_qdisc ? > What is the topology? > Sorry for the confusion. Mentioning noop_qdisc is an explanation of what happened. The actual trigger is simple: install a bpf program on lwt route at xmit hook. It bpf_redirect packets to a device FOO. If FOO is down or carrier-down, redirected packets will crash the kernel. > Please add a selftest to make sure we don't regress. > > Also pls mark your patch as [PATCH v3 bpf] when you respin. > Ack > > This change converts the tx code to proper errors that lwt can consume. > > > > Suggested-by: Stanislav Fomichev > > Reported-by: Jordan Griege > > Signed-off-by: Yan Zhai > > --- > > v2: coding style fix; sent to netdev instead of bpf for bug fixing. > > > > --- > > net/core/filter.c | 3 +++ > > 1 file changed, 3 insertions(+) > > > > diff --git a/net/core/filter.c b/net/core/filter.c > > index 06ba0e56e369..8738c7a4701d 100644 > > --- a/net/core/filter.c > > +++ b/net/core/filter.c > > @@ -2129,6 +2129,9 @@ static inline int __bpf_tx_skb(struct net_device = *dev, struct sk_buff *skb) > > ret =3D dev_queue_xmit(skb); > > dev_xmit_recursion_dec(); > > > > + if (unlikely(ret > 0)) > > + ret =3D net_xmit_errno(ret); > > + > > return ret; > > } > > > > -- > > 2.30.2 > > --=20 Yan