18f039428c
Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlan_process_v6_outbound() by moving the flowi6 struct used for the route lookup in an non inlined helper. ipvlan_route_v6_outbound() needs 120 bytes on the stack, immediately reclaimed. Also make sure ipvlan_process_v4_outbound() is not inlined. We might also have to lower MAX_NEST_DEV, because only syzbot uses setups with more than four stacked devices. BUG: TASK stack guard page was hit at ffffc9000e803ff8 (stack is ffffc9000e804000..ffffc9000e808000) stack guard page: 0000 [#1] SMP KASAN CPU: 0 PID: 13442 Comm: syz-executor.4 Not tainted 6.1.52-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/09/2023 RIP: 0010:kasan_check_range+0x4/0x2a0 mm/kasan/generic.c:188 Code: 48 01 c6 48 89 c7 e8 db 4e c1 03 31 c0 5d c3 cc 0f 0b eb 02 0f 0b b8 ea ff ff ff 5d c3 cc 00 00 cc cc 00 00 cc cc 55 48 89 e5 <41> 57 41 56 41 55 41 54 53 b0 01 48 85 f6 0f 84 a4 01 00 00 48 89 RSP: 0018:ffffc9000e804000 EFLAGS: 00010246 RAX: 0000000000000000 RBX: 0000000000000000 RCX: ffffffff817e5bf2 RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff887c6568 RBP: ffffc9000e804000 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: dffffc0000000001 R12: 1ffff92001d0080c R13: dffffc0000000000 R14: ffffffff87e6b100 R15: 0000000000000000 FS: 00007fd0c55826c0(0000) GS:ffff8881f6800000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: ffffc9000e803ff8 CR3: 0000000170ef7000 CR4: 00000000003506f0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: <#DF> </#DF> <TASK> [<ffffffff81f281d1>] __kasan_check_read+0x11/0x20 mm/kasan/shadow.c:31 [<ffffffff817e5bf2>] instrument_atomic_read include/linux/instrumented.h:72 [inline] [<ffffffff817e5bf2>] _test_bit include/asm-generic/bitops/instrumented-non-atomic.h:141 [inline] [<ffffffff817e5bf2>] cpumask_test_cpu include/linux/cpumask.h:506 [inline] [<ffffffff817e5bf2>] cpu_online include/linux/cpumask.h:1092 [inline] [<ffffffff817e5bf2>] trace_lock_acquire include/trace/events/lock.h:24 [inline] [<ffffffff817e5bf2>] lock_acquire+0xe2/0x590 kernel/locking/lockdep.c:5632 [<ffffffff8563221e>] rcu_lock_acquire+0x2e/0x40 include/linux/rcupdate.h:306 [<ffffffff8561464d>] rcu_read_lock include/linux/rcupdate.h:747 [inline] [<ffffffff8561464d>] ip6_pol_route+0x15d/0x1440 net/ipv6/route.c:2221 [<ffffffff85618120>] ip6_pol_route_output+0x50/0x80 net/ipv6/route.c:2606 [<ffffffff856f65b5>] pol_lookup_func include/net/ip6_fib.h:584 [inline] [<ffffffff856f65b5>] fib6_rule_lookup+0x265/0x620 net/ipv6/fib6_rules.c:116 [<ffffffff85618009>] ip6_route_output_flags_noref+0x2d9/0x3a0 net/ipv6/route.c:2638 [<ffffffff8561821a>] ip6_route_output_flags+0xca/0x340 net/ipv6/route.c:2651 [<ffffffff838bd5a3>] ip6_route_output include/net/ip6_route.h:100 [inline] [<ffffffff838bd5a3>] ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:473 [inline] [<ffffffff838bd5a3>] ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:529 [inline] [<ffffffff838bd5a3>] ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline] [<ffffffff838bd5a3>] ipvlan_queue_xmit+0xc33/0x1be0 drivers/net/ipvlan/ipvlan_core.c:677 [<ffffffff838c2909>] ipvlan_start_xmit+0x49/0x100 drivers/net/ipvlan/ipvlan_main.c:229 [<ffffffff84d03900>] netdev_start_xmit include/linux/netdevice.h:4966 [inline] [<ffffffff84d03900>] xmit_one net/core/dev.c:3644 [inline] [<ffffffff84d03900>] dev_hard_start_xmit+0x320/0x980 net/core/dev.c:3660 [<ffffffff84d080e2>] __dev_queue_xmit+0x16b2/0x3370 net/core/dev.c:4324 [<ffffffff855ce4cd>] dev_queue_xmit include/linux/netdevice.h:3067 [inline] [<ffffffff855ce4cd>] neigh_hh_output include/net/neighbour.h:529 [inline] [<ffffffff855ce4cd>] neigh_output include/net/neighbour.h:543 [inline] [<ffffffff855ce4cd>] ip6_finish_output2+0x160d/0x1ae0 net/ipv6/ip6_output.c:139 [<ffffffff855b8616>] __ip6_finish_output net/ipv6/ip6_output.c:200 [inline] [<ffffffff855b8616>] ip6_finish_output+0x6c6/0xb10 net/ipv6/ip6_output.c:211 [<ffffffff855b7e3c>] NF_HOOK_COND include/linux/netfilter.h:298 [inline] [<ffffffff855b7e3c>] ip6_output+0x2bc/0x3d0 net/ipv6/ip6_output.c:232 [<ffffffff8575d27f>] dst_output include/net/dst.h:444 [inline] [<ffffffff8575d27f>] ip6_local_out+0x10f/0x140 net/ipv6/output_core.c:161 [<ffffffff838bdae4>] ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:483 [inline] [<ffffffff838bdae4>] ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:529 [inline] [<ffffffff838bdae4>] ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline] [<ffffffff838bdae4>] ipvlan_queue_xmit+0x1174/0x1be0 drivers/net/ipvlan/ipvlan_core.c:677 [<ffffffff838c2909>] ipvlan_start_xmit+0x49/0x100 drivers/net/ipvlan/ipvlan_main.c:229 [<ffffffff84d03900>] netdev_start_xmit include/linux/netdevice.h:4966 [inline] [<ffffffff84d03900>] xmit_one net/core/dev.c:3644 [inline] [<ffffffff84d03900>] dev_hard_start_xmit+0x320/0x980 net/core/dev.c:3660 [<ffffffff84d080e2>] __dev_queue_xmit+0x16b2/0x3370 net/core/dev.c:4324 [<ffffffff855ce4cd>] dev_queue_xmit include/linux/netdevice.h:3067 [inline] [<ffffffff855ce4cd>] neigh_hh_output include/net/neighbour.h:529 [inline] [<ffffffff855ce4cd>] neigh_output include/net/neighbour.h:543 [inline] [<ffffffff855ce4cd>] ip6_finish_output2+0x160d/0x1ae0 net/ipv6/ip6_output.c:139 [<ffffffff855b8616>] __ip6_finish_output net/ipv6/ip6_output.c:200 [inline] [<ffffffff855b8616>] ip6_finish_output+0x6c6/0xb10 net/ipv6/ip6_output.c:211 [<ffffffff855b7e3c>] NF_HOOK_COND include/linux/netfilter.h:298 [inline] [<ffffffff855b7e3c>] ip6_output+0x2bc/0x3d0 net/ipv6/ip6_output.c:232 [<ffffffff8575d27f>] dst_output include/net/dst.h:444 [inline] [<ffffffff8575d27f>] ip6_local_out+0x10f/0x140 net/ipv6/output_core.c:161 [<ffffffff838bdae4>] ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:483 [inline] [<ffffffff838bdae4>] ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:529 [inline] [<ffffffff838bdae4>] ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline] [<ffffffff838bdae4>] ipvlan_queue_xmit+0x1174/0x1be0 drivers/net/ipvlan/ipvlan_core.c:677 [<ffffffff838c2909>] ipvlan_start_xmit+0x49/0x100 drivers/net/ipvlan/ipvlan_main.c:229 [<ffffffff84d03900>] netdev_start_xmit include/linux/netdevice.h:4966 [inline] [<ffffffff84d03900>] xmit_one net/core/dev.c:3644 [inline] [<ffffffff84d03900>] dev_hard_start_xmit+0x320/0x980 net/core/dev.c:3660 [<ffffffff84d080e2>] __dev_queue_xmit+0x16b2/0x3370 net/core/dev.c:4324 [<ffffffff855ce4cd>] dev_queue_xmit include/linux/netdevice.h:3067 [inline] [<ffffffff855ce4cd>] neigh_hh_output include/net/neighbour.h:529 [inline] [<ffffffff855ce4cd>] neigh_output include/net/neighbour.h:543 [inline] [<ffffffff855ce4cd>] ip6_finish_output2+0x160d/0x1ae0 net/ipv6/ip6_output.c:139 [<ffffffff855b8616>] __ip6_finish_output net/ipv6/ip6_output.c:200 [inline] [<ffffffff855b8616>] ip6_finish_output+0x6c6/0xb10 net/ipv6/ip6_output.c:211 [<ffffffff855b7e3c>] NF_HOOK_COND include/linux/netfilter.h:298 [inline] [<ffffffff855b7e3c>] ip6_output+0x2bc/0x3d0 net/ipv6/ip6_output.c:232 [<ffffffff8575d27f>] dst_output include/net/dst.h:444 [inline] [<ffffffff8575d27f>] ip6_local_out+0x10f/0x140 net/ipv6/output_core.c:161 [<ffffffff838bdae4>] ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:483 [inline] [<ffffffff838bdae4>] ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:529 [inline] [<ffffffff838bdae4>] ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline] [<ffffffff838bdae4>] ipvlan_queue_xmit+0x1174/0x1be0 drivers/net/ipvlan/ipvlan_core.c:677 [<ffffffff838c2909>] ipvlan_start_xmit+0x49/0x100 drivers/net/ipvlan/ipvlan_main.c:229 [<ffffffff84d03900>] netdev_start_xmit include/linux/netdevice.h:4966 [inline] [<ffffffff84d03900>] xmit_one net/core/dev.c:3644 [inline] [<ffffffff84d03900>] dev_hard_start_xmit+0x320/0x980 net/core/dev.c:3660 [<ffffffff84d080e2>] __dev_queue_xmit+0x16b2/0x3370 net/core/dev.c:4324 [<ffffffff855ce4cd>] dev_queue_xmit include/linux/netdevice.h:3067 [inline] [<ffffffff855ce4cd>] neigh_hh_output include/net/neighbour.h:529 [inline] [<ffffffff855ce4cd>] neigh_output include/net/neighbour.h:543 [inline] [<ffffffff855ce4cd>] ip6_finish_output2+0x160d/0x1ae0 net/ipv6/ip6_output.c:139 [<ffffffff855b8616>] __ip6_finish_output net/ipv6/ip6_output.c:200 [inline] [<ffffffff855b8616>] ip6_finish_output+0x6c6/0xb10 net/ipv6/ip6_output.c:211 [<ffffffff855b7e3c>] NF_HOOK_COND include/linux/netfilter.h:298 [inline] [<ffffffff855b7e3c>] ip6_output+0x2bc/0x3d0 net/ipv6/ip6_output.c:232 [<ffffffff8575d27f>] dst_output include/net/dst.h:444 [inline] [<ffffffff8575d27f>] ip6_local_out+0x10f/0x140 net/ipv6/output_core.c:161 [<ffffffff838bdae4>] ipvlan_process_v6_outbound drivers/net/ipvlan/ipvlan_core.c:483 [inline] [<ffffffff838bdae4>] ipvlan_process_outbound drivers/net/ipvlan/ipvlan_core.c:529 [inline] [<ffffffff838bdae4>] ipvlan_xmit_mode_l3 drivers/net/ipvlan/ipvlan_core.c:602 [inline] [<ffffffff838bdae4>] ipvlan_queue_xmit+0x1174/0x1be0 drivers/net/ipvlan/ipvlan_core.c:677 [<ffffffff838c2909>] ipvlan_start_xmit+0x49/0x100 drivers/net/ipvlan/ipvlan_main.c:229 [<ffffffff84d03900>] netdev_start_xmit include/linux/netdevice.h:4966 [inline] [<ffffffff84d03900>] xmit_one net/core/dev.c:3644 [inline] [<ffffffff84d03900>] dev_hard_start_xmit+0x320/0x980 net/core/dev.c:3660 [<ffffffff84d080e2>] __dev_queue_xmit+0x16b2/0x3370 net/core/dev.c:4324 [<ffffffff84d4a65e>] dev_queue_xmit include/linux/netdevice.h:3067 [inline] [<ffffffff84d4a65e>] neigh_resolve_output+0x64e/0x750 net/core/neighbour.c:1560 [<ffffffff855ce503>] neigh_output include/net/neighbour.h:545 [inline] [<ffffffff855ce503>] ip6_finish_output2+0x1643/0x1ae0 net/ipv6/ip6_output.c:139 [<ffffffff855b8616>] __ip6_finish_output net/ipv6/ip6_output.c:200 [inline] [<ffffffff855b8616>] ip6_finish_output+0x6c6/0xb10 net/ipv6/ip6_output.c:211 [<ffffffff855b7e3c>] NF_HOOK_COND include/linux/netfilter.h:298 [inline] [<ffffffff855b7e3c>] ip6_output+0x2bc/0x3d0 net/ipv6/ip6_output.c:232 [<ffffffff855b9ce4>] dst_output include/net/dst.h:444 [inline] [<ffffffff855b9ce4>] NF_HOOK include/linux/netfilter.h:309 [inline] [<ffffffff855b9ce4>] ip6_xmit+0x11a4/0x1b20 net/ipv6/ip6_output.c:352 [<ffffffff8597984e>] sctp_v6_xmit+0x9ae/0x1230 net/sctp/ipv6.c:250 [<ffffffff8594623e>] sctp_packet_transmit+0x25de/0x2bc0 net/sctp/output.c:653 [<ffffffff858f5142>] sctp_packet_singleton+0x202/0x310 net/sctp/outqueue.c:783 [<ffffffff858ea411>] sctp_outq_flush_ctrl net/sctp/outqueue.c:914 [inline] [<ffffffff858ea411>] sctp_outq_flush+0x661/0x3d40 net/sctp/outqueue.c:1212 [<ffffffff858f02f9>] sctp_outq_uncork+0x79/0xb0 net/sctp/outqueue.c:764 [<ffffffff8589f060>] sctp_side_effects net/sctp/sm_sideeffect.c:1199 [inline] [<ffffffff8589f060>] sctp_do_sm+0x55c0/0x5c30 net/sctp/sm_sideeffect.c:1170 [<ffffffff85941567>] sctp_primitive_ASSOCIATE+0x97/0xc0 net/sctp/primitive.c:73 [<ffffffff859408b2>] sctp_sendmsg_to_asoc+0xf62/0x17b0 net/sctp/socket.c:1839 [<ffffffff85910b5e>] sctp_sendmsg+0x212e/0x33b0 net/sctp/socket.c:2029 [<ffffffff8544d559>] inet_sendmsg+0x149/0x310 net/ipv4/af_inet.c:849 [<ffffffff84c6c4d2>] sock_sendmsg_nosec net/socket.c:716 [inline] [<ffffffff84c6c4d2>] sock_sendmsg net/socket.c:736 [inline] [<ffffffff84c6c4d2>] ____sys_sendmsg+0x572/0x8c0 net/socket.c:2504 [<ffffffff84c6ca91>] ___sys_sendmsg net/socket.c:2558 [inline] [<ffffffff84c6ca91>] __sys_sendmsg+0x271/0x360 net/socket.c:2587 [<ffffffff84c6cbff>] __do_sys_sendmsg net/socket.c:2596 [inline] [<ffffffff84c6cbff>] __se_sys_sendmsg net/socket.c:2594 [inline] [<ffffffff84c6cbff>] __x64_sys_sendmsg+0x7f/0x90 net/socket.c:2594 [<ffffffff85b32553>] do_syscall_x64 arch/x86/entry/common.c:51 [inline] [<ffffffff85b32553>] do_syscall_64+0x53/0x80 arch/x86/entry/common.c:84 [<ffffffff85c00087>] entry_SYSCALL_64_after_hwframe+0x63/0xcd Fixes: 2ad7bf363841 ("ipvlan: Initial check-in of the IPVLAN driver.") Reported-by: syzbot <syzkaller@googlegroups.com> Signed-off-by: Eric Dumazet <edumazet@google.com> Cc: Mahesh Bandewar <maheshb@google.com> Cc: Willem de Bruijn <willemb@google.com> Reviewed-by: Willem de Bruijn <willemb@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
773 lines
18 KiB
C
773 lines
18 KiB
C
// SPDX-License-Identifier: GPL-2.0-or-later
|
|
/* Copyright (c) 2014 Mahesh Bandewar <maheshb@google.com>
|
|
*/
|
|
|
|
#include "ipvlan.h"
|
|
|
|
static u32 ipvlan_jhash_secret __read_mostly;
|
|
|
|
void ipvlan_init_secret(void)
|
|
{
|
|
net_get_random_once(&ipvlan_jhash_secret, sizeof(ipvlan_jhash_secret));
|
|
}
|
|
|
|
void ipvlan_count_rx(const struct ipvl_dev *ipvlan,
|
|
unsigned int len, bool success, bool mcast)
|
|
{
|
|
if (likely(success)) {
|
|
struct ipvl_pcpu_stats *pcptr;
|
|
|
|
pcptr = this_cpu_ptr(ipvlan->pcpu_stats);
|
|
u64_stats_update_begin(&pcptr->syncp);
|
|
u64_stats_inc(&pcptr->rx_pkts);
|
|
u64_stats_add(&pcptr->rx_bytes, len);
|
|
if (mcast)
|
|
u64_stats_inc(&pcptr->rx_mcast);
|
|
u64_stats_update_end(&pcptr->syncp);
|
|
} else {
|
|
this_cpu_inc(ipvlan->pcpu_stats->rx_errs);
|
|
}
|
|
}
|
|
EXPORT_SYMBOL_GPL(ipvlan_count_rx);
|
|
|
|
#if IS_ENABLED(CONFIG_IPV6)
|
|
static u8 ipvlan_get_v6_hash(const void *iaddr)
|
|
{
|
|
const struct in6_addr *ip6_addr = iaddr;
|
|
|
|
return __ipv6_addr_jhash(ip6_addr, ipvlan_jhash_secret) &
|
|
IPVLAN_HASH_MASK;
|
|
}
|
|
#else
|
|
static u8 ipvlan_get_v6_hash(const void *iaddr)
|
|
{
|
|
return 0;
|
|
}
|
|
#endif
|
|
|
|
static u8 ipvlan_get_v4_hash(const void *iaddr)
|
|
{
|
|
const struct in_addr *ip4_addr = iaddr;
|
|
|
|
return jhash_1word(ip4_addr->s_addr, ipvlan_jhash_secret) &
|
|
IPVLAN_HASH_MASK;
|
|
}
|
|
|
|
static bool addr_equal(bool is_v6, struct ipvl_addr *addr, const void *iaddr)
|
|
{
|
|
if (!is_v6 && addr->atype == IPVL_IPV4) {
|
|
struct in_addr *i4addr = (struct in_addr *)iaddr;
|
|
|
|
return addr->ip4addr.s_addr == i4addr->s_addr;
|
|
#if IS_ENABLED(CONFIG_IPV6)
|
|
} else if (is_v6 && addr->atype == IPVL_IPV6) {
|
|
struct in6_addr *i6addr = (struct in6_addr *)iaddr;
|
|
|
|
return ipv6_addr_equal(&addr->ip6addr, i6addr);
|
|
#endif
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
static struct ipvl_addr *ipvlan_ht_addr_lookup(const struct ipvl_port *port,
|
|
const void *iaddr, bool is_v6)
|
|
{
|
|
struct ipvl_addr *addr;
|
|
u8 hash;
|
|
|
|
hash = is_v6 ? ipvlan_get_v6_hash(iaddr) :
|
|
ipvlan_get_v4_hash(iaddr);
|
|
hlist_for_each_entry_rcu(addr, &port->hlhead[hash], hlnode)
|
|
if (addr_equal(is_v6, addr, iaddr))
|
|
return addr;
|
|
return NULL;
|
|
}
|
|
|
|
void ipvlan_ht_addr_add(struct ipvl_dev *ipvlan, struct ipvl_addr *addr)
|
|
{
|
|
struct ipvl_port *port = ipvlan->port;
|
|
u8 hash;
|
|
|
|
hash = (addr->atype == IPVL_IPV6) ?
|
|
ipvlan_get_v6_hash(&addr->ip6addr) :
|
|
ipvlan_get_v4_hash(&addr->ip4addr);
|
|
if (hlist_unhashed(&addr->hlnode))
|
|
hlist_add_head_rcu(&addr->hlnode, &port->hlhead[hash]);
|
|
}
|
|
|
|
void ipvlan_ht_addr_del(struct ipvl_addr *addr)
|
|
{
|
|
hlist_del_init_rcu(&addr->hlnode);
|
|
}
|
|
|
|
struct ipvl_addr *ipvlan_find_addr(const struct ipvl_dev *ipvlan,
|
|
const void *iaddr, bool is_v6)
|
|
{
|
|
struct ipvl_addr *addr, *ret = NULL;
|
|
|
|
rcu_read_lock();
|
|
list_for_each_entry_rcu(addr, &ipvlan->addrs, anode) {
|
|
if (addr_equal(is_v6, addr, iaddr)) {
|
|
ret = addr;
|
|
break;
|
|
}
|
|
}
|
|
rcu_read_unlock();
|
|
return ret;
|
|
}
|
|
|
|
bool ipvlan_addr_busy(struct ipvl_port *port, void *iaddr, bool is_v6)
|
|
{
|
|
struct ipvl_dev *ipvlan;
|
|
bool ret = false;
|
|
|
|
rcu_read_lock();
|
|
list_for_each_entry_rcu(ipvlan, &port->ipvlans, pnode) {
|
|
if (ipvlan_find_addr(ipvlan, iaddr, is_v6)) {
|
|
ret = true;
|
|
break;
|
|
}
|
|
}
|
|
rcu_read_unlock();
|
|
return ret;
|
|
}
|
|
|
|
void *ipvlan_get_L3_hdr(struct ipvl_port *port, struct sk_buff *skb, int *type)
|
|
{
|
|
void *lyr3h = NULL;
|
|
|
|
switch (skb->protocol) {
|
|
case htons(ETH_P_ARP): {
|
|
struct arphdr *arph;
|
|
|
|
if (unlikely(!pskb_may_pull(skb, arp_hdr_len(port->dev))))
|
|
return NULL;
|
|
|
|
arph = arp_hdr(skb);
|
|
*type = IPVL_ARP;
|
|
lyr3h = arph;
|
|
break;
|
|
}
|
|
case htons(ETH_P_IP): {
|
|
u32 pktlen;
|
|
struct iphdr *ip4h;
|
|
|
|
if (unlikely(!pskb_may_pull(skb, sizeof(*ip4h))))
|
|
return NULL;
|
|
|
|
ip4h = ip_hdr(skb);
|
|
pktlen = skb_ip_totlen(skb);
|
|
if (ip4h->ihl < 5 || ip4h->version != 4)
|
|
return NULL;
|
|
if (skb->len < pktlen || pktlen < (ip4h->ihl * 4))
|
|
return NULL;
|
|
|
|
*type = IPVL_IPV4;
|
|
lyr3h = ip4h;
|
|
break;
|
|
}
|
|
#if IS_ENABLED(CONFIG_IPV6)
|
|
case htons(ETH_P_IPV6): {
|
|
struct ipv6hdr *ip6h;
|
|
|
|
if (unlikely(!pskb_may_pull(skb, sizeof(*ip6h))))
|
|
return NULL;
|
|
|
|
ip6h = ipv6_hdr(skb);
|
|
if (ip6h->version != 6)
|
|
return NULL;
|
|
|
|
*type = IPVL_IPV6;
|
|
lyr3h = ip6h;
|
|
/* Only Neighbour Solicitation pkts need different treatment */
|
|
if (ipv6_addr_any(&ip6h->saddr) &&
|
|
ip6h->nexthdr == NEXTHDR_ICMP) {
|
|
struct icmp6hdr *icmph;
|
|
|
|
if (unlikely(!pskb_may_pull(skb, sizeof(*ip6h) + sizeof(*icmph))))
|
|
return NULL;
|
|
|
|
ip6h = ipv6_hdr(skb);
|
|
icmph = (struct icmp6hdr *)(ip6h + 1);
|
|
|
|
if (icmph->icmp6_type == NDISC_NEIGHBOUR_SOLICITATION) {
|
|
/* Need to access the ipv6 address in body */
|
|
if (unlikely(!pskb_may_pull(skb, sizeof(*ip6h) + sizeof(*icmph)
|
|
+ sizeof(struct in6_addr))))
|
|
return NULL;
|
|
|
|
ip6h = ipv6_hdr(skb);
|
|
icmph = (struct icmp6hdr *)(ip6h + 1);
|
|
}
|
|
|
|
*type = IPVL_ICMPV6;
|
|
lyr3h = icmph;
|
|
}
|
|
break;
|
|
}
|
|
#endif
|
|
default:
|
|
return NULL;
|
|
}
|
|
|
|
return lyr3h;
|
|
}
|
|
|
|
unsigned int ipvlan_mac_hash(const unsigned char *addr)
|
|
{
|
|
u32 hash = jhash_1word(__get_unaligned_cpu32(addr+2),
|
|
ipvlan_jhash_secret);
|
|
|
|
return hash & IPVLAN_MAC_FILTER_MASK;
|
|
}
|
|
|
|
void ipvlan_process_multicast(struct work_struct *work)
|
|
{
|
|
struct ipvl_port *port = container_of(work, struct ipvl_port, wq);
|
|
struct ethhdr *ethh;
|
|
struct ipvl_dev *ipvlan;
|
|
struct sk_buff *skb, *nskb;
|
|
struct sk_buff_head list;
|
|
unsigned int len;
|
|
unsigned int mac_hash;
|
|
int ret;
|
|
u8 pkt_type;
|
|
bool tx_pkt;
|
|
|
|
__skb_queue_head_init(&list);
|
|
|
|
spin_lock_bh(&port->backlog.lock);
|
|
skb_queue_splice_tail_init(&port->backlog, &list);
|
|
spin_unlock_bh(&port->backlog.lock);
|
|
|
|
while ((skb = __skb_dequeue(&list)) != NULL) {
|
|
struct net_device *dev = skb->dev;
|
|
bool consumed = false;
|
|
|
|
ethh = eth_hdr(skb);
|
|
tx_pkt = IPVL_SKB_CB(skb)->tx_pkt;
|
|
mac_hash = ipvlan_mac_hash(ethh->h_dest);
|
|
|
|
if (ether_addr_equal(ethh->h_dest, port->dev->broadcast))
|
|
pkt_type = PACKET_BROADCAST;
|
|
else
|
|
pkt_type = PACKET_MULTICAST;
|
|
|
|
rcu_read_lock();
|
|
list_for_each_entry_rcu(ipvlan, &port->ipvlans, pnode) {
|
|
if (tx_pkt && (ipvlan->dev == skb->dev))
|
|
continue;
|
|
if (!test_bit(mac_hash, ipvlan->mac_filters))
|
|
continue;
|
|
if (!(ipvlan->dev->flags & IFF_UP))
|
|
continue;
|
|
ret = NET_RX_DROP;
|
|
len = skb->len + ETH_HLEN;
|
|
nskb = skb_clone(skb, GFP_ATOMIC);
|
|
local_bh_disable();
|
|
if (nskb) {
|
|
consumed = true;
|
|
nskb->pkt_type = pkt_type;
|
|
nskb->dev = ipvlan->dev;
|
|
if (tx_pkt)
|
|
ret = dev_forward_skb(ipvlan->dev, nskb);
|
|
else
|
|
ret = netif_rx(nskb);
|
|
}
|
|
ipvlan_count_rx(ipvlan, len, ret == NET_RX_SUCCESS, true);
|
|
local_bh_enable();
|
|
}
|
|
rcu_read_unlock();
|
|
|
|
if (tx_pkt) {
|
|
/* If the packet originated here, send it out. */
|
|
skb->dev = port->dev;
|
|
skb->pkt_type = pkt_type;
|
|
dev_queue_xmit(skb);
|
|
} else {
|
|
if (consumed)
|
|
consume_skb(skb);
|
|
else
|
|
kfree_skb(skb);
|
|
}
|
|
dev_put(dev);
|
|
cond_resched();
|
|
}
|
|
}
|
|
|
|
static void ipvlan_skb_crossing_ns(struct sk_buff *skb, struct net_device *dev)
|
|
{
|
|
bool xnet = true;
|
|
|
|
if (dev)
|
|
xnet = !net_eq(dev_net(skb->dev), dev_net(dev));
|
|
|
|
skb_scrub_packet(skb, xnet);
|
|
if (dev)
|
|
skb->dev = dev;
|
|
}
|
|
|
|
static int ipvlan_rcv_frame(struct ipvl_addr *addr, struct sk_buff **pskb,
|
|
bool local)
|
|
{
|
|
struct ipvl_dev *ipvlan = addr->master;
|
|
struct net_device *dev = ipvlan->dev;
|
|
unsigned int len;
|
|
rx_handler_result_t ret = RX_HANDLER_CONSUMED;
|
|
bool success = false;
|
|
struct sk_buff *skb = *pskb;
|
|
|
|
len = skb->len + ETH_HLEN;
|
|
/* Only packets exchanged between two local slaves need to have
|
|
* device-up check as well as skb-share check.
|
|
*/
|
|
if (local) {
|
|
if (unlikely(!(dev->flags & IFF_UP))) {
|
|
kfree_skb(skb);
|
|
goto out;
|
|
}
|
|
|
|
skb = skb_share_check(skb, GFP_ATOMIC);
|
|
if (!skb)
|
|
goto out;
|
|
|
|
*pskb = skb;
|
|
}
|
|
|
|
if (local) {
|
|
skb->pkt_type = PACKET_HOST;
|
|
if (dev_forward_skb(ipvlan->dev, skb) == NET_RX_SUCCESS)
|
|
success = true;
|
|
} else {
|
|
skb->dev = dev;
|
|
ret = RX_HANDLER_ANOTHER;
|
|
success = true;
|
|
}
|
|
|
|
out:
|
|
ipvlan_count_rx(ipvlan, len, success, false);
|
|
return ret;
|
|
}
|
|
|
|
struct ipvl_addr *ipvlan_addr_lookup(struct ipvl_port *port, void *lyr3h,
|
|
int addr_type, bool use_dest)
|
|
{
|
|
struct ipvl_addr *addr = NULL;
|
|
|
|
switch (addr_type) {
|
|
#if IS_ENABLED(CONFIG_IPV6)
|
|
case IPVL_IPV6: {
|
|
struct ipv6hdr *ip6h;
|
|
struct in6_addr *i6addr;
|
|
|
|
ip6h = (struct ipv6hdr *)lyr3h;
|
|
i6addr = use_dest ? &ip6h->daddr : &ip6h->saddr;
|
|
addr = ipvlan_ht_addr_lookup(port, i6addr, true);
|
|
break;
|
|
}
|
|
case IPVL_ICMPV6: {
|
|
struct nd_msg *ndmh;
|
|
struct in6_addr *i6addr;
|
|
|
|
/* Make sure that the NeighborSolicitation ICMPv6 packets
|
|
* are handled to avoid DAD issue.
|
|
*/
|
|
ndmh = (struct nd_msg *)lyr3h;
|
|
if (ndmh->icmph.icmp6_type == NDISC_NEIGHBOUR_SOLICITATION) {
|
|
i6addr = &ndmh->target;
|
|
addr = ipvlan_ht_addr_lookup(port, i6addr, true);
|
|
}
|
|
break;
|
|
}
|
|
#endif
|
|
case IPVL_IPV4: {
|
|
struct iphdr *ip4h;
|
|
__be32 *i4addr;
|
|
|
|
ip4h = (struct iphdr *)lyr3h;
|
|
i4addr = use_dest ? &ip4h->daddr : &ip4h->saddr;
|
|
addr = ipvlan_ht_addr_lookup(port, i4addr, false);
|
|
break;
|
|
}
|
|
case IPVL_ARP: {
|
|
struct arphdr *arph;
|
|
unsigned char *arp_ptr;
|
|
__be32 dip;
|
|
|
|
arph = (struct arphdr *)lyr3h;
|
|
arp_ptr = (unsigned char *)(arph + 1);
|
|
if (use_dest)
|
|
arp_ptr += (2 * port->dev->addr_len) + 4;
|
|
else
|
|
arp_ptr += port->dev->addr_len;
|
|
|
|
memcpy(&dip, arp_ptr, 4);
|
|
addr = ipvlan_ht_addr_lookup(port, &dip, false);
|
|
break;
|
|
}
|
|
}
|
|
|
|
return addr;
|
|
}
|
|
|
|
static noinline_for_stack int ipvlan_process_v4_outbound(struct sk_buff *skb)
|
|
{
|
|
const struct iphdr *ip4h = ip_hdr(skb);
|
|
struct net_device *dev = skb->dev;
|
|
struct net *net = dev_net(dev);
|
|
struct rtable *rt;
|
|
int err, ret = NET_XMIT_DROP;
|
|
struct flowi4 fl4 = {
|
|
.flowi4_oif = dev->ifindex,
|
|
.flowi4_tos = RT_TOS(ip4h->tos),
|
|
.flowi4_flags = FLOWI_FLAG_ANYSRC,
|
|
.flowi4_mark = skb->mark,
|
|
.daddr = ip4h->daddr,
|
|
.saddr = ip4h->saddr,
|
|
};
|
|
|
|
rt = ip_route_output_flow(net, &fl4, NULL);
|
|
if (IS_ERR(rt))
|
|
goto err;
|
|
|
|
if (rt->rt_type != RTN_UNICAST && rt->rt_type != RTN_LOCAL) {
|
|
ip_rt_put(rt);
|
|
goto err;
|
|
}
|
|
skb_dst_set(skb, &rt->dst);
|
|
|
|
memset(IPCB(skb), 0, sizeof(*IPCB(skb)));
|
|
|
|
err = ip_local_out(net, skb->sk, skb);
|
|
if (unlikely(net_xmit_eval(err)))
|
|
DEV_STATS_INC(dev, tx_errors);
|
|
else
|
|
ret = NET_XMIT_SUCCESS;
|
|
goto out;
|
|
err:
|
|
DEV_STATS_INC(dev, tx_errors);
|
|
kfree_skb(skb);
|
|
out:
|
|
return ret;
|
|
}
|
|
|
|
#if IS_ENABLED(CONFIG_IPV6)
|
|
|
|
static noinline_for_stack int
|
|
ipvlan_route_v6_outbound(struct net_device *dev, struct sk_buff *skb)
|
|
{
|
|
const struct ipv6hdr *ip6h = ipv6_hdr(skb);
|
|
struct flowi6 fl6 = {
|
|
.flowi6_oif = dev->ifindex,
|
|
.daddr = ip6h->daddr,
|
|
.saddr = ip6h->saddr,
|
|
.flowi6_flags = FLOWI_FLAG_ANYSRC,
|
|
.flowlabel = ip6_flowinfo(ip6h),
|
|
.flowi6_mark = skb->mark,
|
|
.flowi6_proto = ip6h->nexthdr,
|
|
};
|
|
struct dst_entry *dst;
|
|
int err;
|
|
|
|
dst = ip6_route_output(dev_net(dev), NULL, &fl6);
|
|
err = dst->error;
|
|
if (err) {
|
|
dst_release(dst);
|
|
return err;
|
|
}
|
|
skb_dst_set(skb, dst);
|
|
return 0;
|
|
}
|
|
|
|
static int ipvlan_process_v6_outbound(struct sk_buff *skb)
|
|
{
|
|
struct net_device *dev = skb->dev;
|
|
int err, ret = NET_XMIT_DROP;
|
|
|
|
err = ipvlan_route_v6_outbound(dev, skb);
|
|
if (unlikely(err)) {
|
|
DEV_STATS_INC(dev, tx_errors);
|
|
kfree_skb(skb);
|
|
return err;
|
|
}
|
|
|
|
memset(IP6CB(skb), 0, sizeof(*IP6CB(skb)));
|
|
|
|
err = ip6_local_out(dev_net(dev), skb->sk, skb);
|
|
if (unlikely(net_xmit_eval(err)))
|
|
DEV_STATS_INC(dev, tx_errors);
|
|
else
|
|
ret = NET_XMIT_SUCCESS;
|
|
return ret;
|
|
}
|
|
#else
|
|
static int ipvlan_process_v6_outbound(struct sk_buff *skb)
|
|
{
|
|
return NET_XMIT_DROP;
|
|
}
|
|
#endif
|
|
|
|
static int ipvlan_process_outbound(struct sk_buff *skb)
|
|
{
|
|
int ret = NET_XMIT_DROP;
|
|
|
|
/* The ipvlan is a pseudo-L2 device, so the packets that we receive
|
|
* will have L2; which need to discarded and processed further
|
|
* in the net-ns of the main-device.
|
|
*/
|
|
if (skb_mac_header_was_set(skb)) {
|
|
/* In this mode we dont care about
|
|
* multicast and broadcast traffic */
|
|
struct ethhdr *ethh = eth_hdr(skb);
|
|
|
|
if (is_multicast_ether_addr(ethh->h_dest)) {
|
|
pr_debug_ratelimited(
|
|
"Dropped {multi|broad}cast of type=[%x]\n",
|
|
ntohs(skb->protocol));
|
|
kfree_skb(skb);
|
|
goto out;
|
|
}
|
|
|
|
skb_pull(skb, sizeof(*ethh));
|
|
skb->mac_header = (typeof(skb->mac_header))~0U;
|
|
skb_reset_network_header(skb);
|
|
}
|
|
|
|
if (skb->protocol == htons(ETH_P_IPV6))
|
|
ret = ipvlan_process_v6_outbound(skb);
|
|
else if (skb->protocol == htons(ETH_P_IP))
|
|
ret = ipvlan_process_v4_outbound(skb);
|
|
else {
|
|
pr_warn_ratelimited("Dropped outbound packet type=%x\n",
|
|
ntohs(skb->protocol));
|
|
kfree_skb(skb);
|
|
}
|
|
out:
|
|
return ret;
|
|
}
|
|
|
|
static void ipvlan_multicast_enqueue(struct ipvl_port *port,
|
|
struct sk_buff *skb, bool tx_pkt)
|
|
{
|
|
if (skb->protocol == htons(ETH_P_PAUSE)) {
|
|
kfree_skb(skb);
|
|
return;
|
|
}
|
|
|
|
/* Record that the deferred packet is from TX or RX path. By
|
|
* looking at mac-addresses on packet will lead to erronus decisions.
|
|
* (This would be true for a loopback-mode on master device or a
|
|
* hair-pin mode of the switch.)
|
|
*/
|
|
IPVL_SKB_CB(skb)->tx_pkt = tx_pkt;
|
|
|
|
spin_lock(&port->backlog.lock);
|
|
if (skb_queue_len(&port->backlog) < IPVLAN_QBACKLOG_LIMIT) {
|
|
dev_hold(skb->dev);
|
|
__skb_queue_tail(&port->backlog, skb);
|
|
spin_unlock(&port->backlog.lock);
|
|
schedule_work(&port->wq);
|
|
} else {
|
|
spin_unlock(&port->backlog.lock);
|
|
dev_core_stats_rx_dropped_inc(skb->dev);
|
|
kfree_skb(skb);
|
|
}
|
|
}
|
|
|
|
static int ipvlan_xmit_mode_l3(struct sk_buff *skb, struct net_device *dev)
|
|
{
|
|
const struct ipvl_dev *ipvlan = netdev_priv(dev);
|
|
void *lyr3h;
|
|
struct ipvl_addr *addr;
|
|
int addr_type;
|
|
|
|
lyr3h = ipvlan_get_L3_hdr(ipvlan->port, skb, &addr_type);
|
|
if (!lyr3h)
|
|
goto out;
|
|
|
|
if (!ipvlan_is_vepa(ipvlan->port)) {
|
|
addr = ipvlan_addr_lookup(ipvlan->port, lyr3h, addr_type, true);
|
|
if (addr) {
|
|
if (ipvlan_is_private(ipvlan->port)) {
|
|
consume_skb(skb);
|
|
return NET_XMIT_DROP;
|
|
}
|
|
ipvlan_rcv_frame(addr, &skb, true);
|
|
return NET_XMIT_SUCCESS;
|
|
}
|
|
}
|
|
out:
|
|
ipvlan_skb_crossing_ns(skb, ipvlan->phy_dev);
|
|
return ipvlan_process_outbound(skb);
|
|
}
|
|
|
|
static int ipvlan_xmit_mode_l2(struct sk_buff *skb, struct net_device *dev)
|
|
{
|
|
const struct ipvl_dev *ipvlan = netdev_priv(dev);
|
|
struct ethhdr *eth = skb_eth_hdr(skb);
|
|
struct ipvl_addr *addr;
|
|
void *lyr3h;
|
|
int addr_type;
|
|
|
|
if (!ipvlan_is_vepa(ipvlan->port) &&
|
|
ether_addr_equal(eth->h_dest, eth->h_source)) {
|
|
lyr3h = ipvlan_get_L3_hdr(ipvlan->port, skb, &addr_type);
|
|
if (lyr3h) {
|
|
addr = ipvlan_addr_lookup(ipvlan->port, lyr3h, addr_type, true);
|
|
if (addr) {
|
|
if (ipvlan_is_private(ipvlan->port)) {
|
|
consume_skb(skb);
|
|
return NET_XMIT_DROP;
|
|
}
|
|
ipvlan_rcv_frame(addr, &skb, true);
|
|
return NET_XMIT_SUCCESS;
|
|
}
|
|
}
|
|
skb = skb_share_check(skb, GFP_ATOMIC);
|
|
if (!skb)
|
|
return NET_XMIT_DROP;
|
|
|
|
/* Packet definitely does not belong to any of the
|
|
* virtual devices, but the dest is local. So forward
|
|
* the skb for the main-dev. At the RX side we just return
|
|
* RX_PASS for it to be processed further on the stack.
|
|
*/
|
|
dev_forward_skb(ipvlan->phy_dev, skb);
|
|
return NET_XMIT_SUCCESS;
|
|
|
|
} else if (is_multicast_ether_addr(eth->h_dest)) {
|
|
skb_reset_mac_header(skb);
|
|
ipvlan_skb_crossing_ns(skb, NULL);
|
|
ipvlan_multicast_enqueue(ipvlan->port, skb, true);
|
|
return NET_XMIT_SUCCESS;
|
|
}
|
|
|
|
skb->dev = ipvlan->phy_dev;
|
|
return dev_queue_xmit(skb);
|
|
}
|
|
|
|
int ipvlan_queue_xmit(struct sk_buff *skb, struct net_device *dev)
|
|
{
|
|
struct ipvl_dev *ipvlan = netdev_priv(dev);
|
|
struct ipvl_port *port = ipvlan_port_get_rcu_bh(ipvlan->phy_dev);
|
|
|
|
if (!port)
|
|
goto out;
|
|
|
|
if (unlikely(!pskb_may_pull(skb, sizeof(struct ethhdr))))
|
|
goto out;
|
|
|
|
switch(port->mode) {
|
|
case IPVLAN_MODE_L2:
|
|
return ipvlan_xmit_mode_l2(skb, dev);
|
|
case IPVLAN_MODE_L3:
|
|
#ifdef CONFIG_IPVLAN_L3S
|
|
case IPVLAN_MODE_L3S:
|
|
#endif
|
|
return ipvlan_xmit_mode_l3(skb, dev);
|
|
}
|
|
|
|
/* Should not reach here */
|
|
WARN_ONCE(true, "%s called for mode = [%x]\n", __func__, port->mode);
|
|
out:
|
|
kfree_skb(skb);
|
|
return NET_XMIT_DROP;
|
|
}
|
|
|
|
static bool ipvlan_external_frame(struct sk_buff *skb, struct ipvl_port *port)
|
|
{
|
|
struct ethhdr *eth = eth_hdr(skb);
|
|
struct ipvl_addr *addr;
|
|
void *lyr3h;
|
|
int addr_type;
|
|
|
|
if (ether_addr_equal(eth->h_source, skb->dev->dev_addr)) {
|
|
lyr3h = ipvlan_get_L3_hdr(port, skb, &addr_type);
|
|
if (!lyr3h)
|
|
return true;
|
|
|
|
addr = ipvlan_addr_lookup(port, lyr3h, addr_type, false);
|
|
if (addr)
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
static rx_handler_result_t ipvlan_handle_mode_l3(struct sk_buff **pskb,
|
|
struct ipvl_port *port)
|
|
{
|
|
void *lyr3h;
|
|
int addr_type;
|
|
struct ipvl_addr *addr;
|
|
struct sk_buff *skb = *pskb;
|
|
rx_handler_result_t ret = RX_HANDLER_PASS;
|
|
|
|
lyr3h = ipvlan_get_L3_hdr(port, skb, &addr_type);
|
|
if (!lyr3h)
|
|
goto out;
|
|
|
|
addr = ipvlan_addr_lookup(port, lyr3h, addr_type, true);
|
|
if (addr)
|
|
ret = ipvlan_rcv_frame(addr, pskb, false);
|
|
|
|
out:
|
|
return ret;
|
|
}
|
|
|
|
static rx_handler_result_t ipvlan_handle_mode_l2(struct sk_buff **pskb,
|
|
struct ipvl_port *port)
|
|
{
|
|
struct sk_buff *skb = *pskb;
|
|
struct ethhdr *eth = eth_hdr(skb);
|
|
rx_handler_result_t ret = RX_HANDLER_PASS;
|
|
|
|
if (is_multicast_ether_addr(eth->h_dest)) {
|
|
if (ipvlan_external_frame(skb, port)) {
|
|
struct sk_buff *nskb = skb_clone(skb, GFP_ATOMIC);
|
|
|
|
/* External frames are queued for device local
|
|
* distribution, but a copy is given to master
|
|
* straight away to avoid sending duplicates later
|
|
* when work-queue processes this frame. This is
|
|
* achieved by returning RX_HANDLER_PASS.
|
|
*/
|
|
if (nskb) {
|
|
ipvlan_skb_crossing_ns(nskb, NULL);
|
|
ipvlan_multicast_enqueue(port, nskb, false);
|
|
}
|
|
}
|
|
} else {
|
|
/* Perform like l3 mode for non-multicast packet */
|
|
ret = ipvlan_handle_mode_l3(pskb, port);
|
|
}
|
|
|
|
return ret;
|
|
}
|
|
|
|
rx_handler_result_t ipvlan_handle_frame(struct sk_buff **pskb)
|
|
{
|
|
struct sk_buff *skb = *pskb;
|
|
struct ipvl_port *port = ipvlan_port_get_rcu(skb->dev);
|
|
|
|
if (!port)
|
|
return RX_HANDLER_PASS;
|
|
|
|
switch (port->mode) {
|
|
case IPVLAN_MODE_L2:
|
|
return ipvlan_handle_mode_l2(pskb, port);
|
|
case IPVLAN_MODE_L3:
|
|
return ipvlan_handle_mode_l3(pskb, port);
|
|
#ifdef CONFIG_IPVLAN_L3S
|
|
case IPVLAN_MODE_L3S:
|
|
return RX_HANDLER_PASS;
|
|
#endif
|
|
}
|
|
|
|
/* Should not reach here */
|
|
WARN_ONCE(true, "%s called for mode = [%x]\n", __func__, port->mode);
|
|
kfree_skb(skb);
|
|
return RX_HANDLER_CONSUMED;
|
|
}
|