From patchwork Sat Jun 19 13:33:04 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Woodhouse X-Patchwork-Id: 464234 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.3 required=3.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, HEADER_FROM_DIFFERENT_DOMAINS, INCLUDES_CR_TRAILER, INCLUDES_PATCH, MAILING_LIST_MULTI, SPF_HELO_NONE, SPF_PASS, USER_AGENT_SANE_2 autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 93D8BC2B9F4 for ; Sat, 19 Jun 2021 13:33:16 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 6A1246135A for ; Sat, 19 Jun 2021 13:33:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S234300AbhFSNfZ (ORCPT ); Sat, 19 Jun 2021 09:35:25 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:40210 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234262AbhFSNfX (ORCPT ); Sat, 19 Jun 2021 09:35:23 -0400 Received: from bombadil.infradead.org (bombadil.infradead.org [IPv6:2607:7c80:54:e::133]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 41E98C061574 for ; Sat, 19 Jun 2021 06:33:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=bombadil.20210309; h=Mime-Version:Content-Type:Date:Cc:To: From:Subject:Message-ID:Sender:Reply-To:Content-Transfer-Encoding:Content-ID: Content-Description:In-Reply-To:References; bh=+wmEC5cj3eQG19iKl2wZKKGtJDAMZHW6C/R4ejQoPb8=; b=2e1oyiKpCsDGYqdvGP7ImzBy+p QqQn88lGj8vE2qJlKXycVbwVOYIQ0huJWNqSJMVs7TJ6bUqZLWG8GqTQRmE46LogHT85GVCE+wU8a 4qrdJgYcODkgW2OJHljdBCrNeX2oSameb7bojpTldQnYajwVLtcfIo73eUe6pmsWfgDspGa4CJTZf ICM4vkG72k2VjpN7wt/8WXzX9+Dzzj2NCtZy1GT+2tEK3+SZ5rKfaD0y1/488AbgmScmwCydKYH25 9rprJrIlSMlDMv0xA9/9stBy9cb6/XWFozkDkMUb7zZqolVmOlM/y4fGIzf3NLYUaT0TtsTm2oK7e kgJ+88gQ==; Received: from [2001:8b0:10b:1::3ae] (helo=u3832b3a9db3152.ant.amazon.com) by bombadil.infradead.org with esmtpsa (Exim 4.94.2 #2 (Red Hat Linux)) id 1lub5u-00H3fB-D7; Sat, 19 Jun 2021 13:33:07 +0000 Message-ID: <03ee62602dd7b7101f78e0802249a6e2e4c10b7f.camel@infradead.org> Subject: [PATCH] net: tun: fix tun_xdp_one() for IFF_TUN mode From: David Woodhouse To: netdev Cc: Jason Wang Date: Sat, 19 Jun 2021 14:33:04 +0100 X-Mailer: Evolution 3.28.5-0ubuntu0.18.04.2 Mime-Version: 1.0 X-SRS-Rewrite: SMTP reverse-path rewritten from by bombadil.infradead.org. See http://www.infradead.org/rpr.html Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org From: David Woodhouse In tun_get_user(), skb->protocol is either taken from the tun_pi header or inferred from the first byte of the packet in IFF_TUN mode, while eth_type_trans() is called only in the IFF_TAP mode where the payload is expected to be an Ethernet frame. The alternative path in tun_xdp_one() was unconditionally using eth_type_trans(), which corrupts packets in IFF_TUN mode. Fix it to do the correct thing for IFF_TUN mode, as tun_get_user() does. Signed-off-by: David Woodhouse Fixes: 043d222f93ab ("tuntap: accept an array of XDP buffs through sendmsg()") Signed-off-by: Jason Wang Acked-by: Jason Wang --- How is my userspace application going to know that the kernel has this fix? Should we add a flag to TUN_FEATURES to show that vhost-net in *IFF_TUN* mode is supported? drivers/net/tun.c | 44 +++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 43 insertions(+), 1 deletion(-) diff --git a/drivers/net/tun.c b/drivers/net/tun.c index 4cf38be26dc9..f812dcdc640e 100644 --- a/drivers/net/tun.c +++ b/drivers/net/tun.c @@ -2394,8 +2394,50 @@ static int tun_xdp_one(struct tun_struct *tun, err = -EINVAL; goto out; } + switch (tun->flags & TUN_TYPE_MASK) { + case IFF_TUN: + if (tun->flags & IFF_NO_PI) { + u8 ip_version = skb->len ? (skb->data[0] >> 4) : 0; + + switch (ip_version) { + case 4: + skb->protocol = htons(ETH_P_IP); + break; + case 6: + skb->protocol = htons(ETH_P_IPV6); + break; + default: + atomic_long_inc(&tun->dev->rx_dropped); + kfree_skb(skb); + err = -EINVAL; + goto out; + } + } else { + struct tun_pi *pi = (struct tun_pi *)skb->data; + if (!pskb_may_pull(skb, sizeof(*pi))) { + atomic_long_inc(&tun->dev->rx_dropped); + kfree_skb(skb); + err = -ENOMEM; + goto out; + } + skb_pull_inline(skb, sizeof(*pi)); + skb->protocol = pi->proto; + } + + skb_reset_mac_header(skb); + skb->dev = tun->dev; + break; + case IFF_TAP: + if (!pskb_may_pull(skb, ETH_HLEN)) { + atomic_long_inc(&tun->dev->rx_dropped); + kfree_skb(skb); + err = -ENOMEM; + goto out; + } + skb->protocol = eth_type_trans(skb, tun->dev); + break; + } - skb->protocol = eth_type_trans(skb, tun->dev); skb_reset_network_header(skb); skb_probe_transport_header(skb); skb_record_rx_queue(skb, tfile->queue_index);