-
-
Notifications
You must be signed in to change notification settings - Fork 1.9k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
kernel: prevent tunnel drivers from mangling fraglist GSO packets
Fixes crashes on segmenting packets, mainly when dereferencing a no longer existing fragment chain. Signed-off-by: Felix Fietkau <[email protected]>
- Loading branch information
Showing
2 changed files
with
130 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -9,7 +9,7 @@ Signed-off-by: Felix Fietkau <[email protected]> | |
|
|
||
| --- a/include/linux/netdev_features.h | ||
| +++ b/include/linux/netdev_features.h | ||
| @@ -242,10 +242,10 @@ static inline int find_next_netdev_featu | ||
| @@ -243,10 +243,10 @@ static inline int find_next_netdev_featu | ||
| #define NETIF_F_UPPER_DISABLES NETIF_F_LRO | ||
|
|
||
| /* changeable features with no special hardware requirements */ | ||
|
|
||
129 changes: 129 additions & 0 deletions
129
.../linux/generic/pending-6.6/681-net-remove-NETIF_F_GSO_FRAGLIST-from-NETIF_F_GSO_SOF.patch
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,129 @@ | ||
| From: Felix Fietkau <[email protected]> | ||
| Date: Thu, 15 Aug 2024 21:15:13 +0200 | ||
| Subject: [PATCH] net: remove NETIF_F_GSO_FRAGLIST from NETIF_F_GSO_SOFTWARE | ||
|
|
||
| Several drivers set NETIF_F_GSO_SOFTWARE, but mangle fraglist GRO packets | ||
| in a way that they can't be properly segmented anymore. | ||
| In order to properly deal with this, remove fraglist GSO from | ||
| NETIF_F_GSO_SOFTWARE and switch to NETIF_F_GSO_SOFTWARE_ALL (which includes | ||
| fraglist GSO) in places where it's safe to add. | ||
|
|
||
| Signed-off-by: Felix Fietkau <[email protected]> | ||
| --- | ||
|
|
||
| --- a/drivers/net/dummy.c | ||
| +++ b/drivers/net/dummy.c | ||
| @@ -118,7 +118,7 @@ static void dummy_setup(struct net_devic | ||
| dev->flags &= ~IFF_MULTICAST; | ||
| dev->priv_flags |= IFF_LIVE_ADDR_CHANGE | IFF_NO_QUEUE; | ||
| dev->features |= NETIF_F_SG | NETIF_F_FRAGLIST; | ||
| - dev->features |= NETIF_F_GSO_SOFTWARE; | ||
| + dev->features |= NETIF_F_GSO_SOFTWARE_ALL; | ||
| dev->features |= NETIF_F_HW_CSUM | NETIF_F_HIGHDMA | NETIF_F_LLTX; | ||
| dev->features |= NETIF_F_GSO_ENCAP_ALL; | ||
| dev->hw_features |= dev->features; | ||
| --- a/drivers/net/loopback.c | ||
| +++ b/drivers/net/loopback.c | ||
| @@ -176,7 +176,7 @@ static void gen_lo_setup(struct net_devi | ||
| dev->flags = IFF_LOOPBACK; | ||
| dev->priv_flags |= IFF_LIVE_ADDR_CHANGE | IFF_NO_QUEUE; | ||
| netif_keep_dst(dev); | ||
| - dev->hw_features = NETIF_F_GSO_SOFTWARE; | ||
| + dev->hw_features = NETIF_F_GSO_SOFTWARE_ALL; | ||
| dev->features = NETIF_F_SG | NETIF_F_FRAGLIST | ||
| | NETIF_F_GSO_SOFTWARE | ||
| | NETIF_F_HW_CSUM | ||
| --- a/drivers/net/macvlan.c | ||
| +++ b/drivers/net/macvlan.c | ||
| @@ -896,7 +896,7 @@ static int macvlan_hwtstamp_set(struct n | ||
| static struct lock_class_key macvlan_netdev_addr_lock_key; | ||
|
|
||
| #define ALWAYS_ON_OFFLOADS \ | ||
| - (NETIF_F_SG | NETIF_F_HW_CSUM | NETIF_F_GSO_SOFTWARE | \ | ||
| + (NETIF_F_SG | NETIF_F_HW_CSUM | NETIF_F_GSO_SOFTWARE_ALL | \ | ||
| NETIF_F_GSO_ROBUST | NETIF_F_GSO_ENCAP_ALL) | ||
|
|
||
| #define ALWAYS_ON_FEATURES (ALWAYS_ON_OFFLOADS | NETIF_F_LLTX) | ||
| --- a/include/linux/netdev_features.h | ||
| +++ b/include/linux/netdev_features.h | ||
| @@ -219,13 +219,14 @@ static inline int find_next_netdev_featu | ||
|
|
||
| /* List of features with software fallbacks. */ | ||
| #define NETIF_F_GSO_SOFTWARE (NETIF_F_ALL_TSO | NETIF_F_GSO_SCTP | \ | ||
| - NETIF_F_GSO_UDP_L4 | NETIF_F_GSO_FRAGLIST) | ||
| + NETIF_F_GSO_UDP_L4) | ||
| +#define NETIF_F_GSO_SOFTWARE_ALL (NETIF_F_GSO_SOFTWARE | NETIF_F_GSO_FRAGLIST) | ||
|
|
||
| /* | ||
| * If one device supports one of these features, then enable them | ||
| * for all in netdev_increment_features. | ||
| */ | ||
| -#define NETIF_F_ONE_FOR_ALL (NETIF_F_GSO_SOFTWARE | NETIF_F_GSO_ROBUST | \ | ||
| +#define NETIF_F_ONE_FOR_ALL (NETIF_F_GSO_SOFTWARE_ALL | NETIF_F_GSO_ROBUST | \ | ||
| NETIF_F_SG | NETIF_F_HIGHDMA | \ | ||
| NETIF_F_FRAGLIST | NETIF_F_VLAN_CHALLENGED) | ||
|
|
||
| --- a/net/8021q/vlan.h | ||
| +++ b/net/8021q/vlan.h | ||
| @@ -108,7 +108,7 @@ static inline netdev_features_t vlan_tnl | ||
| netdev_features_t ret; | ||
|
|
||
| ret = real_dev->hw_enc_features & | ||
| - (NETIF_F_CSUM_MASK | NETIF_F_GSO_SOFTWARE | | ||
| + (NETIF_F_CSUM_MASK | NETIF_F_GSO_SOFTWARE_ALL | | ||
| NETIF_F_GSO_ENCAP_ALL); | ||
|
|
||
| if ((ret & NETIF_F_GSO_ENCAP_ALL) && (ret & NETIF_F_CSUM_MASK)) | ||
| --- a/net/8021q/vlan_dev.c | ||
| +++ b/net/8021q/vlan_dev.c | ||
| @@ -583,7 +583,7 @@ static int vlan_dev_init(struct net_devi | ||
| dev->state |= (1 << __LINK_STATE_NOCARRIER); | ||
|
|
||
| dev->hw_features = NETIF_F_HW_CSUM | NETIF_F_SG | | ||
| - NETIF_F_FRAGLIST | NETIF_F_GSO_SOFTWARE | | ||
| + NETIF_F_FRAGLIST | NETIF_F_GSO_SOFTWARE_ALL | | ||
| NETIF_F_GSO_ENCAP_ALL | | ||
| NETIF_F_HIGHDMA | NETIF_F_SCTP_CRC | | ||
| NETIF_F_ALL_FCOE; | ||
| @@ -676,7 +676,7 @@ static netdev_features_t vlan_dev_fix_fe | ||
| if (lower_features & (NETIF_F_IP_CSUM|NETIF_F_IPV6_CSUM)) | ||
| lower_features |= NETIF_F_HW_CSUM; | ||
| features = netdev_intersect_features(features, lower_features); | ||
| - features |= old_features & (NETIF_F_SOFT_FEATURES | NETIF_F_GSO_SOFTWARE); | ||
| + features |= old_features & (NETIF_F_SOFT_FEATURES | NETIF_F_GSO_SOFTWARE_ALL); | ||
| features |= NETIF_F_LLTX; | ||
|
|
||
| return features; | ||
| --- a/net/core/sock.c | ||
| +++ b/net/core/sock.c | ||
| @@ -2449,7 +2449,7 @@ void sk_setup_caps(struct sock *sk, stru | ||
| if (sk_is_tcp(sk)) | ||
| sk->sk_route_caps |= NETIF_F_GSO; | ||
| if (sk->sk_route_caps & NETIF_F_GSO) | ||
| - sk->sk_route_caps |= NETIF_F_GSO_SOFTWARE; | ||
| + sk->sk_route_caps |= NETIF_F_GSO_SOFTWARE_ALL; | ||
| if (unlikely(sk->sk_gso_disabled)) | ||
| sk->sk_route_caps &= ~NETIF_F_GSO_MASK; | ||
| if (sk_can_gso(sk)) { | ||
| --- a/net/mac80211/ieee80211_i.h | ||
| +++ b/net/mac80211/ieee80211_i.h | ||
| @@ -1996,7 +1996,7 @@ void ieee80211_color_collision_detection | ||
| /* interface handling */ | ||
| #define MAC80211_SUPPORTED_FEATURES_TX (NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM | \ | ||
| NETIF_F_HW_CSUM | NETIF_F_SG | \ | ||
| - NETIF_F_HIGHDMA | NETIF_F_GSO_SOFTWARE | \ | ||
| + NETIF_F_HIGHDMA | NETIF_F_GSO_SOFTWARE_ALL | \ | ||
| NETIF_F_HW_TC) | ||
| #define MAC80211_SUPPORTED_FEATURES_RX (NETIF_F_RXCSUM) | ||
| #define MAC80211_SUPPORTED_FEATURES (MAC80211_SUPPORTED_FEATURES_TX | \ | ||
| --- a/net/openvswitch/vport-internal_dev.c | ||
| +++ b/net/openvswitch/vport-internal_dev.c | ||
| @@ -110,7 +110,7 @@ static void do_setup(struct net_device * | ||
|
|
||
| netdev->features = NETIF_F_LLTX | NETIF_F_SG | NETIF_F_FRAGLIST | | ||
| NETIF_F_HIGHDMA | NETIF_F_HW_CSUM | | ||
| - NETIF_F_GSO_SOFTWARE | NETIF_F_GSO_ENCAP_ALL; | ||
| + NETIF_F_GSO_SOFTWARE_ALL | NETIF_F_GSO_ENCAP_ALL; | ||
|
|
||
| netdev->vlan_features = netdev->features; | ||
| netdev->hw_enc_features = netdev->features; |