lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 5 Jun 2017 18:17:24 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org, Toshiaki Makita <makita.toshiaki@....ntt.co.jp>, Michal Kubecek <mkubecek@...e.cz>, Vladislav Yasevich <vyasevic@...hat.com>, "David S. Miller" <davem@...emloft.net> Subject: [PATCH 4.4 26/53] vlan: Fix tcp checksum offloads in Q-in-Q vlans 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: Vlad Yasevich <vyasevich@...il.com> commit 35d2f80b07bbe03fb358afb0bdeff7437a7d67ff upstream. It appears that TCP checksum offloading has been broken for Q-in-Q vlans. The behavior was execerbated by the series commit afb0bc972b52 ("Merge branch 'stacked_vlan_tso'") that that enabled accleleration features on stacked vlans. However, event without that series, it is possible to trigger this issue. It just requires a lot more specialized configuration. The root cause is the interaction between how netdev_intersect_features() works, the features actually set on the vlan devices and HW having the ability to run checksum with longer headers. The issue starts when netdev_interesect_features() replaces NETIF_F_HW_CSUM with a combination of NETIF_F_IP_CSUM | NETIF_F_IPV6_CSUM, if the HW advertises IP|IPV6 specific checksums. This happens for tagged and multi-tagged packets. However, HW that enables IP|IPV6 checksum offloading doesn't gurantee that packets with arbitrarily long headers can be checksummed. This patch disables IP|IPV6 checksums on the packet for multi-tagged packets. CC: Toshiaki Makita <makita.toshiaki@....ntt.co.jp> CC: Michal Kubecek <mkubecek@...e.cz> Signed-off-by: Vladislav Yasevich <vyasevic@...hat.com> Acked-by: Toshiaki Makita <makita.toshiaki@....ntt.co.jp> Signed-off-by: David S. Miller <davem@...emloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> --- include/linux/if_vlan.h | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) --- a/include/linux/if_vlan.h +++ b/include/linux/if_vlan.h @@ -616,15 +616,16 @@ static inline bool skb_vlan_tagged_multi static inline netdev_features_t vlan_features_check(const struct sk_buff *skb, netdev_features_t features) { - if (skb_vlan_tagged_multi(skb)) - features = netdev_intersect_features(features, - NETIF_F_SG | - NETIF_F_HIGHDMA | - NETIF_F_FRAGLIST | - NETIF_F_GEN_CSUM | - NETIF_F_HW_VLAN_CTAG_TX | - NETIF_F_HW_VLAN_STAG_TX); - + if (skb_vlan_tagged_multi(skb)) { + /* In the case of multi-tagged packets, use a direct mask + * instead of using netdev_interesect_features(), to make + * sure that only devices supporting NETIF_F_HW_CSUM will + * have checksum offloading support. + */ + features &= NETIF_F_SG | NETIF_F_HIGHDMA | NETIF_F_HW_CSUM | + NETIF_F_FRAGLIST | NETIF_F_HW_VLAN_CTAG_TX | + NETIF_F_HW_VLAN_STAG_TX; + } return features; }
Powered by blists - more mailing lists