lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date:   Wed, 27 May 2020 12:59:52 +0000
From:   Fengtiantian <fengtiantian@...wei.com>
To:     "David S. Miller" <davem@...emloft.net>,
        "open list:NETWORKING [GENERAL" <netdev@...r.kernel.org>,
        open list <linux-kernel@...r.kernel.org>,
        Michał Mirosław <mirq-linux@...e.qmqm.pl>,
        "Daniel Borkmann" <daniel@...earbox.net>,
        Stanislav Fomichev <sdf@...gle.com>,
        "Jiri Pirko" <jiri@...lanox.com>, Arnd Bergmann <arnd@...db.de>,
        Hadar Hen Zion <hadarh@...lanox.com>
CC:     "Huangweidong (C)" <weidong.huang@...wei.com>,
        yuehaibing <yuehaibing@...wei.com>
Subject: [patch] flow_dissector:  Fix wrong vlan header offset in
 __skb_flow_dissect

We use the openvswitch 2.7.0 and find the issue when ovs use the skb_get_hash() to get the hash of QinQ skb. Because the
__skb_flow_dissect() get the wrong vlan protocol headers.

Someone report bonding driver has the same issue use the
__skb_flow_dissect() to count hash in bond_xmit_hash:
https://lore.kernel.org/netdev/00a5d09f-a23e-661f-60c0-
75fba6227451@...wei.com/T/.

Because in netif_receive_skb, the skb_network_header points to vlan head, but in dev_hard_start_xmit, the skb_network_header points to IP header. So use the skb_network_offset to get the vlan head is not reliable.

Should we use the skb_mac_offset instead the skb_network_offset to get the vlan head when proto is ETH_P_8021AD or ETH_P_8021Q?

Signed-off-by: Feng tiantian <fengtiantian@...wei.com>
---
 net/core/flow_dissector.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/net/core/flow_dissector.c b/net/core/flow_dissector.c index 415b95f..9a77d5d 100644
--- a/net/core/flow_dissector.c
+++ b/net/core/flow_dissector.c
@@ -629,6 +629,13 @@ bool __skb_flow_dissect(const struct sk_buff *skb,
 			 skb->vlan_proto : skb->protocol;
 		nhoff = skb_network_offset(skb);
 		hlen = skb_headlen(skb);
+
+		if (proto == htons(ETH_P_8021AD) ||
+		    proto == htons(ETH_P_8021Q)) {
+			if (skb_mac_header_was_set(skb))
+				nhoff = skb_mac_offset(skb) + ETH_HLEN;
+		}
+
 #if IS_ENABLED(CONFIG_NET_DSA)
 		if (unlikely(skb->dev && netdev_uses_dsa(skb->dev))) {
 			const struct dsa_device_ops *ops;
--
1.8.3.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ