From patchwork Mon Nov 18 16:43:13 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Petr Machata X-Patchwork-Id: 13878814 X-Patchwork-Delegate: kuba@kernel.org Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2072.outbound.protection.outlook.com [40.107.93.72]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 93E201BD4E2 for ; Mon, 18 Nov 2024 16:02:10 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=fail smtp.client-ip=40.107.93.72 ARC-Seal: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731945732; cv=fail; b=Ovpny/YN7/EAc3iVmvBbXvIivk0xE4E26gXiYKybpzUlkrKuOAwOcAdVhJtTevl2LbcSXyc2tSqCljzW1V8slrv2tXRu/daEpu90nHE55UiOD59S21tP8jGLQxRoZdK3eU2l5rBuih9rrQwmZ62DbNN4DnJhHCe7f4ve70KUV6s= ARC-Message-Signature: i=2; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1731945732; c=relaxed/simple; bh=iJ4aaw5HTEFuCTFZPIk6hZooa9CSigFar7TsonG6a5U=; h=From:To:CC:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version:Content-Type; b=Smfch345IUt+s8tsZSTgaQODoPPpJYMfgNEQ3TulJjDfrUypKNyS0QiC0NsKhdlqM+nJx9Ev8XAdBO+pRlZEdX1G69IhHwZNqy3M/FxCMFYzpgKk7+Eb4Ghj58lye3uR83bSZUFFlldTmsUech7L8w6DzDM5Txrps/ts0zP6+E0= ARC-Authentication-Results: i=2; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com; spf=fail smtp.mailfrom=nvidia.com; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b=daqzuoaU; arc=fail smtp.client-ip=40.107.93.72 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=nvidia.com Authentication-Results: smtp.subspace.kernel.org; spf=fail smtp.mailfrom=nvidia.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=Nvidia.com header.i=@Nvidia.com header.b="daqzuoaU" ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=QD80XCQXm8H23efjfFMXqVuRYNFYyOy1RMkSOJftkfPT71bfOd54oNOE/tBBcn/Dz1clfs2MzDHGjToM4r4eP5aAHwRUwb3PTR3V1JiwmkoxJQtuu8D/T3KsSjiyV4tQwv0wBQ6qE9yNUWytCKGaLDh5vY7uhY6TlLhvt3+sPf7VYrcSYzkcd/+L/1HAUKYEtqdwRKLey650kb8LQsLf19R3+9Pu2qFwsGMWTWyEEUq6rp3MYOADQanCKA6+23akyTKQiYFbcf9pHg81kjy740WubdtDwErIfq1svfo93B6bC7xR31y9wmOsDWvQAGyQA5tDZmPG4RuI2WYZyTwrRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LghsmdqwR0uUilIDKT3uJJ1lfVCF8vhRuCoy490rGSk=; b=u7Qk4ld3v4Hlb/WHKSGFzE1lMyqgiGxy/rQrTiTvXbckAsDVHFDSjig2qVaXFtJibQZMW1BH2IIsYY44CQ1jvZcfqnF4FpOhXlhKw/jalaE0vw+jc72kNjE7UAXDwN5Ic2cTe7695yAPQ9xaMAEdG9//n5spD2HecUhul2sYonnl6XoPQUv9LCnfvlqZTeHvhc3vGnTsNEbhj3Xep4/QPPCzTCgZRAvGdsFgRllqaDy/pFPLHCwSOux2F16eHrYyOG9X8oyhvtiP7MrcrBq48dd/03BsgEUOnYvkzK64xVl3beaZAWVtw82jzZTOqZO1p7Ipv/5g4s8c+rWjEUfIRg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is 216.228.117.161) smtp.rcpttodomain=davemloft.net smtp.mailfrom=nvidia.com; dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com; dkim=none (message not signed); arc=none (0) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Nvidia.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LghsmdqwR0uUilIDKT3uJJ1lfVCF8vhRuCoy490rGSk=; b=daqzuoaUUu9tC0RzNf3uizKeevEq8NY6hIMcT6zrGuPoHa8u/FzdlumR9b75buA/8MzTow9QKywTtdKEiGf7ZJHW6VpALfci0PiVExckdBjqdiGMf7IOOsVmPnJ7VTEhmAKTK2MwrmKuTpna6IeQG0NmOcYs9neYb8TjCF3GyPD4IQ1q2TVjCJe+OEAutHwwaL/7nTFRsAWqLeh9dDRA0Q4rL459JC6wrPjWobtdK9wr2TJIL3x3tbj5yf3gEFCCuhRzThIvxtP7A26GasQRTp2Q5t0vwQUdIpycrdfP5QUN4LtZj/v2LOpxPdgfNdYhCE68PrrDV2dMi9bo8PBwQA== Received: from CH2PR03CA0011.namprd03.prod.outlook.com (2603:10b6:610:59::21) by CYYPR12MB8964.namprd12.prod.outlook.com (2603:10b6:930:bc::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8158.23; Mon, 18 Nov 2024 16:02:07 +0000 Received: from CH1PEPF0000AD77.namprd04.prod.outlook.com (2603:10b6:610:59:cafe::ed) by CH2PR03CA0011.outlook.office365.com (2603:10b6:610:59::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8158.22 via Frontend Transport; Mon, 18 Nov 2024 16:02:07 +0000 X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161) smtp.mailfrom=nvidia.com; dkim=none (message not signed) header.d=none;dmarc=pass action=none header.from=nvidia.com; Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates 216.228.117.161 as permitted sender) receiver=protection.outlook.com; client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C Received: from mail.nvidia.com (216.228.117.161) by CH1PEPF0000AD77.mail.protection.outlook.com (10.167.244.55) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8158.14 via Frontend Transport; Mon, 18 Nov 2024 16:02:07 +0000 Received: from rnnvmail201.nvidia.com (10.129.68.8) by mail.nvidia.com (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Mon, 18 Nov 2024 08:01:46 -0800 Received: from localhost.localdomain (10.126.231.35) by rnnvmail201.nvidia.com (10.129.68.8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1544.4; Mon, 18 Nov 2024 08:01:40 -0800 From: Petr Machata To: "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , CC: Simon Horman , Ido Schimmel , "Petr Machata" , , Andrew Lunn , Menglong Dong , "Guillaume Nault" , Alexander Lobakin , Breno Leitao Subject: [RFC PATCH net-next 07/11] vxlan: vxlan_rcv(): Drop unparsed Date: Mon, 18 Nov 2024 17:43:13 +0100 Message-ID: <37b3b793970baea64d4ad306eeacd18d9d3bdd55.1731941465.git.petrm@nvidia.com> X-Mailer: git-send-email 2.47.0 In-Reply-To: References: Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-ClientProxiedBy: rnnvmail203.nvidia.com (10.129.68.9) To rnnvmail201.nvidia.com (10.129.68.8) X-EOPAttributedMessage: 0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: CH1PEPF0000AD77:EE_|CYYPR12MB8964:EE_ X-MS-Office365-Filtering-Correlation-Id: e9be2031-da8f-41dd-2420-08dd07ea5a40 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|376014|1800799024|36860700013|7416014|82310400026; X-Microsoft-Antispam-Message-Info: prwxwCrw8y1/KaCxmbICVSquD4CrfAuDKJQdzZPVo356D8Qxo09gIyfagrEvDkvKkVqTpz5l60hSYE2jz+tOAGMQGL/siO12ZWSZULftQPG4yUr5H2HTDZcao/wLzOx0qgD5l4oymwTW5xDZckdOKtbu+b9LYnMgCjI7b4bW8rMFfNDmTl+0bnKdrnL1LZM2ka6xIZR4zrEyFEjnBv+ve528bvUxAUGcjzJTd3i0bf3meJrSWuAzQcgtfWNG4WBQVb4BcdN36DMak5YniI1DaEFXyqrQy/LDPd7Z+PZKi9L9XA+x5/WyEQgVlYUyfr1uhu39ivAZeY6i9+zU+cbI54/w3a69z4qrR99EItOxIspddGqcQ3O87jvDFe4sTrdfgJXkANFF+nGcYcPDtTjHXlxQ23Xcd+kzOH3Bphxz3BxmugvUCpVEFBjYbpzCSBGYpnVgcRpz0EsmxAndM0GglOGQUd+6Sie3MXCANblOyGeZ6mLLjc5D2+3EDpDM38qzcqpPnKzsNQI5ceKi4jjAYqcfAfloF9EpdaFpzyOe5dBQQZ48ixbtVg2igFsUa+z5MOfvV1DdE0AtCKk1GtkSpHe+xIijD5Muw/mVxVEOo914rGW6zsllupVRNkVoYtXr6v3Jk5MZadHkn1DWVox77d5Fz6qmERSBFqQO+lGscNEke6mjYvTj4XBTpT6qBWJioiAulrn4iBconr1nNrCEYpMi59ukVdzlF5MOmAkntHEYYoDkBmGVvQjonlkW4iBUz4jPKgf2NF0jjmujRl6UnJVl3p+3506jGxMAVEwYg0ulpAWh1zjwQl5UCYY1pMJ1AJMyeEdIWBjiLN0klg0J6ppdvRdguM7ggkZasqqCGrgnw8x+EPnQqd+fppy+3zKOctiXVzEgYvBfaxEqDrwKewAzgK1FqzYRHgtppHMTSHme1w+lCCDHBnzUn0fQQgFoJv1o+MnDYgwcro/AWT12xVkZTNJpA94RXxIzrvdjwMfAPF7e9C09baTWd6skvZMTLp/mEjXzv1CYu1LTAbe1ZRDlLuXk2Z9jgl8IlDThMI1yhPipZsxi4c0pb29sJxfCXO3vWzA9z1x94m4mWxkCaN41+rYDMjwbSXp9xXA6OZzvctL1UmJXTs1eC21F2eOdwM2sxUfMv5da67qetQ/Ji2atl/UpKZ1d+s5IoUXp+2jBATb/Z24KRVUV7GGljKskPabINlBIJZcIkzcm68noG/EyfliReczf3YrhxbFqpU2XOnrEcuMF5pcrzoe/RLcUt34aVduHIbty2MnCsJdySzMfBguHT9Qn8jYnCbDprb5whEC8Zz2jJ5KnVl2F1Hjta1wgMpYySjHMF/mypEE3C9fHXy9raa+rz0e3+Ks6OR5dU3yYOCGp12MQpG98PXW9HVrRVGwZEFOoVl0M51eAhw== X-Forefront-Antispam-Report: CIP:216.228.117.161;CTRY:US;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:mail.nvidia.com;PTR:dc6edge2.nvidia.com;CAT:NONE;SFS:(13230040)(376014)(1800799024)(36860700013)(7416014)(82310400026);DIR:OUT;SFP:1101; X-OriginatorOrg: Nvidia.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 18 Nov 2024 16:02:07.2810 (UTC) X-MS-Exchange-CrossTenant-Network-Message-Id: e9be2031-da8f-41dd-2420-08dd07ea5a40 X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a;Ip=[216.228.117.161];Helo=[mail.nvidia.com] X-MS-Exchange-CrossTenant-AuthSource: CH1PEPF0000AD77.namprd04.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Anonymous X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem X-MS-Exchange-Transport-CrossTenantHeadersStamped: CYYPR12MB8964 X-Patchwork-Delegate: kuba@kernel.org X-Patchwork-State: RFC The code currently validates the VXLAN header in two ways: first by comparing it with the set of reserved bits, constructed ahead of time during the netdevice construction; and second by gradually clearing the bits off a separate copy of VXLAN header, "unparsed". Drop the latter validation method. Signed-off-by: Petr Machata Reviewed-by: Ido Schimmel --- Notes: CC: Andrew Lunn CC: Menglong Dong CC: Guillaume Nault CC: Alexander Lobakin CC: Breno Leitao drivers/net/vxlan/vxlan_core.c | 16 +--------------- 1 file changed, 1 insertion(+), 15 deletions(-) diff --git a/drivers/net/vxlan/vxlan_core.c b/drivers/net/vxlan/vxlan_core.c index 090cfd048df9..e5c7b728eddf 100644 --- a/drivers/net/vxlan/vxlan_core.c +++ b/drivers/net/vxlan/vxlan_core.c @@ -1670,7 +1670,6 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb) const struct vxlanhdr *vh; struct vxlan_dev *vxlan; struct vxlan_sock *vs; - struct vxlanhdr unparsed; struct vxlan_metadata _md; struct vxlan_metadata *md = &_md; __be16 protocol = htons(ETH_P_TEB); @@ -1685,7 +1684,6 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb) if (reason) goto drop; - unparsed = *vxlan_hdr(skb); vh = vxlan_hdr(skb); /* VNI flag always required to be set */ if (!(vh->vx_flags & VXLAN_HF_VNI)) { @@ -1695,8 +1693,6 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb) /* Return non vxlan pkt */ goto drop; } - unparsed.vx_flags &= ~VXLAN_HF_VNI; - unparsed.vx_vni &= ~VXLAN_VNI_MASK; vs = rcu_dereference_sk_user_data(sk); if (!vs) @@ -1731,7 +1727,6 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb) if (vxlan->cfg.flags & VXLAN_F_GPE) { if (!vxlan_parse_gpe_proto(vh, &protocol)) goto drop; - unparsed.vx_flags &= ~VXLAN_GPE_USED_BITS; raw_proto = true; } @@ -1745,8 +1740,6 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb) reason = vxlan_remcsum(skb, vxlan->cfg.flags); if (unlikely(reason)) goto drop; - unparsed.vx_flags &= ~VXLAN_HF_RCO; - unparsed.vx_vni &= VXLAN_VNI_MASK; } if (vxlan_collect_metadata(vs)) { @@ -1769,19 +1762,12 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb) memset(md, 0, sizeof(*md)); } - if (vxlan->cfg.flags & VXLAN_F_GBP) { + if (vxlan->cfg.flags & VXLAN_F_GBP) vxlan_parse_gbp_hdr(skb, vxlan->cfg.flags, md); - unparsed.vx_flags &= ~VXLAN_GBP_USED_BITS; - } /* Note that GBP and GPE can never be active together. This is * ensured in vxlan_dev_configure. */ - if (unparsed.vx_flags || unparsed.vx_vni) { - reason = SKB_DROP_REASON_VXLAN_INVALID_HDR; - goto drop; - } - if (!raw_proto) { reason = vxlan_set_mac(vxlan, vs, skb, vni); if (reason)