From patchwork Wed Dec 25 05:16:21 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Harshvardhan Jha X-Patchwork-Id: 13920611 X-Patchwork-Delegate: kuba@kernel.org Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6CB505C603; Wed, 25 Dec 2024 05:17:04 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.177.32 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735103827; cv=none; b=lBKKekJo1qSrnkMtawVgXMbh84XCObSW7pg7quP73jYWg5UBtE+Xsxpq8prvpa5dWcKq27tIjNywaGntbIoy437X9S9GAqakv0UdFpRIO10sv0JV2oC/5PrHMmqKiO53L4a7gPAJ+PJxkY6VnCRXbb9jH1M4M7tqyY//+gjxmbk= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735103827; c=relaxed/simple; bh=gd1wYg1rSEB8fl9V+//TM5/UH/nQutNvNwvPmHU8p54=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=DiT/qX5HLpjCgsFHW0QJ51s4uMbsryJvOSq5KvInThuvVdfAQR0xvbdF6o1RJq/IMi4nQgvPhbkLxHAExMzp9kE4mvy2ilRtHQtWZklibKfZQddwRz+ZDraZWtIkP75Gk8BvZcMLw+dd9SfLAQNTf1YdUBCCPzd+OxaPyLXcAs0= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oracle.com; spf=pass smtp.mailfrom=oracle.com; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b=jBk8oqOP; arc=none smtp.client-ip=205.220.177.32 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oracle.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oracle.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b="jBk8oqOP" Received: from pps.filterd (m0246630.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4BP3vATU015421; Wed, 25 Dec 2024 05:16:28 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=corp-2023-11-20; bh=b0p0Y 28dwP5ktlWsukWAeWtYSUxdvj5m7AaVg3wsQUs=; b=jBk8oqOP2dOtqVpfkL+ku ir83Jtjmt9HbE9HeMqTq0Ywm8uH/jglyyqGWxLQoERIENP7o0kxOAMU25vNudeWE nx0uXIYpDFIf20pn0Nz5mgmeqpob3nRx92j4APn7U8CarmGOTevtgsTOe5dPho61 Oyrjx5dKyA1VjVwyOQn8lvI/f7eZHqykTGERR4ARj3awQNJJPXc7EPXNY32XkL8E 1kd0AdZFbyRY4j0xQOUQe5n5eCe+2fTvFxnHDYJVmATKd4wHGWgWLASLlsZ8eikn YF5Ayhs9gYF0yyFqMa7daciUt/97AlrZn+GqRNwvr5Wmos2yfPB9JsuuVL8BweLE w== Received: from phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta03.appoci.oracle.com [138.1.37.129]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 43nqd5n14v-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 25 Dec 2024 05:16:27 +0000 (GMT) Received: from pps.filterd (phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 4BP2ASed000862; Wed, 25 Dec 2024 05:16:26 GMT Received: from pps.reinject (localhost [127.0.0.1]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 43pk8ucjrb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 25 Dec 2024 05:16:26 +0000 Received: from phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 4BP5GPg6035712; Wed, 25 Dec 2024 05:16:25 GMT Received: from ca-dev112.us.oracle.com (ca-dev112.us.oracle.com [10.129.136.47]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTP id 43pk8ucjr2-2; Wed, 25 Dec 2024 05:16:25 +0000 From: Harshvardhan Jha To: davem@davemloft.net, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org, kuba@kernel.org Cc: harshvardhan.j.jha@oracle.com, netdev@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH 5.4.y 5.10.y 1/4] skbuff: introduce skb_expand_head() Date: Tue, 24 Dec 2024 21:16:21 -0800 Message-ID: <20241225051624.127745-2-harshvardhan.j.jha@oracle.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20241225051624.127745-1-harshvardhan.j.jha@oracle.com> References: <20241225051624.127745-1-harshvardhan.j.jha@oracle.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2024-12-25_01,2024-12-24_01,2024-11-22_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 suspectscore=0 malwarescore=0 mlxscore=0 spamscore=0 mlxlogscore=999 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2411120000 definitions=main-2412250044 X-Proofpoint-GUID: yKfjyTuKTVi2MpylhsLZfoZJ2d1rCyFB X-Proofpoint-ORIG-GUID: yKfjyTuKTVi2MpylhsLZfoZJ2d1rCyFB X-Patchwork-Delegate: kuba@kernel.org From: Vasily Averin [ Upstream commit f1260ff15a71b8fc122b2c9abd8a7abffb6e0168 ] Like skb_realloc_headroom(), new helper increases headroom of specified skb. Unlike skb_realloc_headroom(), it does not allocate a new skb if possible; copies skb->sk on new skb when as needed and frees original skb in case of failures. This helps to simplify ip[6]_finish_output2() and a few other similar cases. Signed-off-by: Vasily Averin Signed-off-by: David S. Miller (cherry picked from commit f1260ff15a71b8fc122b2c9abd8a7abffb6e0168) Signed-off-by: Harshvardhan Jha --- include/linux/skbuff.h | 1 + net/core/skbuff.c | 42 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 43 insertions(+) diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index 31ae4b74d4352..3248e4aeec037 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -1166,6 +1166,7 @@ static inline struct sk_buff *__pskb_copy(struct sk_buff *skb, int headroom, int pskb_expand_head(struct sk_buff *skb, int nhead, int ntail, gfp_t gfp_mask); struct sk_buff *skb_realloc_headroom(struct sk_buff *skb, unsigned int headroom); +struct sk_buff *skb_expand_head(struct sk_buff *skb, unsigned int headroom); struct sk_buff *skb_copy_expand(const struct sk_buff *skb, int newheadroom, int newtailroom, gfp_t priority); int __must_check skb_to_sgvec_nomark(struct sk_buff *skb, struct scatterlist *sg, diff --git a/net/core/skbuff.c b/net/core/skbuff.c index b0c2d6f018003..fa3ea287d6ecc 100644 --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -1732,6 +1732,48 @@ struct sk_buff *skb_realloc_headroom(struct sk_buff *skb, unsigned int headroom) } EXPORT_SYMBOL(skb_realloc_headroom); +/** + * skb_expand_head - reallocate header of &sk_buff + * @skb: buffer to reallocate + * @headroom: needed headroom + * + * Unlike skb_realloc_headroom, this one does not allocate a new skb + * if possible; copies skb->sk to new skb as needed + * and frees original skb in case of failures. + * + * It expect increased headroom and generates warning otherwise. + */ + +struct sk_buff *skb_expand_head(struct sk_buff *skb, unsigned int headroom) +{ + int delta = headroom - skb_headroom(skb); + + if (WARN_ONCE(delta <= 0, + "%s is expecting an increase in the headroom", __func__)) + return skb; + + /* pskb_expand_head() might crash, if skb is shared */ + if (skb_shared(skb)) { + struct sk_buff *nskb = skb_clone(skb, GFP_ATOMIC); + + if (likely(nskb)) { + if (skb->sk) + skb_set_owner_w(nskb, skb->sk); + consume_skb(skb); + } else { + kfree_skb(skb); + } + skb = nskb; + } + if (skb && + pskb_expand_head(skb, SKB_DATA_ALIGN(delta), 0, GFP_ATOMIC)) { + kfree_skb(skb); + skb = NULL; + } + return skb; +} +EXPORT_SYMBOL(skb_expand_head); + /** * skb_copy_expand - copy and expand sk_buff * @skb: buffer to copy From patchwork Wed Dec 25 05:16:22 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Harshvardhan Jha X-Patchwork-Id: 13920610 X-Patchwork-Delegate: kuba@kernel.org Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 6C9AD101EE; Wed, 25 Dec 2024 05:17:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.177.32 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735103827; cv=none; b=XPwRveuS9fAw36BGIrPIEQAV0gjylEB5gSKDspBUcfPm1udMJ9vPHjhHad0+t6ORI5Tj4+3cytmWXYx39IUrb2nTPRSUa3rH3lPwYzqNX4HRkcDiMjnoT4UqRftDD6pHttiEJnbaQK9KhdMZpOSBixp4Kx695boUyVAPlKg78Bs= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735103827; c=relaxed/simple; bh=0txuHcWcnDSvB9rywhMrxH2nNsI+24cfzeVrBFdFCkQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=UWNvLopQdar/vjkD13Ia8/O5bidWIYgnazZLC92eKMbCnnSuGno8JKbPANpJra37NDkYxSMVWdGhLanqSj6GfJpP/YHoVWic8d+MKpfTxd3MaunGjoOJ3h2E11GYEby8hwOMBnGRH5/+5XShyWECBPtQ8iCIsGE2BC34pwee7nA= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oracle.com; spf=pass smtp.mailfrom=oracle.com; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b=ATuF7Bpi; arc=none smtp.client-ip=205.220.177.32 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oracle.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oracle.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b="ATuF7Bpi" Received: from pps.filterd (m0246632.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4BP2kx5d025770; Wed, 25 Dec 2024 05:16:27 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=corp-2023-11-20; bh=KSKiy YBWLwMKYYsiDnYynubWpye0Ep3IMDEoCgd2jiU=; b=ATuF7BpiXuNrkGO/r7mnd asO/HI0TLSNViFe5mxKr5huSl8GWyXKFPH/CadlakJylmco0jVOQ6vku5ow+mLv5 a94t6DhXaSnCVFT0S8Yd+xkuCLoe0OlDzKw8aDd4/vrWev8dicgH7pukILTetZT5 CTbKgIWasDOJ1JHdJrm2Fd2PJoQqdMEr/bdy51ukvHQnEQrQH2JKWPHE+GzXj2qL Xs7UptcqVV7kRcCPbGo9HhocULjRR1UiyJ02oG08X6hVLnnnX0nPtAUFjWxRLsdL dNc3TpiAWvEirR0FO0nFQq/sLgJfOcqt6npMUaRdWlgMG4TO4DEyt/0NrhJBGDtD Q== Received: from phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta03.appoci.oracle.com [138.1.37.129]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 43nq56w2g4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 25 Dec 2024 05:16:27 +0000 (GMT) Received: from pps.filterd (phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 4BP0FCCY001803; Wed, 25 Dec 2024 05:16:26 GMT Received: from pps.reinject (localhost [127.0.0.1]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 43pk8ucjrh-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 25 Dec 2024 05:16:26 +0000 Received: from phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 4BP5GPg8035712; Wed, 25 Dec 2024 05:16:26 GMT Received: from ca-dev112.us.oracle.com (ca-dev112.us.oracle.com [10.129.136.47]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTP id 43pk8ucjr2-3; Wed, 25 Dec 2024 05:16:26 +0000 From: Harshvardhan Jha To: davem@davemloft.net, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org, kuba@kernel.org Cc: harshvardhan.j.jha@oracle.com, netdev@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH 5.4.y 5.10.y 2/4] ipv6: use skb_expand_head in ip6_finish_output2 Date: Tue, 24 Dec 2024 21:16:22 -0800 Message-ID: <20241225051624.127745-3-harshvardhan.j.jha@oracle.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20241225051624.127745-1-harshvardhan.j.jha@oracle.com> References: <20241225051624.127745-1-harshvardhan.j.jha@oracle.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2024-12-25_01,2024-12-24_01,2024-11-22_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 suspectscore=0 malwarescore=0 mlxscore=0 spamscore=0 mlxlogscore=999 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2411120000 definitions=main-2412250044 X-Proofpoint-GUID: OugqSS6DIFglZVax7x-dujeRWQOjxrNU X-Proofpoint-ORIG-GUID: OugqSS6DIFglZVax7x-dujeRWQOjxrNU X-Patchwork-Delegate: kuba@kernel.org From: Vasily Averin [ Upstream commit e415ed3a4b8b246ee5e9d109ff5153efcf96b9f2 ] Unlike skb_realloc_headroom, new helper skb_expand_head does not allocate a new skb if possible. Additionally this patch replaces commonly used dereferencing with variables. Signed-off-by: Vasily Averin Signed-off-by: David S. Miller (cherry picked from commit e415ed3a4b8b246ee5e9d109ff5153efcf96b9f2) Signed-off-by: Harshvardhan Jha --- net/ipv6/ip6_output.c | 51 ++++++++++++++----------------------------- 1 file changed, 16 insertions(+), 35 deletions(-) diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 26d8105981e96..7806963b4539e 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -60,46 +60,29 @@ static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff * { struct dst_entry *dst = skb_dst(skb); struct net_device *dev = dst->dev; + struct inet6_dev *idev = ip6_dst_idev(dst); unsigned int hh_len = LL_RESERVED_SPACE(dev); - int delta = hh_len - skb_headroom(skb); - const struct in6_addr *nexthop; + const struct in6_addr *daddr, *nexthop; + struct ipv6hdr *hdr; struct neighbour *neigh; int ret; /* Be paranoid, rather than too clever. */ - if (unlikely(delta > 0) && dev->header_ops) { - /* pskb_expand_head() might crash, if skb is shared */ - if (skb_shared(skb)) { - struct sk_buff *nskb = skb_clone(skb, GFP_ATOMIC); - - if (likely(nskb)) { - if (skb->sk) - skb_set_owner_w(nskb, skb->sk); - consume_skb(skb); - } else { - kfree_skb(skb); - } - skb = nskb; - } - if (skb && - pskb_expand_head(skb, SKB_DATA_ALIGN(delta), 0, GFP_ATOMIC)) { - kfree_skb(skb); - skb = NULL; - } + if (unlikely(hh_len > skb_headroom(skb)) && dev->header_ops) { + skb = skb_expand_head(skb, hh_len); if (!skb) { - IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTDISCARDS); + IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS); return -ENOMEM; } } - if (ipv6_addr_is_multicast(&ipv6_hdr(skb)->daddr)) { - struct inet6_dev *idev = ip6_dst_idev(skb_dst(skb)); - + hdr = ipv6_hdr(skb); + daddr = &hdr->daddr; + if (ipv6_addr_is_multicast(daddr)) { if (!(dev->flags & IFF_LOOPBACK) && sk_mc_loop(sk) && ((mroute6_is_socket(net, skb) && !(IP6CB(skb)->flags & IP6SKB_FORWARDED)) || - ipv6_chk_mcast_addr(dev, &ipv6_hdr(skb)->daddr, - &ipv6_hdr(skb)->saddr))) { + ipv6_chk_mcast_addr(dev, daddr, &hdr->saddr))) { struct sk_buff *newskb = skb_clone(skb, GFP_ATOMIC); /* Do not check for IFF_ALLMULTI; multicast routing @@ -110,7 +93,7 @@ static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff * net, sk, newskb, NULL, newskb->dev, dev_loopback_xmit); - if (ipv6_hdr(skb)->hop_limit == 0) { + if (hdr->hop_limit == 0) { IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS); kfree_skb(skb); @@ -119,9 +102,7 @@ static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff * } IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUTMCAST, skb->len); - - if (IPV6_ADDR_MC_SCOPE(&ipv6_hdr(skb)->daddr) <= - IPV6_ADDR_SCOPE_NODELOCAL && + if (IPV6_ADDR_MC_SCOPE(daddr) <= IPV6_ADDR_SCOPE_NODELOCAL && !(dev->flags & IFF_LOOPBACK)) { kfree_skb(skb); return 0; @@ -136,10 +117,10 @@ static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff * } rcu_read_lock_bh(); - nexthop = rt6_nexthop((struct rt6_info *)dst, &ipv6_hdr(skb)->daddr); - neigh = __ipv6_neigh_lookup_noref(dst->dev, nexthop); + nexthop = rt6_nexthop((struct rt6_info *)dst, daddr); + neigh = __ipv6_neigh_lookup_noref(dev, nexthop); if (unlikely(!neigh)) - neigh = __neigh_create(&nd_tbl, nexthop, dst->dev, false); + neigh = __neigh_create(&nd_tbl, nexthop, dev, false); if (!IS_ERR(neigh)) { sock_confirm_neigh(skb, neigh); ret = neigh_output(neigh, skb, false); @@ -148,7 +129,7 @@ static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff * } rcu_read_unlock_bh(); - IP6_INC_STATS(net, ip6_dst_idev(dst), IPSTATS_MIB_OUTNOROUTES); + IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTNOROUTES); kfree_skb(skb); return -EINVAL; } From patchwork Wed Dec 25 05:16:23 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Harshvardhan Jha X-Patchwork-Id: 13920612 X-Patchwork-Delegate: kuba@kernel.org Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id AD74513B2AF; Wed, 25 Dec 2024 05:17:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.177.32 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735103827; cv=none; b=Pu1vXp1EqJVR0cX68aYd7WYueXXaP6HkDZ2uHeQfEsIJth+hHKl538ssim7iJZks1Q8jbzW21A5MEE0Jn6byasLjvvlT6rLJygoUss4IYx56yI5xquSHtnFFMEnyPCN2xhtc6iiPHcD2d7hHxoPDLHUzXCRcA/nt+K1aIYqr5Hw= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735103827; c=relaxed/simple; bh=8g8ETFIgrUxfnGeZYXx7/SoNr5i/5yaC2b109Wxz7iQ=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=fCkGSmUNb1yEa8lCfFGNMSM+jxuW1Kkn+JTDUaNAAg2Z5sc868q4wfXFASqq3Vf0YnYDES7kC+E/5YJmtxwEPhr/yzqIeYCTzsvEPwqscJ+tlxBymyXQVu6A4NbYKmN408ntvfE8W/+F055tDrOsxbKmzwTddnQLAwWz5LU342I= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oracle.com; spf=pass smtp.mailfrom=oracle.com; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b=ddhTV2Eq; arc=none smtp.client-ip=205.220.177.32 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oracle.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oracle.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b="ddhTV2Eq" Received: from pps.filterd (m0246631.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4BP0BoPO022195; Wed, 25 Dec 2024 05:16:28 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=corp-2023-11-20; bh=BaCeY +sGMCrCb/dCVqGWlDTz9P7md1sAUO+PBqDm/Xo=; b=ddhTV2EqFg9DBSMEDgBsf leBHO/tcJKeZsOdf8hM7F5sPguzloDf57/J9FXZ89gob4JWgQn4zZC5Xki+bOnHL TVLzFAtlvPqo9VfHj8el/JBXFB1EXbduDaLPzAitKL9KbYn+DSyzHCSGoHC5jwtq jd4VeCBzDsSoF70w/3ognk+Br7dgj3EUlgG9exUBoR4aSbcarmaUK2qhxHM85glZ T/1Yx2XM2O9vv5eXvWfbtJcK5vDqKq5pM5YwBhAUghX6YFAuUhaByr0cJNL495Eu UAsd8e63HHeACyCHgckVOPTT2dmnJD/z0mVgKdcZrCR4Q7wDPXWg6DgM0qbR4XEA A== Received: from phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta03.appoci.oracle.com [138.1.37.129]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 43nq6sd2qw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 25 Dec 2024 05:16:28 +0000 (GMT) Received: from pps.filterd (phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 4BP0FCCZ001803; Wed, 25 Dec 2024 05:16:27 GMT Received: from pps.reinject (localhost [127.0.0.1]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 43pk8ucjrq-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 25 Dec 2024 05:16:27 +0000 Received: from phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 4BP5GPgA035712; Wed, 25 Dec 2024 05:16:27 GMT Received: from ca-dev112.us.oracle.com (ca-dev112.us.oracle.com [10.129.136.47]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTP id 43pk8ucjr2-4; Wed, 25 Dec 2024 05:16:26 +0000 From: Harshvardhan Jha To: davem@davemloft.net, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org, kuba@kernel.org Cc: harshvardhan.j.jha@oracle.com, netdev@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH 5.4.y 5.10.y 3/4] ipv6: use skb_expand_head in ip6_xmit Date: Tue, 24 Dec 2024 21:16:23 -0800 Message-ID: <20241225051624.127745-4-harshvardhan.j.jha@oracle.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20241225051624.127745-1-harshvardhan.j.jha@oracle.com> References: <20241225051624.127745-1-harshvardhan.j.jha@oracle.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2024-12-25_01,2024-12-24_01,2024-11-22_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 suspectscore=0 malwarescore=0 mlxscore=0 spamscore=0 mlxlogscore=999 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2411120000 definitions=main-2412250044 X-Proofpoint-ORIG-GUID: kvukrOxS4lfgXt07fl7SRpExSXU24MMU X-Proofpoint-GUID: kvukrOxS4lfgXt07fl7SRpExSXU24MMU X-Patchwork-Delegate: kuba@kernel.org From: Vasily Averin [ Upstream commit 0c9f227bee11910a49e1d159abe102d06e3745d5 ] Unlike skb_realloc_headroom, new helper skb_expand_head does not allocate a new skb if possible. Additionally this patch replaces commonly used dereferencing with variables. Signed-off-by: Vasily Averin Signed-off-by: David S. Miller (cherry picked from commit 0c9f227bee11910a49e1d159abe102d06e3745d5) Signed-off-by: Harshvardhan Jha --- net/ipv6/ip6_output.c | 27 +++++++++++---------------- 1 file changed, 11 insertions(+), 16 deletions(-) diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index 7806963b4539e..a8475848d0382 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -254,6 +254,8 @@ int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6, const struct ipv6_pinfo *np = inet6_sk(sk); struct in6_addr *first_hop = &fl6->daddr; struct dst_entry *dst = skb_dst(skb); + struct net_device *dev = dst->dev; + struct inet6_dev *idev = ip6_dst_idev(dst); unsigned int head_room; struct ipv6hdr *hdr; u8 proto = fl6->flowi6_proto; @@ -261,22 +263,16 @@ int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6, int hlimit = -1; u32 mtu; - head_room = sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dst->dev); + head_room = sizeof(struct ipv6hdr) + LL_RESERVED_SPACE(dev); if (opt) head_room += opt->opt_nflen + opt->opt_flen; - if (unlikely(skb_headroom(skb) < head_room)) { - struct sk_buff *skb2 = skb_realloc_headroom(skb, head_room); - if (!skb2) { - IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), - IPSTATS_MIB_OUTDISCARDS); - kfree_skb(skb); + if (unlikely(head_room > skb_headroom(skb))) { + skb = skb_expand_head(skb, head_room); + if (!skb) { + IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS); return -ENOBUFS; } - if (skb->sk) - skb_set_owner_w(skb2, skb->sk); - consume_skb(skb); - skb = skb2; } if (opt) { @@ -318,8 +314,7 @@ int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6, mtu = dst_mtu(dst); if ((skb->len <= mtu) || skb->ignore_df || skb_is_gso(skb)) { - IP6_UPD_PO_STATS(net, ip6_dst_idev(skb_dst(skb)), - IPSTATS_MIB_OUT, skb->len); + IP6_UPD_PO_STATS(net, idev, IPSTATS_MIB_OUT, skb->len); /* if egress device is enslaved to an L3 master device pass the * skb to its handler for processing @@ -332,17 +327,17 @@ int ip6_xmit(const struct sock *sk, struct sk_buff *skb, struct flowi6 *fl6, * we promote our socket to non const */ return NF_HOOK(NFPROTO_IPV6, NF_INET_LOCAL_OUT, - net, (struct sock *)sk, skb, NULL, dst->dev, + net, (struct sock *)sk, skb, NULL, dev, dst_output); } - skb->dev = dst->dev; + skb->dev = dev; /* ipv6_local_error() does not require socket lock, * we promote our socket to non const */ ipv6_local_error((struct sock *)sk, EMSGSIZE, fl6, mtu); - IP6_INC_STATS(net, ip6_dst_idev(skb_dst(skb)), IPSTATS_MIB_FRAGFAILS); + IP6_INC_STATS(net, idev, IPSTATS_MIB_FRAGFAILS); kfree_skb(skb); return -EMSGSIZE; } From patchwork Wed Dec 25 05:16:24 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Harshvardhan Jha X-Patchwork-Id: 13920613 X-Patchwork-Delegate: kuba@kernel.org Received: from mx0b-00069f02.pphosted.com (mx0b-00069f02.pphosted.com [205.220.177.32]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 8CC4413AA2B; Wed, 25 Dec 2024 05:17:05 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=205.220.177.32 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735103828; cv=none; b=NM7Da7yIS3xoQ4FiGk39seTakd3j7pOMs/VKeRb0PcVfs7D7KcsdlFKT3UB3zbRYAI+E0RtUawsgNdo7s/Leg3rYJRCdXvl/QgfCKmYZkp5rwLNhqfCuQqo/nb3pe4fOlPpJtl1hgIOb/HqQYmXlSu2h2mmksFjzYsNQBvZ5tUY= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1735103828; c=relaxed/simple; bh=zaViJNomEckKKcjjBSRQLLpChjsOyScVQjvRS2k5bAM=; h=From:To:Cc:Subject:Date:Message-ID:In-Reply-To:References: MIME-Version; b=jypKrJxLyJVXBhMgb/6SC8kWEuF0AfpS8yiZmLVbWfMpmzyGYicS7km/vFoA6wrM1KOPvVHkh+R8IsfWb4gU6Je+ITyTBZJGW/KnhhPOxge4SOTZ4Hgm98u5gvlNmFjt3vcEvXipwSCqaA9TM6XUwer8ihgbr0RVKameE7mQFKE= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oracle.com; spf=pass smtp.mailfrom=oracle.com; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b=e7npYA5a; arc=none smtp.client-ip=205.220.177.32 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=oracle.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=oracle.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=oracle.com header.i=@oracle.com header.b="e7npYA5a" Received: from pps.filterd (m0246630.ppops.net [127.0.0.1]) by mx0b-00069f02.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 4BP3PxkL004751; Wed, 25 Dec 2024 05:16:29 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=cc :content-transfer-encoding:date:from:in-reply-to:message-id :mime-version:references:subject:to; s=corp-2023-11-20; bh=ZFYCl pbOYCw+0yUTOUOfc8jYTx/JcRzMVv7MjxoNwKI=; b=e7npYA5amjF6uDjFKuRBd s0UYDDHsa2POEBa+nNMk1cAEDwJqHA6909AvIuqpJXbPjFIQjs1X5N92orv3DJTr O+4LYictDYwHTlAah/RuLJksE3nabBSC12X6oUWzZCEvIL15Ln8rmlPuOoGZ8kWz dp9MpSfgflmODUcLyYo09WjEEKAPkyUG8bawdIrMCdcx2G3d+Y9O+67PNaEQdq4q w/6yPC/mIGiV7jKYqztv+m2kkC54OF0ZKYioxl1ooXfR4y17tKpUTcjwly1UVRPw T7k1XcVr8sFx4EK0VQLTZFUH4bP62SYThJH1ENkwVVNi3C5HQAAMWOpnVWzyqbg3 g== Received: from phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta03.appoci.oracle.com [138.1.37.129]) by mx0b-00069f02.pphosted.com (PPS) with ESMTPS id 43nqd5n14w-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 25 Dec 2024 05:16:29 +0000 (GMT) Received: from pps.filterd (phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (8.18.1.2/8.18.1.2) with ESMTP id 4BP4vUM5000936; Wed, 25 Dec 2024 05:16:28 GMT Received: from pps.reinject (localhost [127.0.0.1]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTPS id 43pk8ucjry-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 25 Dec 2024 05:16:28 +0000 Received: from phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com [127.0.0.1]) by pps.reinject (8.17.1.5/8.17.1.5) with ESMTP id 4BP5GPgC035712; Wed, 25 Dec 2024 05:16:27 GMT Received: from ca-dev112.us.oracle.com (ca-dev112.us.oracle.com [10.129.136.47]) by phxpaimrmta03.imrmtpd1.prodappphxaev1.oraclevcn.com (PPS) with ESMTP id 43pk8ucjr2-5; Wed, 25 Dec 2024 05:16:27 +0000 From: Harshvardhan Jha To: davem@davemloft.net, kuznet@ms2.inr.ac.ru, yoshfuji@linux-ipv6.org, kuba@kernel.org Cc: harshvardhan.j.jha@oracle.com, netdev@vger.kernel.org, stable@vger.kernel.org Subject: [PATCH 5.4.y 5.10.y 4/4] ipv6: fix possible UAF in ip6_finish_output2() Date: Tue, 24 Dec 2024 21:16:24 -0800 Message-ID: <20241225051624.127745-5-harshvardhan.j.jha@oracle.com> X-Mailer: git-send-email 2.46.0 In-Reply-To: <20241225051624.127745-1-harshvardhan.j.jha@oracle.com> References: <20241225051624.127745-1-harshvardhan.j.jha@oracle.com> Precedence: bulk X-Mailing-List: netdev@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1057,Hydra:6.0.680,FMLib:17.12.68.34 definitions=2024-12-25_01,2024-12-24_01,2024-11-22_01 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 adultscore=0 suspectscore=0 malwarescore=0 mlxscore=0 spamscore=0 mlxlogscore=999 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2411120000 definitions=main-2412250044 X-Proofpoint-GUID: -k21lX0dPkK94p2TMCvH-i78C820-tZ5 X-Proofpoint-ORIG-GUID: -k21lX0dPkK94p2TMCvH-i78C820-tZ5 X-Patchwork-Delegate: kuba@kernel.org From: Eric Dumazet [ Upstream commit e891b36de161fcd96f12ff83667473e5067b9037 ] If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could also have been freed. We need to hold rcu_read_lock() to make sure the dst and associated idev are alive. Fixes: 5796015fa968 ("ipv6: allocate enough headroom in ip6_finish_output2()") Signed-off-by: Eric Dumazet Cc: Vasily Averin Reviewed-by: David Ahern Link: https://patch.msgid.link/20240820160859.3786976-3-edumazet@google.com Signed-off-by: Jakub Kicinski Signed-off-by: Sasha Levin (cherry picked from commit e891b36de161fcd96f12ff83667473e5067b9037) Signed-off-by: Harshvardhan Jha --- net/ipv6/ip6_output.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/net/ipv6/ip6_output.c b/net/ipv6/ip6_output.c index a8475848d0382..48f926157ef8c 100644 --- a/net/ipv6/ip6_output.c +++ b/net/ipv6/ip6_output.c @@ -69,11 +69,15 @@ static int ip6_finish_output2(struct net *net, struct sock *sk, struct sk_buff * /* Be paranoid, rather than too clever. */ if (unlikely(hh_len > skb_headroom(skb)) && dev->header_ops) { + /* Make sure idev stays alive */ + rcu_read_lock(); skb = skb_expand_head(skb, hh_len); if (!skb) { IP6_INC_STATS(net, idev, IPSTATS_MIB_OUTDISCARDS); + rcu_read_unlock(); return -ENOMEM; } + rcu_read_unlock(); } hdr = ipv6_hdr(skb);