MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-08-22 00:42:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
v6.6.95
linux-yocto/include/net
History
Paul Chaignon f6393e5cb9 net: Fix checksum update for ILA adj-transport 
commit 6043b794c7 upstream.

During ILA address translations, the L4 checksums can be handled in
different ways. One of them, adj-transport, consist in parsing the
transport layer and updating any found checksum. This logic relies on
inet_proto_csum_replace_by_diff and produces an incorrect skb->csum when
in state CHECKSUM_COMPLETE.

This bug can be reproduced with a simple ILA to SIR mapping, assuming
packets are received with CHECKSUM_COMPLETE:

  $ ip a show dev eth0
  14: eth0@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
      link/ether 62:ae:35:9e:0f:8d brd ff:ff:ff:ff:ff:ff link-netnsid 0
      inet6 3333:0:0:1::c078/64 scope global
         valid_lft forever preferred_lft forever
      inet6 fd00:10:244:1::c078/128 scope global nodad
         valid_lft forever preferred_lft forever
      inet6 fe80::60ae:35ff:fe9e:f8d/64 scope link proto kernel_ll
         valid_lft forever preferred_lft forever
  $ ip ila add loc_match fd00:10:244:1 loc 3333:0:0:1 \
      csum-mode adj-transport ident-type luid dev eth0

Then I hit [fd00:10:244:1::c078]:8000 with a server listening only on
[3333:0:0:1::c078]:8000. With the bug, the SYN packet is dropped with
SKB_DROP_REASON_TCP_CSUM after inet_proto_csum_replace_by_diff changed
skb->csum. The translation and drop are visible on pwru [1] traces:

  IFACE   TUPLE                                                        FUNC
  eth0:9  [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp)  ipv6_rcv
  eth0:9  [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp)  ip6_rcv_core
  eth0:9  [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp)  nf_hook_slow
  eth0:9  [fd00:10:244:3::3d8]:51420->[fd00:10:244:1::c078]:8000(tcp)  inet_proto_csum_replace_by_diff
  eth0:9  [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp)     tcp_v6_early_demux
  eth0:9  [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp)     ip6_route_input
  eth0:9  [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp)     ip6_input
  eth0:9  [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp)     ip6_input_finish
  eth0:9  [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp)     ip6_protocol_deliver_rcu
  eth0:9  [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp)     raw6_local_deliver
  eth0:9  [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp)     ipv6_raw_deliver
  eth0:9  [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp)     tcp_v6_rcv
  eth0:9  [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp)     __skb_checksum_complete
  eth0:9  [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp)     kfree_skb_reason(SKB_DROP_REASON_TCP_CSUM)
  eth0:9  [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp)     skb_release_head_state
  eth0:9  [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp)     skb_release_data
  eth0:9  [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp)     skb_free_head
  eth0:9  [fd00:10:244:3::3d8]:51420->[3333:0:0:1::c078]:8000(tcp)     kfree_skbmem

This is happening because inet_proto_csum_replace_by_diff is updating
skb->csum when it shouldn't. The L4 checksum is updated such that it
"cancels" the IPv6 address change in terms of checksum computation, so
the impact on skb->csum is null.

Note this would be different for an IPv4 packet since three fields
would be updated: the IPv4 address, the IP checksum, and the L4
checksum. Two would cancel each other and skb->csum would still need
to be updated to take the L4 checksum change into account.

This patch fixes it by passing an ipv6 flag to
inet_proto_csum_replace_by_diff, to skip the skb->csum update if we're
in the IPv6 case. Note the behavior of the only other user of
inet_proto_csum_replace_by_diff, the BPF subsystem, is left as is in
this patch and fixed in the subsequent patch.

With the fix, using the reproduction from above, I can confirm
skb->csum is not touched by inet_proto_csum_replace_by_diff and the TCP
SYN proceeds to the application after the ILA translation.

Link: https://github.com/cilium/pwru [1]
Fixes: 65d7ab8de5 ("net: Identifier Locator Addressing module")
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://patch.msgid.link/b5539869e3550d46068504feb02d37653d939c0b.1748509484.git.paul.chaignon@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-06-27 11:09:00 +01:00
..
9p 9p: Add additional debug flags and open modes 2023-03-27 02:33:48 +00:00
bluetooth Bluetooth: MGMT: Protect mgmt_pending list with its own lock 2025-06-19 15:28:38 +02:00
caif net: caif: Remove unused declaration cfsrvl_ctrlcmd() 2023-08-10 18:24:48 -07:00
iucv
mana net: mana: Add support for page sizes other than 4KB on ARM64 2024-10-10 11:58:03 +02:00
netfilter netfilter: nf_tables: allow clone callbacks to sleep 2025-03-22 12:50:50 -07:00
netns netfilter: move the sysctl nf_hooks_lwtunnel into the netfilter core 2024-06-27 13:49:08 +02:00
nfc
page_pool page_pool: fix documentation typos 2023-10-04 14:22:27 -07:00
phonet net: ioctl: Use kernel memory on protocol ioctl callbacks 2023-06-15 22:33:26 -07:00
sctp sctp: detect and prevent references to a freed transport in sendmsg 2025-04-25 10:45:32 +02:00
tc_act net: sched: do not offload flows with a helper in act_ct 2023-11-28 17:19:54 +00:00
6lowpan.h
act_api.h net/sched: Rename user cookie and act cookie 2023-02-20 16:46:10 -08:00
addrconf.h ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr 2024-04-17 11:19:29 +02:00
af_ieee802154.h
af_rxrpc.h rxrpc: Fix timeout of a call that hasn't yet been granted a channel 2023-05-01 07:43:19 +01:00
af_unix.h af_unix: Try not to hold unix_gc_lock during accept(). 2025-06-04 14:42:23 +02:00
af_vsock.h vsock: fix recursive ->recvmsg calls 2024-08-29 17:33:21 +02:00
ah.h
amt.h
arp.h neighbour: switch to standard rcu, instead of rcu_bh 2023-03-21 21:32:18 -07:00
atmclip.h
ax25.h ax25: rcu protect dev->ax25_ptr 2025-02-08 09:51:55 +01:00
ax88796.h
bareudp.h
bond_3ad.h bonding: 3ad: Remove unused declaration bond_3ad_update_lacp_active() 2023-07-28 18:06:30 -07:00
bond_alb.h
bond_options.h bonding: add ns target multicast address to slave device 2024-11-22 15:38:33 +01:00
bonding.h bonding: change ipsec_lock from spin lock to mutex 2024-09-04 13:28:27 +02:00
bpf_sk_storage.h
busy_poll.h net: busy-poll: use ktime_get_ns() instead of local_clock() 2024-09-04 13:28:28 +02:00
calipso.h
cfg80211-wext.h
cfg80211.h wifi: cfg80211: add a flag to disable wireless extensions 2024-04-03 15:28:54 +02:00
cfg802154.h mac802154: fix llsec key resources release in mac802154_llsec_key_del 2024-04-03 15:28:27 +02:00
checksum.h net: Fix checksum update for ILA adj-transport 2025-06-27 11:09:00 +01:00
cipso_ipv4.h
cls_cgroup.h
codel_impl.h
codel_qdisc.h
codel.h codel: fix kernel-doc notation warnings 2023-07-14 20:39:29 -07:00
compat.h
datalink.h net: datalink: Remove unused declarations 2023-07-27 17:17:32 -07:00
dcbevent.h
dcbnl.h net: dcb: add helper functions to retrieve PCP and DSCP rewrite maps 2023-01-20 09:33:22 +00:00
devlink.h devlink: Expose port function commands to control IPsec packet offloads 2023-08-27 17:08:45 -07:00
dropreason-core.h net: add skb_queue_purge_reason and __skb_queue_purge_reason 2023-08-19 15:30:15 +01:00
dropreason.h net: openvswitch: add last-action drop reason 2023-08-14 08:01:06 +01:00
dsa_stubs.h net: dsa: replace NETDEV_PRE_CHANGE_HWTSTAMP notifier with a stub 2023-04-09 15:35:49 +01:00
dsa.h net: dsa: remove legacy_pre_march2020 detection 2023-07-18 09:47:08 +02:00
dsfield.h
dst_cache.h
dst_metadata.h
dst_ops.h net: fix __dst_negative_advice() race 2024-06-16 13:47:44 +02:00
dst.h include: net: add static inline dst_dev_overhead() to dst.h 2025-03-07 16:45:42 +01:00
erspan.h
esp.h
espintcp.h
ethoc.h
failover.h
fib_notifier.h
fib_rules.h
firewire.h
flow_dissector.h net: flow_dissector: Add IPSEC dissector 2023-08-02 10:09:31 +01:00
flow_offload.h tc: flower: Enable offload support IPSEC SPI field. 2023-08-02 10:09:32 +01:00
flow.h inet: shrink struct flowi_common 2023-11-20 11:59:34 +01:00
fou.h bpf,fou: Add bpf_skb_{set,get}_fou_encap kfuncs 2023-04-12 16:40:39 -07:00
fq_impl.h
fq.h net: fq: Remove unused typedef fq_flow_get_default_t 2023-08-08 15:58:23 -07:00
garp.h
gen_stats.h
genetlink.h genetlink: hold RCU in genlmsg_mcast() 2024-11-01 01:58:23 +01:00
geneve.h
gre.h
gro_cells.h
gro.h net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb 2024-05-17 12:02:07 +02:00
gso.h net: move gso declarations and functions to their own files 2023-06-10 00:11:41 -07:00
gtp.h
gue.h
handshake.h net/handshake: Add helpers for parsing incoming TLS Alerts 2023-07-28 14:07:59 -07:00
hwbm.h
icmp.h
ieee80211_radiotap.h wifi: radiotap: Avoid -Wflex-array-member-not-at-end warnings 2024-12-09 10:31:35 +01:00
ieee802154_netdev.h mac802154: Handle received BEACON_REQ 2023-03-23 21:51:30 +01:00
if_inet6.h net: ipv6: support reporting otherwise unknown prefix flags in RTM_NEWPREFIX 2023-12-20 17:01:45 +01:00
ife.h
inet_common.h net: factor out __inet_listen_sk() helper 2023-08-14 07:06:13 +01:00
inet_connection_sock.h tcp/dccp: allow a connection when sk_max_ack_backlog is zero 2025-01-17 13:36:12 +01:00
inet_dscp.h
inet_ecn.h
inet_frag.h net: Rename mono_delivery_time to tstamp_type for scalabilty 2025-05-09 09:43:57 +02:00
inet_hashtables.h net: Fix slab-out-of-bounds in inet[6]_steal_sock 2023-08-15 13:57:51 -07:00
inet_sock.h udp: fix busy polling 2024-01-31 16:19:01 -08:00
inet_timewait_sock.h tcp/dccp: do not care about families in inet_twsk_purge() 2024-08-29 17:33:46 +02:00
inet6_connection_sock.h
inet6_hashtables.h net: Fix slab-out-of-bounds in inet[6]_steal_sock 2023-08-15 13:57:51 -07:00
inetpeer.h inetpeer: remove create argument of inet_getpeer() 2025-02-08 09:51:53 +01:00
ioam6.h
ip_fib.h ipv4: Fix incorrect TOS in route get reply 2024-08-03 08:54:05 +02:00
ip_tunnels.h ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() 2024-11-08 16:28:18 +01:00
ip_vs.h ipvs: Correct spelling in comments 2023-04-22 01:39:41 +02:00
ip.h ipv4: Convert ip_route_input() to dscp_t. 2025-03-07 16:45:39 +01:00
ip6_checksum.h
ip6_fib.h ipv6: introduce dst_rt6_info() helper 2024-12-14 19:59:35 +01:00
ip6_route.h ipv6: introduce dst_rt6_info() helper 2024-12-14 19:59:35 +01:00
ip6_tunnel.h
ipcomp.h
ipconfig.h
ipv6_frag.h
ipv6_stubs.h bpf: Derive source IP addr via bpf_*_fib_lookup() 2024-03-01 13:35:04 +01:00
ipv6.h tcp: Fix bind() regression for v4-mapped-v6 wildcard address. 2023-09-13 07:18:04 +01:00
iw_handler.h wifi: wext: Remove unused declaration dev_get_wireless_info() 2023-08-22 21:40:40 +02:00
kcm.h kcm: Serialise kcm_sendmsg() for the same socket. 2024-08-29 17:33:46 +02:00
l3mdev.h vrf: use RCU protection in l3mdev_l3_out() 2025-02-21 13:57:07 +01:00
lag.h
lapb.h net: lapb: increase LAPB_HEADER_LEN 2024-12-19 18:11:28 +01:00
lib80211.h
llc_c_ac.h net: llc: Remove unused function declarations 2023-08-04 15:33:17 -07:00
llc_c_ev.h net: llc: Remove unused function declarations 2023-08-04 15:33:17 -07:00
llc_c_st.h
llc_conn.h llc: Check netns in llc_estab_match() and llc_listener_match(). 2023-07-20 10:46:28 +02:00
llc_if.h
llc_pdu.h llc: Drop support for ETH_P_TR_802_2. 2024-01-31 16:19:01 -08:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
lwtunnel.h lwt: Check LWTUNNEL_XMIT_CONTINUE strictly 2023-08-18 16:05:26 +02:00
mac80211.h wifi: mac80211: Add non-atomic station iterator 2025-01-09 13:31:42 +01:00
mac802154.h
macsec.h macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads 2024-05-02 16:32:50 +02:00
mctp.h mctp: Handle error of rtnl_register_module(). 2024-10-17 15:24:29 +02:00
mctpdevice.h
mip6.h
mld.h
mpls_iptunnel.h
mpls.h
mptcp.h mptcp: add struct mptcp_sched_ops 2023-08-22 17:31:18 -07:00
mrp.h
ncsi.h
ndisc.h ndisc: Remove unused ndisc_ifinfo_sysctl_strategy() declaration 2023-08-07 08:53:55 +01:00
neighbour.h neighbour: Fix __randomize_layout crash in struct neighbour 2023-12-08 08:52:23 +01:00
net_debug.h Rename .data.once to .data..once to fix resetting WARN*_ONCE 2024-12-09 10:32:59 +01:00
net_failover.h
net_namespace.h net: add dev_net_rcu() helper 2025-02-21 13:57:20 +01:00
net_ratelimit.h
net_trackers.h
netdev_queues.h net: netdev_queue: netdev_txq_completed_mb(): fix wake condition 2024-01-25 15:35:57 -08:00
netdev_rx_queue.h net: move struct netdev_rx_queue out of netdevice.h 2023-08-03 08:38:07 -07:00
netevent.h
netlabel.h
netlink.h netlink: allow be16 and be32 types in all uint policy checks 2023-07-27 13:45:51 +02:00
netprio_cgroup.h
netrom.h
nexthop.h ipv6: remove nexthop_fib6_nh_bh() 2023-05-11 18:07:05 -07:00
nl802154.h ieee802154: Add support for user beaconing requests 2023-01-28 13:51:22 +01:00
nsh.h net: NSH: fix kernel-doc notation warning 2023-07-14 20:39:29 -07:00
p8022.h net: 802: Remove unused function declarations 2023-08-04 15:33:50 -07:00
pie.h pie: fix kernel-doc notation warning 2023-07-14 20:39:30 -07:00
ping.h net/ipv4: ping_group_range: allow GID from 2147483648 to 4294967294 2023-06-02 09:55:22 +01:00
pkt_cls.h net: pkt_cls: Remove unused inline helpers 2023-08-07 08:53:54 +01:00
pkt_sched.h net/sched: make psched_mtu() RTNL-less safe 2023-07-12 15:59:33 -07:00
pptp.h
protocol.h
psample.h
psnap.h
raw.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-04-06 12:01:20 -07:00
rawv6.h ipv6: raw: constify raw_v6_match() socket argument 2023-03-17 08:56:37 +00:00
red.h
regulatory.h wifi: cfg80211: fix regulatory disconnect with OCB/NAN 2023-06-19 12:05:29 +02:00
request_sock.h
rose.h
route.h ipv4: Convert ip_route_input() to dscp_t. 2025-03-07 16:45:39 +01:00
rpl.h ipv6: rpl: Remove pskb(_may)?_pull() in ipv6_rpl_srh_rcv(). 2023-06-19 11:32:58 -07:00
rsi_91x.h rsi: remove kernel-doc comment marker 2023-07-14 20:39:30 -07:00
rtnetlink.h rtnetlink: add RTNL_FLAG_DUMP_UNLOCKED flag 2024-10-17 15:24:29 +02:00
rtnh.h
sch_generic.h net_sched: Flush gso_skb list too during ->change() 2025-05-22 14:12:15 +02:00
scm.h af_unix: Add dead flag to struct scm_fp_list. 2025-06-04 14:42:24 +02:00
secure_seq.h
seg6_hmac.h
seg6_local.h
seg6.h
selftests.h
slhc_vj.h
smc.h net/smc: add operations to merge sndbuf with peer DMB 2024-12-14 19:59:37 +01:00
snmp.h
sock_reuseport.h
sock.h net: Fix TOCTOU issue in sk_is_readable() 2025-06-19 15:28:41 +02:00
Space.h net: Space.h: Remove unused function declarations 2023-08-03 18:10:10 -07:00
stp.h
strparser.h strparser: Add read_sock callback 2025-02-27 04:10:50 -08:00
switchdev.h net: bridge: switchdev: Skip MDB replays of deferred events on offload 2024-03-01 13:35:06 +01:00
tc_wrapper.h net/sched: Retire rsvp classifier 2023-02-16 09:27:07 +01:00
tcp_states.h
tcp.h bpf: Fix wrong copied_seq calculation 2025-02-27 04:10:50 -08:00
tcx.h bpf: Fix too early release of tcx_entry 2024-07-18 13:21:12 +02:00
timewait_sock.h
tipc.h
tls_prot.h net/tls: Add TLS Alert definitions 2023-07-28 14:07:59 -07:00
tls_toe.h
tls.h bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx 2024-11-17 15:08:57 +01:00
transp_v6.h inet6: Remove unused function declaration udpv6_connect() 2023-08-01 15:06:27 -07:00
tso.h
tun_proto.h
udp_tunnel.h udp: lockless UDP_ENCAP_L2TPINUDP / UDP_GRO 2023-11-20 11:58:56 +01:00
udp.h udp/udplite: Remove unused function declarations udp{,lite}_get_port() 2023-08-07 08:53:55 +01:00
udplite.h udplite: fix various data-races 2023-11-20 11:58:56 +01:00
vsock_addr.h
vxlan.h vxlan: Fix nexthop hash size 2023-08-02 10:58:26 +01:00
wext.h
x25.h x25: preserve const qualifier in [a]x25_sk() 2023-03-18 12:23:34 +00:00
x25device.h
xdp_priv.h
xdp_sock_drv.h xsk: fix usage of multi-buffer BPF helpers for ZC XDP 2024-01-31 16:19:04 -08:00
xdp_sock.h xsk: add multi-buffer support for sockets sharing umem 2024-01-10 17:16:54 +01:00
xdp.h xdp: Reset bpf_redirect_info before running a xdp's BPF prog. 2025-04-25 10:45:57 +02:00
xfrm.h espintcp: remove encap socket caching to avoid reference leak 2025-06-04 14:42:17 +02:00
xsk_buff_pool.h xsk: support mbuf on ZC RX 2023-07-19 09:56:49 -07:00