* [PATCH net 0/2] tunnels: fix ipv4 pmtu icmp checksum
@ 2023-08-03 15:26 Florian Westphal
2023-08-03 15:26 ` [PATCH net 1/2] tunnels: fix kasan splat when generating ipv4 pmtu error Florian Westphal
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Florian Westphal @ 2023-08-03 15:26 UTC (permalink / raw
To: netdev
Cc: sbrivio, David S. Miller, dsahern, Eric Dumazet, Jakub Kicinski,
Paolo Abeni, shuah, Florian Westphal
The checksum of the generated ipv4 icmp pmtud message is
only correct if the skb that causes the icmp error generation
is linear.
Fix this and add a selftest for this.
Florian Westphal (2):
tunnels: fix kasan splat when generating ipv4 pmtu error
selftests: net: test vxlan pmtu exceptions with tcp
net/ipv4/ip_tunnel_core.c | 2 +-
tools/testing/selftests/net/pmtu.sh | 35 +++++++++++++++++++++++++++++
2 files changed, 36 insertions(+), 1 deletion(-)
--
2.41.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH net 1/2] tunnels: fix kasan splat when generating ipv4 pmtu error
2023-08-03 15:26 [PATCH net 0/2] tunnels: fix ipv4 pmtu icmp checksum Florian Westphal
@ 2023-08-03 15:26 ` Florian Westphal
2023-08-05 7:07 ` Simon Horman
2023-08-03 15:26 ` [PATCH net 2/2] selftests: net: test vxlan pmtu exceptions with tcp Florian Westphal
2023-08-05 1:30 ` [PATCH net 0/2] tunnels: fix ipv4 pmtu icmp checksum patchwork-bot+netdevbpf
2 siblings, 1 reply; 5+ messages in thread
From: Florian Westphal @ 2023-08-03 15:26 UTC (permalink / raw
To: netdev
Cc: sbrivio, David S. Miller, dsahern, Eric Dumazet, Jakub Kicinski,
Paolo Abeni, shuah, Florian Westphal
If we try to emit an icmp error in response to a nonliner skb, we get
BUG: KASAN: slab-out-of-bounds in ip_compute_csum+0x134/0x220
Read of size 4 at addr ffff88811c50db00 by task iperf3/1691
CPU: 2 PID: 1691 Comm: iperf3 Not tainted 6.5.0-rc3+ #309
[..]
kasan_report+0x105/0x140
ip_compute_csum+0x134/0x220
iptunnel_pmtud_build_icmp+0x554/0x1020
skb_tunnel_check_pmtu+0x513/0xb80
vxlan_xmit_one+0x139e/0x2ef0
vxlan_xmit+0x1867/0x2760
dev_hard_start_xmit+0x1ee/0x4f0
br_dev_queue_push_xmit+0x4d1/0x660
[..]
ip_compute_csum() cannot deal with nonlinear skbs, so avoid it.
After this change, splat is gone and iperf3 is no longer stuck.
Fixes: 4cb47a8644cc ("tunnels: PMTU discovery support for directly bridged IP packets")
Signed-off-by: Florian Westphal <fw@strlen.de>
---
net/ipv4/ip_tunnel_core.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c
index 92c02c886fe7..586b1b3e35b8 100644
--- a/net/ipv4/ip_tunnel_core.c
+++ b/net/ipv4/ip_tunnel_core.c
@@ -224,7 +224,7 @@ static int iptunnel_pmtud_build_icmp(struct sk_buff *skb, int mtu)
.un.frag.__unused = 0,
.un.frag.mtu = htons(mtu),
};
- icmph->checksum = ip_compute_csum(icmph, len);
+ icmph->checksum = csum_fold(skb_checksum(skb, 0, len, 0));
skb_reset_transport_header(skb);
niph = skb_push(skb, sizeof(*niph));
--
2.41.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [PATCH net 2/2] selftests: net: test vxlan pmtu exceptions with tcp
2023-08-03 15:26 [PATCH net 0/2] tunnels: fix ipv4 pmtu icmp checksum Florian Westphal
2023-08-03 15:26 ` [PATCH net 1/2] tunnels: fix kasan splat when generating ipv4 pmtu error Florian Westphal
@ 2023-08-03 15:26 ` Florian Westphal
2023-08-05 1:30 ` [PATCH net 0/2] tunnels: fix ipv4 pmtu icmp checksum patchwork-bot+netdevbpf
2 siblings, 0 replies; 5+ messages in thread
From: Florian Westphal @ 2023-08-03 15:26 UTC (permalink / raw
To: netdev
Cc: sbrivio, David S. Miller, dsahern, Eric Dumazet, Jakub Kicinski,
Paolo Abeni, shuah, Florian Westphal
TCP might get stuck if a nonlinear skb exceeds the path MTU,
icmp error contains an incorrect icmp checksum in that case.
Extend the existing test for vxlan to also send at least 1MB worth of
data via TCP in addition to the existing 'large icmp packet adds
route exception'.
On my test VM this fails due to 0-size output file without
"tunnels: fix kasan splat when generating ipv4 pmtu error".
Signed-off-by: Florian Westphal <fw@strlen.de>
---
tools/testing/selftests/net/pmtu.sh | 35 +++++++++++++++++++++++++++++
1 file changed, 35 insertions(+)
diff --git a/tools/testing/selftests/net/pmtu.sh b/tools/testing/selftests/net/pmtu.sh
index dfe3d287f01d..f838dd370f6a 100755
--- a/tools/testing/selftests/net/pmtu.sh
+++ b/tools/testing/selftests/net/pmtu.sh
@@ -361,6 +361,7 @@ err_buf=
tcpdump_pids=
nettest_pids=
socat_pids=
+tmpoutfile=
err() {
err_buf="${err_buf}${1}
@@ -951,6 +952,7 @@ cleanup() {
ip link del veth_A-R1 2>/dev/null
ovs-vsctl --if-exists del-port vxlan_a 2>/dev/null
ovs-vsctl --if-exists del-br ovs_br0 2>/dev/null
+ rm -f "$tmpoutfile"
}
mtu() {
@@ -1328,6 +1330,39 @@ test_pmtu_ipvX_over_bridged_vxlanY_or_geneveY_exception() {
check_pmtu_value ${exp_mtu} "${pmtu}" "exceeding link layer MTU on bridged ${type} interface"
pmtu="$(route_get_dst_pmtu_from_exception "${ns_a}" ${dst})"
check_pmtu_value ${exp_mtu} "${pmtu}" "exceeding link layer MTU on locally bridged ${type} interface"
+
+ tmpoutfile=$(mktemp)
+
+ # Flush Exceptions, retry with TCP
+ run_cmd ${ns_a} ip route flush cached ${dst}
+ run_cmd ${ns_b} ip route flush cached ${dst}
+ run_cmd ${ns_c} ip route flush cached ${dst}
+
+ for target in "${ns_a}" "${ns_c}" ; do
+ if [ ${family} -eq 4 ]; then
+ TCPDST=TCP:${dst}:50000
+ else
+ TCPDST="TCP:[${dst}]:50000"
+ fi
+ ${ns_b} socat -T 3 -u -6 TCP-LISTEN:50000 STDOUT > $tmpoutfile &
+
+ sleep 1
+
+ dd if=/dev/zero of=/dev/stdout status=none bs=1M count=1 | ${target} socat -T 3 -u STDIN $TCPDST,connect-timeout=3
+
+ size=$(du -sb $tmpoutfile)
+ size=${size%%/tmp/*}
+
+ [ $size -ne 1048576 ] && err "File size $size mismatches exepcted value in locally bridged vxlan test" && return 1
+ done
+
+ rm -f "$tmpoutfile"
+
+ # Check that exceptions were created
+ pmtu="$(route_get_dst_pmtu_from_exception "${ns_c}" ${dst})"
+ check_pmtu_value ${exp_mtu} "${pmtu}" "tcp: exceeding link layer MTU on bridged ${type} interface"
+ pmtu="$(route_get_dst_pmtu_from_exception "${ns_a}" ${dst})"
+ check_pmtu_value ${exp_mtu} "${pmtu}" "tcp exceeding link layer MTU on locally bridged ${type} interface"
}
test_pmtu_ipv4_br_vxlan4_exception() {
--
2.41.0
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH net 0/2] tunnels: fix ipv4 pmtu icmp checksum
2023-08-03 15:26 [PATCH net 0/2] tunnels: fix ipv4 pmtu icmp checksum Florian Westphal
2023-08-03 15:26 ` [PATCH net 1/2] tunnels: fix kasan splat when generating ipv4 pmtu error Florian Westphal
2023-08-03 15:26 ` [PATCH net 2/2] selftests: net: test vxlan pmtu exceptions with tcp Florian Westphal
@ 2023-08-05 1:30 ` patchwork-bot+netdevbpf
2 siblings, 0 replies; 5+ messages in thread
From: patchwork-bot+netdevbpf @ 2023-08-05 1:30 UTC (permalink / raw
To: Florian Westphal
Cc: netdev, sbrivio, davem, dsahern, edumazet, kuba, pabeni, shuah
Hello:
This series was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@kernel.org>:
On Thu, 3 Aug 2023 17:26:48 +0200 you wrote:
> The checksum of the generated ipv4 icmp pmtud message is
> only correct if the skb that causes the icmp error generation
> is linear.
>
> Fix this and add a selftest for this.
>
> Florian Westphal (2):
> tunnels: fix kasan splat when generating ipv4 pmtu error
> selftests: net: test vxlan pmtu exceptions with tcp
>
> [...]
Here is the summary with links:
- [net,1/2] tunnels: fix kasan splat when generating ipv4 pmtu error
https://git.kernel.org/netdev/net/c/6a7ac3d20593
- [net,2/2] selftests: net: test vxlan pmtu exceptions with tcp
https://git.kernel.org/netdev/net/c/136a1b434bbb
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH net 1/2] tunnels: fix kasan splat when generating ipv4 pmtu error
2023-08-03 15:26 ` [PATCH net 1/2] tunnels: fix kasan splat when generating ipv4 pmtu error Florian Westphal
@ 2023-08-05 7:07 ` Simon Horman
0 siblings, 0 replies; 5+ messages in thread
From: Simon Horman @ 2023-08-05 7:07 UTC (permalink / raw
To: Florian Westphal
Cc: netdev, sbrivio, David S. Miller, dsahern, Eric Dumazet,
Jakub Kicinski, Paolo Abeni, shuah
On Thu, Aug 03, 2023 at 05:26:49PM +0200, Florian Westphal wrote:
> If we try to emit an icmp error in response to a nonliner skb, we get
>
> BUG: KASAN: slab-out-of-bounds in ip_compute_csum+0x134/0x220
> Read of size 4 at addr ffff88811c50db00 by task iperf3/1691
> CPU: 2 PID: 1691 Comm: iperf3 Not tainted 6.5.0-rc3+ #309
> [..]
> kasan_report+0x105/0x140
> ip_compute_csum+0x134/0x220
> iptunnel_pmtud_build_icmp+0x554/0x1020
> skb_tunnel_check_pmtu+0x513/0xb80
> vxlan_xmit_one+0x139e/0x2ef0
> vxlan_xmit+0x1867/0x2760
> dev_hard_start_xmit+0x1ee/0x4f0
> br_dev_queue_push_xmit+0x4d1/0x660
> [..]
>
> ip_compute_csum() cannot deal with nonlinear skbs, so avoid it.
> After this change, splat is gone and iperf3 is no longer stuck.
Hi Florian,
I wonder if there are other cases lurking elsewhere.
Did you happen to take a look at that?
> Fixes: 4cb47a8644cc ("tunnels: PMTU discovery support for directly bridged IP packets")
> Signed-off-by: Florian Westphal <fw@strlen.de>
> ---
> net/ipv4/ip_tunnel_core.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c
> index 92c02c886fe7..586b1b3e35b8 100644
> --- a/net/ipv4/ip_tunnel_core.c
> +++ b/net/ipv4/ip_tunnel_core.c
> @@ -224,7 +224,7 @@ static int iptunnel_pmtud_build_icmp(struct sk_buff *skb, int mtu)
> .un.frag.__unused = 0,
> .un.frag.mtu = htons(mtu),
> };
> - icmph->checksum = ip_compute_csum(icmph, len);
> + icmph->checksum = csum_fold(skb_checksum(skb, 0, len, 0));
> skb_reset_transport_header(skb);
>
> niph = skb_push(skb, sizeof(*niph));
> --
> 2.41.0
>
>
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2023-08-05 7:07 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-08-03 15:26 [PATCH net 0/2] tunnels: fix ipv4 pmtu icmp checksum Florian Westphal
2023-08-03 15:26 ` [PATCH net 1/2] tunnels: fix kasan splat when generating ipv4 pmtu error Florian Westphal
2023-08-05 7:07 ` Simon Horman
2023-08-03 15:26 ` [PATCH net 2/2] selftests: net: test vxlan pmtu exceptions with tcp Florian Westphal
2023-08-05 1:30 ` [PATCH net 0/2] tunnels: fix ipv4 pmtu icmp checksum patchwork-bot+netdevbpf
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).