[SRU,F/E/B/X,v2,0/2] ipsec interfaces: fix sending with bpf_redirect() / AF_PACKET sockets
mbox series

Message ID 20200212180729.10428-1-kelsey.skunberg@canonical.com
Headers show
Series
  • ipsec interfaces: fix sending with bpf_redirect() / AF_PACKET sockets
Related show

Message

Kelsey Skunberg Feb. 12, 2020, 6:07 p.m. UTC
BugLink: https://bugs.launchpad.net/bugs/1860969

SRU Justification:

[Impact]
Packets sent to a vti[6]/xfrm interface via bpf_redirect() or via an AF_PACKET
socket are dropped (no carrier). 

The bug exists since the beginning of each driver.

[Fix]
This has been fixed in v5.5 by the following upstream commits
 - 95224166a903 ("vti[6]: fix packet tx through bpf_redirect()")
 - f042365dbffe ("xfrm interface: fix packet tx through bpf_redirect()")

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=95224166a903
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f042365dbffe

Backport the requested patches to Eoan (5.3), Bionic (4.15) and
Xenial (4.4).

Patches have already been applied to 5.4 focal tree through upstream stable
updates.

[Testcase]
Can be reproduced and tested with an AF_PACKET socket and python script which
is included in both mentioned patches.

[Risk of Regression]
This patch affects only the cases described above (when no dst is attached
to the skb), thus the risk should be low.

Changes in v2:
  - organize SRU Justification information to be listed under proper
    catergories 
  - limit lines to 80 characters 

Nicolas Dichtel (2):
  vti[6]: fix packet tx through bpf_redirect()
  xfrm interface: fix packet tx through bpf_redirect()

 net/ipv4/ip_vti.c         | 13 +++++++++++--
 net/ipv6/ip6_vti.c        | 13 +++++++++++--
 net/xfrm/xfrm_interface.c | 32 +++++++++++++++++++++++++-------
 3 files changed, 47 insertions(+), 11 deletions(-)

Comments

Kamal Mostafa Feb. 12, 2020, 6:20 p.m. UTC | #1
LGTM.

Acked-by: Kamal Mostafa <kamal@canonical.com>

 -Kamal

On Wed, Feb 12, 2020 at 11:07:27AM -0700, Kelsey Skunberg wrote:
> BugLink: https://bugs.launchpad.net/bugs/1860969
> 
> SRU Justification:
> 
> [Impact]
> Packets sent to a vti[6]/xfrm interface via bpf_redirect() or via an AF_PACKET
> socket are dropped (no carrier). 
> 
> The bug exists since the beginning of each driver.
> 
> [Fix]
> This has been fixed in v5.5 by the following upstream commits
>  - 95224166a903 ("vti[6]: fix packet tx through bpf_redirect()")
>  - f042365dbffe ("xfrm interface: fix packet tx through bpf_redirect()")
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=95224166a903
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f042365dbffe
> 
> Backport the requested patches to Eoan (5.3), Bionic (4.15) and
> Xenial (4.4).
> 
> Patches have already been applied to 5.4 focal tree through upstream stable
> updates.
> 
> [Testcase]
> Can be reproduced and tested with an AF_PACKET socket and python script which
> is included in both mentioned patches.
> 
> [Risk of Regression]
> This patch affects only the cases described above (when no dst is attached
> to the skb), thus the risk should be low.
> 
> Changes in v2:
>   - organize SRU Justification information to be listed under proper
>     catergories 
>   - limit lines to 80 characters 
> 
> Nicolas Dichtel (2):
>   vti[6]: fix packet tx through bpf_redirect()
>   xfrm interface: fix packet tx through bpf_redirect()
> 
>  net/ipv4/ip_vti.c         | 13 +++++++++++--
>  net/ipv6/ip6_vti.c        | 13 +++++++++++--
>  net/xfrm/xfrm_interface.c | 32 +++++++++++++++++++++++++-------
>  3 files changed, 47 insertions(+), 11 deletions(-)
> 
> -- 
> 2.20.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Kleber Souza Feb. 13, 2020, 5:38 p.m. UTC | #2
On 12.02.20 19:07, Kelsey Skunberg wrote:
> BugLink: https://bugs.launchpad.net/bugs/1860969
> 
> SRU Justification:
> 
> [Impact]
> Packets sent to a vti[6]/xfrm interface via bpf_redirect() or via an AF_PACKET
> socket are dropped (no carrier). 
> 
> The bug exists since the beginning of each driver.
> 
> [Fix]
> This has been fixed in v5.5 by the following upstream commits
>  - 95224166a903 ("vti[6]: fix packet tx through bpf_redirect()")
>  - f042365dbffe ("xfrm interface: fix packet tx through bpf_redirect()")
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=95224166a903
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f042365dbffe
> 
> Backport the requested patches to Eoan (5.3), Bionic (4.15) and
> Xenial (4.4).
> 
> Patches have already been applied to 5.4 focal tree through upstream stable
> updates.
> 
> [Testcase]
> Can be reproduced and tested with an AF_PACKET socket and python script which
> is included in both mentioned patches.
> 
> [Risk of Regression]
> This patch affects only the cases described above (when no dst is attached
> to the skb), thus the risk should be low.
> 
> Changes in v2:
>   - organize SRU Justification information to be listed under proper
>     catergories 
>   - limit lines to 80 characters 
> 
> Nicolas Dichtel (2):
>   vti[6]: fix packet tx through bpf_redirect()
>   xfrm interface: fix packet tx through bpf_redirect()
> 
>  net/ipv4/ip_vti.c         | 13 +++++++++++--
>  net/ipv6/ip6_vti.c        | 13 +++++++++++--
>  net/xfrm/xfrm_interface.c | 32 +++++++++++++++++++++++++-------
>  3 files changed, 47 insertions(+), 11 deletions(-)
> 

Acked-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Khaled Elmously Feb. 14, 2020, 6:57 a.m. UTC | #3
Maybe I'm doing something wrong, but I can't seem to apply either one, or both, patches to all of X, B and E.

Kelsey, could you please double check that both patches apply to all of the series to which you're nominating them?



On 2020-02-10 09:59:15 , Kelsey Skunberg wrote:
> BugLink: https://bugs.launchpad.net/bugs/1860969
> 
> [SRU Justification]
> 
> [Impact]
> 
> Packets sent to a vti[6]/xfrm interface via bpf_redirect() or via an AF_PACKET socket are dropped (no carrier).
> 
> This has been fixed in v5.5 by the following upstream commits
>  - 95224166a903 ("vti[6]: fix packet tx through bpf_redirect()")
>  - f042365dbffe ("xfrm interface: fix packet tx through bpf_redirect()")
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=95224166a903
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f042365dbffe
> 
> The bug exists since the beginning of each driver.
> 
> == Fix ==
> 
> Backport the requested patches to Focal (5.4), Eoan (5.3), Bionic (4.15) and
> Xenial (4.4).
> 
> == Risk of Regression ==
> 
> This patch affects only the cases described above (when no dst is attached to the skb), thus the risk should be low.
> 
> Nicolas Dichtel (2):
>   vti[6]: fix packet tx through bpf_redirect()
>   xfrm interface: fix packet tx through bpf_redirect()
> 
>  net/ipv4/ip_vti.c         | 13 +++++++++++--
>  net/ipv6/ip6_vti.c        | 13 +++++++++++--
>  net/xfrm/xfrm_interface.c | 32 +++++++++++++++++++++++++-------
>  3 files changed, 47 insertions(+), 11 deletions(-)
> 
> -- 
> 2.20.1
> 
> 
> -- 
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Kleber Souza Feb. 14, 2020, 12:57 p.m. UTC | #4
On 12.02.20 19:07, Kelsey Skunberg wrote:
> BugLink: https://bugs.launchpad.net/bugs/1860969
> 
> SRU Justification:
> 
> [Impact]
> Packets sent to a vti[6]/xfrm interface via bpf_redirect() or via an AF_PACKET
> socket are dropped (no carrier). 
> 
> The bug exists since the beginning of each driver.
> 
> [Fix]
> This has been fixed in v5.5 by the following upstream commits
>  - 95224166a903 ("vti[6]: fix packet tx through bpf_redirect()")
>  - f042365dbffe ("xfrm interface: fix packet tx through bpf_redirect()")
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=95224166a903
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f042365dbffe
> 
> Backport the requested patches to Eoan (5.3), Bionic (4.15) and
> Xenial (4.4).
> 
> Patches have already been applied to 5.4 focal tree through upstream stable
> updates.
> 
> [Testcase]
> Can be reproduced and tested with an AF_PACKET socket and python script which
> is included in both mentioned patches.
> 
> [Risk of Regression]
> This patch affects only the cases described above (when no dst is attached
> to the skb), thus the risk should be low.
> 
> Changes in v2:
>   - organize SRU Justification information to be listed under proper
>     catergories 
>   - limit lines to 80 characters 
> 
> Nicolas Dichtel (2):
>   vti[6]: fix packet tx through bpf_redirect()
>   xfrm interface: fix packet tx through bpf_redirect()
> 
>  net/ipv4/ip_vti.c         | 13 +++++++++++--
>  net/ipv6/ip6_vti.c        | 13 +++++++++++--
>  net/xfrm/xfrm_interface.c | 32 +++++++++++++++++++++++++-------
>  3 files changed, 47 insertions(+), 11 deletions(-)
> 

Hi Kelsey,

These patches can be applied cleanly to Eoan, but they don't apply
to Bionic and Xenial. On these two series, the file changed by
patch 2/2 (net/xfrm/xfrm_interface.c) doesn't even exist. This mean
that these patches need to be backported for these older series.

So I will apply the patches to Eoan (reply message coming shortly)
and will NAK for Bionic and Xenial.


Thanks,
Kleber
Kleber Souza Feb. 14, 2020, 12:59 p.m. UTC | #5
On 12.02.20 19:07, Kelsey Skunberg wrote:
> BugLink: https://bugs.launchpad.net/bugs/1860969
> 
> SRU Justification:
> 
> [Impact]
> Packets sent to a vti[6]/xfrm interface via bpf_redirect() or via an AF_PACKET
> socket are dropped (no carrier). 
> 
> The bug exists since the beginning of each driver.
> 
> [Fix]
> This has been fixed in v5.5 by the following upstream commits
>  - 95224166a903 ("vti[6]: fix packet tx through bpf_redirect()")
>  - f042365dbffe ("xfrm interface: fix packet tx through bpf_redirect()")
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=95224166a903
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f042365dbffe
> 
> Backport the requested patches to Eoan (5.3), Bionic (4.15) and
> Xenial (4.4).
> 
> Patches have already been applied to 5.4 focal tree through upstream stable
> updates.
> 
> [Testcase]
> Can be reproduced and tested with an AF_PACKET socket and python script which
> is included in both mentioned patches.
> 
> [Risk of Regression]
> This patch affects only the cases described above (when no dst is attached
> to the skb), thus the risk should be low.
> 
> Changes in v2:
>   - organize SRU Justification information to be listed under proper
>     catergories 
>   - limit lines to 80 characters 
> 
> Nicolas Dichtel (2):
>   vti[6]: fix packet tx through bpf_redirect()
>   xfrm interface: fix packet tx through bpf_redirect()
> 
>  net/ipv4/ip_vti.c         | 13 +++++++++++--
>  net/ipv6/ip6_vti.c        | 13 +++++++++++--
>  net/xfrm/xfrm_interface.c | 32 +++++++++++++++++++++++++-------
>  3 files changed, 47 insertions(+), 11 deletions(-)
> 

Applied *only* to eoan/linux.

Thanks,
Kleber
Seth Forshee Feb. 19, 2020, 4:12 p.m. UTC | #6
On Wed, Feb 12, 2020 at 11:07:27AM -0700, Kelsey Skunberg wrote:
> BugLink: https://bugs.launchpad.net/bugs/1860969
> 
> SRU Justification:
> 
> [Impact]
> Packets sent to a vti[6]/xfrm interface via bpf_redirect() or via an AF_PACKET
> socket are dropped (no carrier). 
> 
> The bug exists since the beginning of each driver.
> 
> [Fix]
> This has been fixed in v5.5 by the following upstream commits
>  - 95224166a903 ("vti[6]: fix packet tx through bpf_redirect()")
>  - f042365dbffe ("xfrm interface: fix packet tx through bpf_redirect()")
> 
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=95224166a903
> https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f042365dbffe
> 
> Backport the requested patches to Eoan (5.3), Bionic (4.15) and
> Xenial (4.4).
> 
> Patches have already been applied to 5.4 focal tree through upstream stable
> updates.
> 
> [Testcase]
> Can be reproduced and tested with an AF_PACKET socket and python script which
> is included in both mentioned patches.
> 
> [Risk of Regression]
> This patch affects only the cases described above (when no dst is attached
> to the skb), thus the risk should be low.

Focal already has these patches, so NAK there.