From patchwork Wed Dec  5 18:55:48 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Gregory Rose <gvrose8192@gmail.com>
X-Patchwork-Id: 1008392
Return-Path: <ovs-dev-bounces@openvswitch.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=openvswitch.org
	(client-ip=140.211.169.12; helo=mail.linuxfoundation.org;
	envelope-from=ovs-dev-bounces@openvswitch.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org;
	dkim=fail reason="signature verification failed" (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="YeuWv3kj"; dkim-atps=neutral
Received: from mail.linuxfoundation.org (mail.linuxfoundation.org
	[140.211.169.12])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 4397LN2mwVz9s8J
	for <incoming@patchwork.ozlabs.org>;
	Thu,  6 Dec 2018 05:58:52 +1100 (AEDT)
Received: from mail.linux-foundation.org (localhost [127.0.0.1])
	by mail.linuxfoundation.org (Postfix) with ESMTP id 2BD18B80;
	Wed,  5 Dec 2018 18:56:05 +0000 (UTC)
X-Original-To: dev@openvswitch.org
Delivered-To: ovs-dev@mail.linuxfoundation.org
Received: from smtp1.linuxfoundation.org (smtp1.linux-foundation.org
	[172.17.192.35])
	by mail.linuxfoundation.org (Postfix) with ESMTPS id 4E902B4C
	for <dev@openvswitch.org>; Wed,  5 Dec 2018 18:56:03 +0000 (UTC)
X-Greylist: whitelisted by SQLgrey-1.7.6
Received: from mail-pf1-f194.google.com (mail-pf1-f194.google.com
	[209.85.210.194])
	by smtp1.linuxfoundation.org (Postfix) with ESMTPS id DEFE9808
	for <dev@openvswitch.org>; Wed,  5 Dec 2018 18:56:02 +0000 (UTC)
Received: by mail-pf1-f194.google.com with SMTP id g62so10445461pfd.12
	for <dev@openvswitch.org>; Wed, 05 Dec 2018 10:56:02 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=GEoK2BhfUv4QzIYlrMU6WUWhnOdDI1UNrepR6SThoGA=;
	b=YeuWv3kjj3rp/S7AgeQIMK6PgOrxV1QCwt8I4Pku+1uiQPn1dCGNqqtAOj8TgkMCdr
	KyuxUigSMq6oseOoJr2a0GDQ2sTlydaL/pL4OsfrDEIVfImPqN5nM8ULatbQDaKhZIWU
	xe/sDTv+O5+FbRdfD9xzCCoipxfxOCNzddNCsCM7JaVasSKPmeW38Sg5oNWA6fiysBgf
	R5FY7Zss+l1rLyVzcfaP3L61jnq3TT7ijg6/DGKUN6sNuHyy0p4hO2aeaYOiKdY1uguj
	2gY1oy9OqflX9nNdtFVyz+u0wazx3nvPAVxBbq3hVrczgfMNAVXpHDr6UsBsAYmhKs9n
	8UzA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=GEoK2BhfUv4QzIYlrMU6WUWhnOdDI1UNrepR6SThoGA=;
	b=RApUyncFAuixFEoJPF3V8/B4dlysJ/tnpHd2qY96eCvIybnWU0KDNEvBK0SdGysYUF
	dVPvzEBobllSSOrkyS1mckUOjzuV4ScnbiJyl7YuTLK3vmwkv+yaSvOrVCU+q/iqwz+B
	PI/vcPpuwf063MCw+iRPP8Fj2YU3mYFZKU5C2kyqQi1Nu95SFl1SHxdErKz3L2liFqcW
	G6EFJ6iKyb8qdE5lVRvJMMSiK7Zx8pDe7HnwHNMdq3R+hrarnO2+YlWSIv6Crt1l39SF
	vGEMjXMFs5OX5xq1FEST35hGPkPcy6nXG10jaGpWmUdZX5fNzXczj88lc5R4EU1gA7Fo
	qdDA==
X-Gm-Message-State: AA+aEWatU26nGOT8XEbOFeAVX2Bp7fWWxelRzDQfFhIOwHhKNrQWDwvX
	uvp7g3lEZ5tFrdWKY1tNFc9BlJmT
X-Google-Smtp-Source: 
 AFSGD/VPlP9Hy7p81vMK2i13g8VFQDW0A4HKvW9PzvJTOrh5cJcZ55Ye9ZhIP8sK31Nd71EDzzmGzw==
X-Received: by 2002:a63:cb4a:: with SMTP id
	m10mr20578768pgi.105.1544036162069;
	Wed, 05 Dec 2018 10:56:02 -0800 (PST)
Received: from gizo.domain (97-115-96-17.ptld.qwest.net. [97.115.96.17])
	by smtp.gmail.com with ESMTPSA id
	q187sm93627156pfq.128.2018.12.05.10.56.00
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Wed, 05 Dec 2018 10:56:01 -0800 (PST)
From: Greg Rose <gvrose8192@gmail.com>
To: dev@openvswitch.org
Date: Wed,  5 Dec 2018 10:55:48 -0800
Message-Id: <1544036152-27247-5-git-send-email-gvrose8192@gmail.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1544036152-27247-1-git-send-email-gvrose8192@gmail.com>
References: <1544036152-27247-1-git-send-email-gvrose8192@gmail.com>
X-Spam-Status: No, score=-1.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,DKIM_VALID_AU,FREEMAIL_ENVFROM_END_DIGIT,FREEMAIL_FROM,
	RCVD_IN_DNSWL_NONE autolearn=no version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	smtp1.linux-foundation.org
Cc: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
Subject: [ovs-dev] [PATCH 4/8] datapath: check tunnel option type in tunnel
	flags
X-BeenThere: ovs-dev@openvswitch.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: <ovs-dev.openvswitch.org>
List-Unsubscribe: <https://mail.openvswitch.org/mailman/options/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=unsubscribe>
List-Archive: <http://mail.openvswitch.org/pipermail/ovs-dev/>
List-Post: <mailto:ovs-dev@openvswitch.org>
List-Help: <mailto:ovs-dev-request@openvswitch.org?subject=help>
List-Subscribe: <https://mail.openvswitch.org/mailman/listinfo/ovs-dev>,
	<mailto:ovs-dev-request@openvswitch.org?subject=subscribe>
MIME-Version: 1.0
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org

From: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>

Upstream commit:
    commit 256c87c17c53e60882a43dcf3e98f3bf859eaf6f
    Author: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
    Date:   Tue Jun 26 21:39:36 2018 -0700

    net: check tunnel option type in tunnel flags

    Check the tunnel option type stored in tunnel flags when creating options
    for tunnels. Thereby ensuring we do not set geneve, vxlan or erspan tunnel
    options on interfaces that are not associated with them.

    Make sure all users of the infrastructure set correct flags, for the BPF
    helper we have to set all bits to keep backward compatibility.

    Signed-off-by: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
    Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
    Signed-off-by: David S. Miller <davem@davemloft.net>

CC: Pieter Jansen van Vuuren <pieter.jansenvanvuuren@netronome.com>
Signed-off-by: Greg Rose <gvrose8192@gmail.com>
Acked-by: William Tu <u9012063@gmail.com>
---
 datapath/flow_netlink.c                        | 7 ++++++-
 datapath/linux/compat/geneve.c                 | 3 ++-
 datapath/linux/compat/include/net/ip_tunnels.h | 4 +++-
 datapath/linux/compat/ip_gre.c                 | 2 ++
 datapath/linux/compat/vxlan.c                  | 3 ++-
 5 files changed, 15 insertions(+), 4 deletions(-)

diff --git a/datapath/flow_netlink.c b/datapath/flow_netlink.c
index ee0c184..19341bc 100644
--- a/datapath/flow_netlink.c
+++ b/datapath/flow_netlink.c
@@ -2521,7 +2521,9 @@ static int validate_and_copy_set_tun(const struct nlattr *attr,
 	struct ovs_tunnel_info *ovs_tun;
 	struct nlattr *a;
 	int err = 0, start, opts_type;
+	__be16 dst_opt_type;
 
+	dst_opt_type = 0;
 	ovs_match_init(&match, &key, true, NULL);
 	opts_type = ip_tun_from_nlattr(nla_data(attr), &match, false, log);
 	if (opts_type < 0)
@@ -2533,10 +2535,13 @@ static int validate_and_copy_set_tun(const struct nlattr *attr,
 			err = validate_geneve_opts(&key);
 			if (err < 0)
 				return err;
+			dst_opt_type = TUNNEL_GENEVE_OPT;
 			break;
 		case OVS_TUNNEL_KEY_ATTR_VXLAN_OPTS:
+			dst_opt_type = TUNNEL_VXLAN_OPT;
 			break;
 		case OVS_TUNNEL_KEY_ATTR_ERSPAN_OPTS:
+			dst_opt_type = TUNNEL_ERSPAN_OPT;
 			break;
 		}
 	}
@@ -2578,7 +2583,7 @@ static int validate_and_copy_set_tun(const struct nlattr *attr,
 	 */
 	ip_tunnel_info_opts_set(tun_info,
 				TUN_METADATA_OPTS(&key, key.tun_opts_len),
-				key.tun_opts_len);
+				key.tun_opts_len, dst_opt_type);
 	add_nested_action_end(*sfa, start);
 
 	return err;
diff --git a/datapath/linux/compat/geneve.c b/datapath/linux/compat/geneve.c
index 77632ae..c044b14 100644
--- a/datapath/linux/compat/geneve.c
+++ b/datapath/linux/compat/geneve.c
@@ -252,7 +252,8 @@ static void geneve_rx(struct geneve_dev *geneve, struct geneve_sock *gs,
 			goto drop;
 		/* Update tunnel dst according to Geneve options. */
 		ip_tunnel_info_opts_set(&tun_dst->u.tun_info,
-					gnvh->options, gnvh->opt_len * 4);
+					gnvh->options, gnvh->opt_len * 4,
+					TUNNEL_GENEVE_OPT);
 	} else {
 		/* Drop packets w/ critical options,
 		 * since we don't support any...
diff --git a/datapath/linux/compat/include/net/ip_tunnels.h b/datapath/linux/compat/include/net/ip_tunnels.h
index dd90306..da64a94 100644
--- a/datapath/linux/compat/include/net/ip_tunnels.h
+++ b/datapath/linux/compat/include/net/ip_tunnels.h
@@ -214,10 +214,12 @@ static inline void ip_tunnel_info_opts_get(void *to,
 }
 
 static inline void ip_tunnel_info_opts_set(struct ip_tunnel_info *info,
-					   const void *from, int len)
+					   const void *from, int len,
+					   __be16 flags)
 {
 	memcpy(ip_tunnel_info_opts(info), from, len);
 	info->options_len = len;
+	info->key.tun_flags |= flags;
 }
 
 static inline void ip_tunnel_key_init(struct ip_tunnel_key *key,
diff --git a/datapath/linux/compat/ip_gre.c b/datapath/linux/compat/ip_gre.c
index 0faf8ab..89ef455 100644
--- a/datapath/linux/compat/ip_gre.c
+++ b/datapath/linux/compat/ip_gre.c
@@ -601,6 +601,8 @@ static void erspan_fb_xmit(struct sk_buff *skb, struct net_device *dev,
 		goto err_free_skb;
 
 	key = &tun_info->key;
+	if (!(tun_info->key.tun_flags & TUNNEL_ERSPAN_OPT))
+		goto err_free_rt;
 	md = ip_tunnel_info_opts(tun_info);
 	if (!md)
 		goto err_free_rt;
diff --git a/datapath/linux/compat/vxlan.c b/datapath/linux/compat/vxlan.c
index b38a7be..23118e8 100644
--- a/datapath/linux/compat/vxlan.c
+++ b/datapath/linux/compat/vxlan.c
@@ -1101,7 +1101,8 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev,
 		label = info->key.label;
 		udp_sum = !!(info->key.tun_flags & TUNNEL_CSUM);
 
-		if (info->options_len)
+		if (info->options_len &&
+		    info->key.tun_flags & TUNNEL_VXLAN_OPT)
 			md = ip_tunnel_info_opts(info);
 	} else {
 		md->gbp = skb->mark;