From: Greg Kroah-Hartman Date: Tue, 31 Mar 2020 12:25:47 +0000 (+0200) Subject: 5.4-stable patches X-Git-Tag: v5.6.1~3 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=452bd95197e66b8acd50d59407d1c4a54eb3abaf;p=thirdparty%2Fkernel%2Fstable-queue.git 5.4-stable patches added patches: net-fix-config_net_cls_act-n-and-config_nft_fwd_netdev-y-m-build.patch --- diff --git a/queue-5.4/net-fix-config_net_cls_act-n-and-config_nft_fwd_netdev-y-m-build.patch b/queue-5.4/net-fix-config_net_cls_act-n-and-config_nft_fwd_netdev-y-m-build.patch new file mode 100644 index 00000000000..11e1aeebfb2 --- /dev/null +++ b/queue-5.4/net-fix-config_net_cls_act-n-and-config_nft_fwd_netdev-y-m-build.patch @@ -0,0 +1,243 @@ +From 2c64605b590edadb3fb46d1ec6badb49e940b479 Mon Sep 17 00:00:00 2001 +From: Pablo Neira Ayuso +Date: Wed, 25 Mar 2020 13:47:18 +0100 +Subject: net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +From: Pablo Neira Ayuso + +commit 2c64605b590edadb3fb46d1ec6badb49e940b479 upstream. + +net/netfilter/nft_fwd_netdev.c: In function ‘nft_fwd_netdev_eval’: + net/netfilter/nft_fwd_netdev.c:32:10: error: ‘struct sk_buff’ has no member named ‘tc_redirected’ + pkt->skb->tc_redirected = 1; + ^~ + net/netfilter/nft_fwd_netdev.c:33:10: error: ‘struct sk_buff’ has no member named ‘tc_from_ingress’ + pkt->skb->tc_from_ingress = 1; + ^~ + +To avoid a direct dependency with tc actions from netfilter, wrap the +redirect bits around CONFIG_NET_REDIRECT and move helpers to +include/linux/skbuff.h. Turn on this toggle from the ifb driver, the +only existing client of these bits in the tree. + +This patch adds skb_set_redirected() that sets on the redirected bit +on the skbuff, it specifies if the packet was redirect from ingress +and resets the timestamp (timestamp reset was originally missing in the +netfilter bugfix). + +Fixes: bcfabee1afd99484 ("netfilter: nft_fwd_netdev: allow to redirect to ifb via ingress") +Reported-by: noreply@ellerman.id.au +Reported-by: Geert Uytterhoeven +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman + +--- + drivers/net/Kconfig | 1 + + drivers/net/ifb.c | 6 +++--- + include/linux/skbuff.h | 36 ++++++++++++++++++++++++++++++++---- + include/net/sch_generic.h | 16 ---------------- + net/Kconfig | 3 +++ + net/core/dev.c | 4 ++-- + net/core/pktgen.c | 2 +- + net/netfilter/nft_fwd_netdev.c | 5 ++--- + net/sched/act_mirred.c | 6 ++---- + 9 files changed, 46 insertions(+), 33 deletions(-) + +--- a/drivers/net/Kconfig ++++ b/drivers/net/Kconfig +@@ -106,6 +106,7 @@ config NET_FC + config IFB + tristate "Intermediate Functional Block support" + depends on NET_CLS_ACT ++ select NET_REDIRECT + ---help--- + This is an intermediate driver that allows sharing of + resources. +--- a/drivers/net/ifb.c ++++ b/drivers/net/ifb.c +@@ -75,7 +75,7 @@ static void ifb_ri_tasklet(unsigned long + } + + while ((skb = __skb_dequeue(&txp->tq)) != NULL) { +- skb->tc_redirected = 0; ++ skb->redirected = 0; + skb->tc_skip_classify = 1; + + u64_stats_update_begin(&txp->tsync); +@@ -96,7 +96,7 @@ static void ifb_ri_tasklet(unsigned long + rcu_read_unlock(); + skb->skb_iif = txp->dev->ifindex; + +- if (!skb->tc_from_ingress) { ++ if (!skb->from_ingress) { + dev_queue_xmit(skb); + } else { + skb_pull_rcsum(skb, skb->mac_len); +@@ -243,7 +243,7 @@ static netdev_tx_t ifb_xmit(struct sk_bu + txp->rx_bytes += skb->len; + u64_stats_update_end(&txp->rsync); + +- if (!skb->tc_redirected || !skb->skb_iif) { ++ if (!skb->redirected || !skb->skb_iif) { + dev_kfree_skb(skb); + dev->stats.rx_dropped++; + return NETDEV_TX_OK; +--- a/include/linux/skbuff.h ++++ b/include/linux/skbuff.h +@@ -634,8 +634,8 @@ typedef unsigned char *sk_buff_data_t; + * @offload_l3_fwd_mark: Packet was L3-forwarded in hardware + * @tc_skip_classify: do not classify packet. set by IFB device + * @tc_at_ingress: used within tc_classify to distinguish in/egress +- * @tc_redirected: packet was redirected by a tc action +- * @tc_from_ingress: if tc_redirected, tc_at_ingress at time of redirect ++ * @redirected: packet was redirected by packet classifier ++ * @from_ingress: packet was redirected from the ingress path + * @peeked: this packet has been seen already, so stats have been + * done for it, don't do them again + * @nf_trace: netfilter packet trace flag +@@ -816,8 +816,10 @@ struct sk_buff { + #ifdef CONFIG_NET_CLS_ACT + __u8 tc_skip_classify:1; + __u8 tc_at_ingress:1; +- __u8 tc_redirected:1; +- __u8 tc_from_ingress:1; ++#endif ++#ifdef CONFIG_NET_REDIRECT ++ __u8 redirected:1; ++ __u8 from_ingress:1; + #endif + #ifdef CONFIG_TLS_DEVICE + __u8 decrypted:1; +@@ -4514,5 +4516,31 @@ static inline __wsum lco_csum(struct sk_ + return csum_partial(l4_hdr, csum_start - l4_hdr, partial); + } + ++static inline bool skb_is_redirected(const struct sk_buff *skb) ++{ ++#ifdef CONFIG_NET_REDIRECT ++ return skb->redirected; ++#else ++ return false; ++#endif ++} ++ ++static inline void skb_set_redirected(struct sk_buff *skb, bool from_ingress) ++{ ++#ifdef CONFIG_NET_REDIRECT ++ skb->redirected = 1; ++ skb->from_ingress = from_ingress; ++ if (skb->from_ingress) ++ skb->tstamp = 0; ++#endif ++} ++ ++static inline void skb_reset_redirect(struct sk_buff *skb) ++{ ++#ifdef CONFIG_NET_REDIRECT ++ skb->redirected = 0; ++#endif ++} ++ + #endif /* __KERNEL__ */ + #endif /* _LINUX_SKBUFF_H */ +--- a/include/net/sch_generic.h ++++ b/include/net/sch_generic.h +@@ -675,22 +675,6 @@ void __qdisc_calculate_pkt_len(struct sk + const struct qdisc_size_table *stab); + int skb_do_redirect(struct sk_buff *); + +-static inline void skb_reset_tc(struct sk_buff *skb) +-{ +-#ifdef CONFIG_NET_CLS_ACT +- skb->tc_redirected = 0; +-#endif +-} +- +-static inline bool skb_is_tc_redirected(const struct sk_buff *skb) +-{ +-#ifdef CONFIG_NET_CLS_ACT +- return skb->tc_redirected; +-#else +- return false; +-#endif +-} +- + static inline bool skb_at_tc_ingress(const struct sk_buff *skb) + { + #ifdef CONFIG_NET_CLS_ACT +--- a/net/Kconfig ++++ b/net/Kconfig +@@ -52,6 +52,9 @@ config NET_INGRESS + config NET_EGRESS + bool + ++config NET_REDIRECT ++ bool ++ + config SKB_EXTENSIONS + bool + +--- a/net/core/dev.c ++++ b/net/core/dev.c +@@ -4237,7 +4237,7 @@ static u32 netif_receive_generic_xdp(str + /* Reinjected packets coming from act_mirred or similar should + * not get XDP generic processing. + */ +- if (skb_is_tc_redirected(skb)) ++ if (skb_is_redirected(skb)) + return XDP_PASS; + + /* XDP packets must be linear and must have sufficient headroom +@@ -4786,7 +4786,7 @@ skip_taps: + goto out; + } + #endif +- skb_reset_tc(skb); ++ skb_reset_redirect(skb); + skip_classify: + if (pfmemalloc && !skb_pfmemalloc_protocol(skb)) + goto drop; +--- a/net/core/pktgen.c ++++ b/net/core/pktgen.c +@@ -3362,7 +3362,7 @@ static void pktgen_xmit(struct pktgen_de + /* skb was 'freed' by stack, so clean few + * bits and reuse it + */ +- skb_reset_tc(skb); ++ skb_reset_redirect(skb); + } while (--burst > 0); + goto out; /* Skips xmit_mode M_START_XMIT */ + } else if (pkt_dev->xmit_mode == M_QUEUE_XMIT) { +--- a/net/netfilter/nft_fwd_netdev.c ++++ b/net/netfilter/nft_fwd_netdev.c +@@ -28,9 +28,8 @@ static void nft_fwd_netdev_eval(const st + struct nft_fwd_netdev *priv = nft_expr_priv(expr); + int oif = regs->data[priv->sreg_dev]; + +- /* These are used by ifb only. */ +- pkt->skb->tc_redirected = 1; +- pkt->skb->tc_from_ingress = 1; ++ /* This is used by ifb only. */ ++ skb_set_redirected(pkt->skb, true); + + nf_fwd_netdev_egress(pkt, oif); + regs->verdict.code = NF_STOLEN; +--- a/net/sched/act_mirred.c ++++ b/net/sched/act_mirred.c +@@ -284,10 +284,8 @@ static int tcf_mirred_act(struct sk_buff + + /* mirror is always swallowed */ + if (is_redirect) { +- skb2->tc_redirected = 1; +- skb2->tc_from_ingress = skb2->tc_at_ingress; +- if (skb2->tc_from_ingress) +- skb2->tstamp = 0; ++ skb_set_redirected(skb2, skb2->tc_at_ingress); ++ + /* let's the caller reinsert the packet, if possible */ + if (use_reinsert) { + res->ingress = want_ingress; diff --git a/queue-5.4/series b/queue-5.4/series index 32fd766624c..d6c291d91d6 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -153,3 +153,4 @@ media-dib0700-fix-rc-endpoint-lookup.patch media-stv06xx-add-missing-descriptor-sanity-checks.patch media-xirlink_cit-add-missing-descriptor-sanity-checks.patch media-v4l2-core-fix-a-use-after-free-bug-of-sd-devnode.patch +net-fix-config_net_cls_act-n-and-config_nft_fwd_netdev-y-m-build.patch