From 2ae2904b5bac4a554e0734cf494bb6d6fdfd4cd2 Mon Sep 17 00:00:00 2001 From: Fabian Frederick Date: Fri, 25 Sep 2020 15:16:02 +0200 Subject: [PATCH 1/5] vxlan: don't collect metadata if remote checksum is wrong call vxlan_remcsum() before md filling in vxlan_rcv() Signed-off-by: Fabian Frederick Signed-off-by: David S. Miller --- drivers/net/vxlan.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c index b9fefe27e3e89..47c762f7f5b11 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c @@ -1875,6 +1875,10 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb) !net_eq(vxlan->net, dev_net(vxlan->dev)))) goto drop; + if (vs->flags & VXLAN_F_REMCSUM_RX) + if (!vxlan_remcsum(&unparsed, skb, vs->flags)) + goto drop; + if (vxlan_collect_metadata(vs)) { struct metadata_dst *tun_dst; @@ -1891,9 +1895,6 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb) memset(md, 0, sizeof(*md)); } - if (vs->flags & VXLAN_F_REMCSUM_RX) - if (!vxlan_remcsum(&unparsed, skb, vs->flags)) - goto drop; if (vs->flags & VXLAN_F_GBP) vxlan_parse_gbp_hdr(&unparsed, skb, vs->flags, md); /* Note that GBP and GPE can never be active together. This is From 0189399cbb5eba6e98f02b61574b507062c476b7 Mon Sep 17 00:00:00 2001 From: Fabian Frederick Date: Fri, 25 Sep 2020 15:16:18 +0200 Subject: [PATCH 2/5] vxlan: add unlikely to vxlan_remcsum check small optimization around checking as it's being done in all receptions Signed-off-by: Fabian Frederick Signed-off-by: David S. Miller --- drivers/net/vxlan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c index 47c762f7f5b11..cc904f003f158 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c @@ -1876,7 +1876,7 @@ static int vxlan_rcv(struct sock *sk, struct sk_buff *skb) goto drop; if (vs->flags & VXLAN_F_REMCSUM_RX) - if (!vxlan_remcsum(&unparsed, skb, vs->flags)) + if (unlikely(!vxlan_remcsum(&unparsed, skb, vs->flags))) goto drop; if (vxlan_collect_metadata(vs)) { From 546c044c9651e81a16833806feff6b369bb5de33 Mon Sep 17 00:00:00 2001 From: Fabian Frederick Date: Fri, 25 Sep 2020 15:16:39 +0200 Subject: [PATCH 3/5] vxlan: move encapsulation warning vxlan_xmit_one() was only called from vxlan_xmit() without rdst and info was already tested. Emit warning in that function instead Signed-off-by: Fabian Frederick Signed-off-by: David S. Miller --- drivers/net/vxlan.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c index cc904f003f158..14f903d09c010 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c @@ -2650,11 +2650,6 @@ static void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev, udp_sum = !(flags & VXLAN_F_UDP_ZERO_CSUM6_TX); label = vxlan->cfg.label; } else { - if (!info) { - WARN_ONCE(1, "%s: Missing encapsulation instructions\n", - dev->name); - goto drop; - } remote_ip.sa.sa_family = ip_tunnel_info_af(info); if (remote_ip.sa.sa_family == AF_INET) { remote_ip.sin.sin_addr.s_addr = info->key.u.ipv4.dst; @@ -2889,6 +2884,10 @@ static netdev_tx_t vxlan_xmit(struct sk_buff *skb, struct net_device *dev) info->mode & IP_TUNNEL_INFO_TX) { vni = tunnel_id_to_key32(info->key.tun_id); } else { + if (!info) + WARN_ONCE(1, "%s: Missing encapsulation instructions\n", + dev->name); + if (info && info->mode & IP_TUNNEL_INFO_TX) vxlan_xmit_one(skb, dev, vni, NULL, false); else From 2eabcb8afe74304458ee47ee175bc16b770b7d20 Mon Sep 17 00:00:00 2001 From: Fabian Frederick Date: Fri, 25 Sep 2020 15:16:59 +0200 Subject: [PATCH 4/5] vxlan: check rtnl_configure_link return code correctly rtnl_configure_link is always checked if < 0 for error code. Signed-off-by: Fabian Frederick Signed-off-by: David S. Miller --- drivers/net/vxlan.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c index 14f903d09c010..1e9ab1002281c 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c @@ -3890,7 +3890,7 @@ static int __vxlan_dev_create(struct net *net, struct net_device *dev, } err = rtnl_configure_link(dev, NULL); - if (err) + if (err < 0) goto unlink; if (f) { From 78ec710e7f326c6d9ae0169b670a8d6da04ee817 Mon Sep 17 00:00:00 2001 From: Fabian Frederick Date: Fri, 25 Sep 2020 15:17:17 +0200 Subject: [PATCH 5/5] vxlan: fix vxlan_find_sock() documentation for l3mdev Since commit aab8cc3630e32 ("vxlan: add support for underlay in non-default VRF") vxlan_find_sock() also checks if socket is assigned to the right level 3 master device when lower device is not in the default VRF. Signed-off-by: Fabian Frederick Signed-off-by: David S. Miller --- drivers/net/vxlan.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c index 1e9ab1002281c..fa21d62aa79c9 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c @@ -190,8 +190,9 @@ static inline struct vxlan_rdst *first_remote_rtnl(struct vxlan_fdb *fdb) return list_first_entry(&fdb->remotes, struct vxlan_rdst, list); } -/* Find VXLAN socket based on network namespace, address family and UDP port - * and enabled unshareable flags. +/* Find VXLAN socket based on network namespace, address family, UDP port, + * enabled unshareable flags and socket device binding (see l3mdev with + * non-default VRF). */ static struct vxlan_sock *vxlan_find_sock(struct net *net, sa_family_t family, __be16 port, u32 flags, int ifindex)