1. 13 Nov, 2020 1 commit
    • Johannes Berg's avatar
      mac80211: free sta in sta_info_insert_finish() on errors · 7bc40aed
      Johannes Berg authored
      If sta_info_insert_finish() fails, we currently keep the station
      around and free it only in the caller, but there's only one such
      caller and it always frees it immediately.
      
      As syzbot found, another consequence of this split is that we can
      put things that sleep only into __cleanup_single_sta() and not in
      sta_info_free(), but this is the only place that requires such of
      sta_info_free() now.
      
      Change this to free the station in sta_info_insert_finish(), in
      which case we can still sleep. This will also let us unify the
      cleanup code later.
      
      Cc: stable@vger.kernel.org
      Fixes: dcd479e1 ("mac80211: always wind down STA state")
      Reported-by: syzbot+32c6c38c4812d22f2f0b@syzkaller.appspotmail.com
      Reported-by: syzbot+4c81fe92e372d26c4246@syzkaller.appspotmail.com
      Reported-by: syzbot+6a7fe9faf0d1d61bc24a@syzkaller.appspotmail.com
      Reported-by: syzbot+abed06851c5ffe010921@syzkaller.appspotmail.com
      Reported-by: syzbot+b7aeb9318541a1c709f1@syzkaller.appspotmail.com
      Reported-by: syzbot+d5a9416c6cafe53b5dd0@syzkaller.appspotmail.com
      Link: https://lore.kernel.org/r/20201112112201.ee6b397b9453.I9c31d667a0ea2151441cc64ed6613d36c18a48e0@changeidSigned-off-by: default avatarJohannes Berg <johannes.berg@intel.com>
      7bc40aed
  2. 12 Nov, 2020 19 commits
  3. 11 Nov, 2020 10 commits
  4. 10 Nov, 2020 6 commits
  5. 09 Nov, 2020 2 commits
    • Stefano Brivio's avatar
      tunnels: Fix off-by-one in lower MTU bounds for ICMP/ICMPv6 replies · 77a2d673
      Stefano Brivio authored
      Jianlin reports that a bridged IPv6 VXLAN endpoint, carrying IPv6
      packets over a link with a PMTU estimation of exactly 1350 bytes,
      won't trigger ICMPv6 Packet Too Big replies when the encapsulated
      datagrams exceed said PMTU value. VXLAN over IPv6 adds 70 bytes of
      overhead, so an ICMPv6 reply indicating 1280 bytes as inner MTU
      would be legitimate and expected.
      
      This comes from an off-by-one error I introduced in checks added
      as part of commit 4cb47a86 ("tunnels: PMTU discovery support
      for directly bridged IP packets"), whose purpose was to prevent
      sending ICMPv6 Packet Too Big messages with an MTU lower than the
      smallest permissible IPv6 link MTU, i.e. 1280 bytes.
      
      In iptunnel_pmtud_check_icmpv6(), avoid triggering a reply only if
      the advertised MTU would be less than, and not equal to, 1280 bytes.
      
      Also fix the analogous comparison for IPv4, that is, skip the ICMP
      reply only if the resulting MTU is strictly less than 576 bytes.
      
      This becomes apparent while running the net/pmtu.sh bridged VXLAN
      or GENEVE selftests with adjusted lower-link MTU values. Using
      e.g. GENEVE, setting ll_mtu to the values reported below, in the
      test_pmtu_ipvX_over_bridged_vxlanY_or_geneveY_exception() test
      function, we can see failures on the following tests:
      
                   test                | ll_mtu
        -------------------------------|--------
        pmtu_ipv4_br_geneve4_exception |   626
        pmtu_ipv6_br_geneve4_exception |  1330
        pmtu_ipv6_br_geneve6_exception |  1350
      
      owing to the different tunneling overheads implied by the
      corresponding configurations.
      Reported-by: default avatarJianlin Shi <jishi@redhat.com>
      Fixes: 4cb47a86 ("tunnels: PMTU discovery support for directly bridged IP packets")
      Signed-off-by: default avatarStefano Brivio <sbrivio@redhat.com>
      Link: https://lore.kernel.org/r/4f5fc2f33bfdf8409549fafd4f952b008bf04d63.1604681709.git.sbrivio@redhat.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      77a2d673
    • Oliver Herms's avatar
      IPv6: Set SIT tunnel hard_header_len to zero · 8ef9ba4d
      Oliver Herms authored
      Due to the legacy usage of hard_header_len for SIT tunnels while
      already using infrastructure from net/ipv4/ip_tunnel.c the
      calculation of the path MTU in tnl_update_pmtu is incorrect.
      This leads to unnecessary creation of MTU exceptions for any
      flow going over a SIT tunnel.
      
      As SIT tunnels do not have a header themsevles other than their
      transport (L3, L2) headers we're leaving hard_header_len set to zero
      as tnl_update_pmtu is already taking care of the transport headers
      sizes.
      
      This will also help avoiding unnecessary IPv6 GC runs and spinlock
      contention seen when using SIT tunnels and for more than
      net.ipv6.route.gc_thresh flows.
      
      Fixes: c5441932 ("GRE: Refactor GRE tunneling code.")
      Signed-off-by: default avatarOliver Herms <oliver.peter.herms@gmail.com>
      Acked-by: default avatarWillem de Bruijn <willemb@google.com>
      Link: https://lore.kernel.org/r/20201103104133.GA1573211@twsSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
      8ef9ba4d
  6. 07 Nov, 2020 2 commits