linux/net/openvswitch, branch v4.3

openvswitch: Fix skb leak using IPv6 defrag

2015-10-28T02:32:18Z

nf_ct_frag6_gather() makes a clone of each skb passed to it, and if the reassembly is successful, expects the caller to free all of the original skbs using nf_ct_frag6_consume_orig(). This call was previously missing, meaning that the original fragments were never freed (with the exception of the last fragment to arrive). Fix this by ensuring that all original fragments except for the last fragment are freed via nf_ct_frag6_consume_orig(). The last fragment will be morphed into the head, so it must not be freed yet. Furthermore, retain the ->next pointer for the head after skb_morph(). Fixes: 7f8a436eaa2c ("openvswitch: Add conntrack action") Reported-by: Florian Westphal Signed-off-by: Joe Stringer Acked-by: Pravin B Shelar Signed-off-by: David S. Miller

openvswitch: Fix double-free on ip_defrag() errors

2015-10-28T02:32:14Z

If ip_defrag() returns an error other than -EINPROGRESS, then the skb is freed. When handle_fragments() passes this back up to do_execute_actions(), it will be freed again. Prevent this double free by never freeing the skb in do_execute_actions() for errors returned by ovs_ct_execute. Always free it in ovs_ct_execute() error paths instead. Fixes: 7f8a436eaa2c ("openvswitch: Add conntrack action") Reported-by: Florian Westphal Signed-off-by: Joe Stringer Acked-by: Pravin B Shelar Signed-off-by: David S. Miller

openvswitch: Fix egress tunnel info.

2015-10-23T02:39:25Z

While transitioning to netdev based vport we broke OVS feature which allows user to retrieve tunnel packet egress information for lwtunnel devices. Following patch fixes it by introducing ndo operation to get the tunnel egress info. Same ndo operation can be used for lwtunnel devices and compat ovs-tnl-vport devices. So after adding such device operation we can remove similar operation from ovs-vport. Fixes: 614732eaa12d ("openvswitch: Use regular VXLAN net_device device"). Signed-off-by: Pravin B Shelar Signed-off-by: David S. Miller

openvswitch: Serialize nested ct actions if provided

2015-10-22T02:33:43Z

If userspace provides a ct action with no nested mark or label, then the storage for these fields is zeroed. Later when actions are requested, such zeroed fields are serialized even though userspace didn't originally specify them. Fix the behaviour by ensuring that no action is serialized in this case, and reject actions where userspace attempts to set these fields with mask=0. This should make netlink marshalling consistent across deserialization/reserialization. Reported-by: Jarno Rajahalme Signed-off-by: Joe Stringer Acked-by: Pravin B Shelar Acked-by: Thomas Graf Signed-off-by: David S. Miller

openvswitch: Mark connections new when not confirmed.

2015-10-22T02:33:40Z

New, related connections are marked as such as part of ovs_ct_lookup(), but they are not marked as "new" if the commit flag is used. Make this consistent by setting the "new" flag whenever !nf_ct_is_confirmed(ct). Reported-by: Jarno Rajahalme Signed-off-by: Joe Stringer Acked-by: Thomas Graf Acked-by: Pravin B Shelar Signed-off-by: David S. Miller

openvswitch: Reject ct_state masks for unknown bits

2015-10-22T02:33:36Z

Currently, 0-bits are generated in ct_state where the bit position is undefined, and matches are accepted on these bit-positions. If userspace requests to match the 0-value for this bit then it may expect only a subset of traffic to match this value, whereas currently all packets will have this bit set to 0. Fix this by rejecting such masks. Signed-off-by: Joe Stringer Acked-by: Pravin B Shelar Acked-by: Thomas Graf Signed-off-by: David S. Miller

openvswitch: Allocate memory for ovs internal device stats.

2015-10-22T02:06:36Z

"openvswitch: Remove vport stats" removed the per-vport statistics, in order to use the netdev's statistics fields. "openvswitch: Fix ovs_vport_get_stats()" fixed the export of these stats to user-space, by using the provided netdev_ops to collate them - but ovs internal devices still use an unallocated dev->tstats field to count packets, which are no longer exported by this api. Allocate the dev->tstats field for ovs internal devices, and wire up ndo_get_stats64 with the original implementation of ovs_vport_get_stats(). On its own, "openvswitch: Fix ovs_vport_get_stats()" fixes the OOPs, unmasking a full-on panic on arm64: =============%<============== [] internal_dev_recv+0xa8/0x170 [openvswitch] [] do_output.isra.31+0x60/0x19c [openvswitch] [] do_execute_actions+0x208/0x11c0 [openvswitch] [] ovs_execute_actions+0xc8/0x238 [openvswitch] [] ovs_packet_cmd_execute+0x21c/0x288 [openvswitch] [] genl_family_rcv_msg+0x1b0/0x310 [] genl_rcv_msg+0xa4/0xe4 [] netlink_rcv_skb+0xb0/0xdc [] genl_rcv+0x38/0x50 [] netlink_unicast+0x164/0x210 [] netlink_sendmsg+0x304/0x368 [] sock_sendmsg+0x30/0x4c [SNIP] Kernel panic - not syncing: Fatal exception in interrupt =============%<============== Fixes: 8c876639c985 ("openvswitch: Remove vport stats.") Signed-off-by: James Morse Acked-by: Pravin B Shelar Signed-off-by: David S. Miller

openvswitch: Scrub skb between namespaces

2015-10-19T05:24:50Z

If OVS receives a packet from another namespace, then the packet should be scrubbed. However, people have already begun to rely on the behaviour that skb->mark is preserved across namespaces, so retain this one field. This is mainly to address information leakage between namespaces when using OVS internal ports, but by placing it in ovs_vport_receive() it is more generally applicable, meaning it should not be overlooked if other port types are allowed to be moved into namespaces in future. Signed-off-by: Joe Stringer Acked-by: Pravin B Shelar Acked-by: Thomas Graf Signed-off-by: David S. Miller

openvswitch: Change CT_ATTR_FLAGS to CT_ATTR_COMMIT

2015-10-07T12:03:06Z

Previously, the CT_ATTR_FLAGS attribute, when nested under the OVS_ACTION_ATTR_CT, encoded a 32-bit bitmask of flags that modify the semantics of the ct action. It's more extensible to just represent each flag as a nested attribute, and this requires no additional error checking to reject flags that aren't currently supported. Suggested-by: Ben Pfaff Signed-off-by: Joe Stringer Acked-by: Pravin B Shelar Signed-off-by: David S. Miller

openvswitch: Extend ct_state match field to 32 bits

2015-10-07T12:03:06Z

The ct_state field was initially added as an 8-bit field, however six of the bits are already being used and use cases are already starting to appear that may push the limits of this field. This patch extends the field to 32 bits while retaining the internal representation of 8 bits. This should cover forward compatibility of the ABI for the foreseeable future. This patch also reorders the OVS_CS_F_* bits to be sequential. Suggested-by: Jarno Rajahalme Signed-off-by: Joe Stringer Acked-by: Pravin B Shelar Signed-off-by: David S. Miller