On 11/17/2018 04:51 PM, David Miller wrote:
> From: Eric Dumazet <eric.duma...@gmail.com>
> Date: Sat, 17 Nov 2018 14:37:12 -0800
>
>>
>>
>> On 11/15/2018 03:11 PM, David Miller wrote:
>>
>>>
>>> Applied.
>>>
>>
>> While reviewing this stuff, I found we have a bug.
>>
>> If napi_reuse_skb() is called, we might inherit from prior skb->pkt_type
>> value.
>>
>> It seems that GRO could aggregate packets with pkt_type != PACKET_HOST,
>> right ?
>>
>> David, any objection if I submit the following fix ?
>
> Oh weird, so we do GRO frags accumulation using SKB which never goes through
> eth_type_trans()?
>
> I don't understand how we can, in this circumstance, assume PACKET_HOST?
>
> Because that is what your suggested patch does.
>
> Frame could be UDP multicast, and we could legitimately GRO accumulate it.
> In that situations setting PACKET_HOST doesn't seem correct.
>
I might have been not very clear.
Issue is that with macvlan and GRO-friend traffic we can receive the following
packets :
P1-P2 with PACKET_OTHERHOST because eth_type_trans() detected the dst MAC is
not the eth0 device mac address.
P2 has been aggregated to P1, so the sk_buff has been put to napi->skb via
napi_reuse_skb()
Then we receive on same NAPI packet P3, for this host, reusing napi->skb that
was saved (old P2 sk_buff).
skb->pkt_type is PACKET_OTHERHOST.
eth_type_trans() does not change skb->pkt_type because ethernet dst mac address
is our ethernet mac address.
-> We feed the upper stack with P3, with incorrect pkt_type.
-> packet is dropped because pkt_type != PACKET_HOST, for example in
tcp_v4_rcv()
