From syzbot+c4c7bf27f6b0c4bd97fe at syzkaller.appspotmail.com Mon Jun 2 13:21:34 2025 From: syzbot+c4c7bf27f6b0c4bd97fe at syzkaller.appspotmail.com (syzbot) Date: Mon, 02 Jun 2025 06:21:34 -0700 Subject: [syzbot] [net?] general protection fault in veth_xdp_rcv Message-ID: <683da55e.a00a0220.d8eae.0052.GAE@google.com> Hello, syzbot found the following issue on: HEAD commit: 4cb6c8af8591 selftests/filesystems: Fix build of anon_inod.. git tree: upstream console output: https://syzkaller.appspot.com/x/log.txt?x=11e8300c580000 kernel config: https://syzkaller.appspot.com/x/.config?x=5319177d225a42f1 dashboard link: https://syzkaller.appspot.com/bug?extid=c4c7bf27f6b0c4bd97fe compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 Unfortunately, I don't have any reproducer for this issue yet. Downloadable assets: disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/d900f083ada3/non_bootable_disk-4cb6c8af.raw.xz vmlinux: https://storage.googleapis.com/syzbot-assets/bc0e5dfdd686/vmlinux-4cb6c8af.xz kernel image: https://storage.googleapis.com/syzbot-assets/2cdd323de6ca/bzImage-4cb6c8af.xz IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+c4c7bf27f6b0c4bd97fe at syzkaller.appspotmail.com Oops: general protection fault, probably for non-canonical address 0xdffffc0000000098: 0000 [#1] SMP KASAN NOPTI KASAN: null-ptr-deref in range [0x00000000000004c0-0x00000000000004c7] CPU: 1 UID: 0 PID: 5975 Comm: kworker/1:4 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 Workqueue: wg-kex-wg0 wg_packet_handshake_receive_worker RIP: 0010:netdev_get_tx_queue include/linux/netdevice.h:2636 [inline] RIP: 0010:veth_xdp_rcv.constprop.0+0x142/0xda0 drivers/net/veth.c:912 Code: 54 d9 31 fb 45 85 e4 0f 85 db 08 00 00 e8 06 de 31 fb 48 8d bd c0 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 18 0c 00 00 44 8b a5 c0 04 00 RSP: 0018:ffffc900006a09b8 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff868a1686 RDX: 0000000000000098 RSI: ffffffff868a0d9a RDI: 00000000000004c0 RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: ffffc900006a0ff8 R12: 0000000000000001 R13: 1ffff920000d4145 R14: ffffc900006a0e58 R15: ffff8880503d0000 FS: 0000000000000000(0000) GS:ffff8880d686e000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe5e3a6ad58 CR3: 000000000e382000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 Call Trace: veth_poll+0x19c/0x9c0 drivers/net/veth.c:979 __napi_poll.constprop.0+0xba/0x550 net/core/dev.c:7414 napi_poll net/core/dev.c:7478 [inline] net_rx_action+0xa9f/0xfe0 net/core/dev.c:7605 handle_softirqs+0x219/0x8e0 kernel/softirq.c:579 do_softirq kernel/softirq.c:480 [inline] do_softirq+0xb2/0xf0 kernel/softirq.c:467 __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:407 local_bh_enable include/linux/bottom_half.h:33 [inline] fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline] kernel_fpu_end+0x5e/0x70 arch/x86/kernel/fpu/core.c:476 blake2s_compress+0x7f/0xe0 arch/x86/lib/crypto/blake2s-glue.c:46 blake2s_final+0xc9/0x150 lib/crypto/blake2s.c:54 hmac.constprop.0+0x335/0x420 drivers/net/wireguard/noise.c:333 kdf.constprop.0+0x122/0x280 drivers/net/wireguard/noise.c:360 mix_dh+0xe8/0x150 drivers/net/wireguard/noise.c:413 wg_noise_handshake_consume_initiation+0x265/0x880 drivers/net/wireguard/noise.c:608 wg_receive_handshake_packet+0x219/0xbf0 drivers/net/wireguard/receive.c:144 wg_packet_handshake_receive_worker+0x17f/0x3a0 drivers/net/wireguard/receive.c:213 process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238 process_scheduled_works kernel/workqueue.c:3321 [inline] worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402 kthread+0x3c2/0x780 kernel/kthread.c:464 ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148 ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 Modules linked in: ---[ end trace 0000000000000000 ]--- RIP: 0010:netdev_get_tx_queue include/linux/netdevice.h:2636 [inline] RIP: 0010:veth_xdp_rcv.constprop.0+0x142/0xda0 drivers/net/veth.c:912 Code: 54 d9 31 fb 45 85 e4 0f 85 db 08 00 00 e8 06 de 31 fb 48 8d bd c0 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 18 0c 00 00 44 8b a5 c0 04 00 RSP: 0018:ffffc900006a09b8 EFLAGS: 00010202 RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff868a1686 RDX: 0000000000000098 RSI: ffffffff868a0d9a RDI: 00000000000004c0 RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 R10: 0000000000000001 R11: ffffc900006a0ff8 R12: 0000000000000001 R13: 1ffff920000d4145 R14: ffffc900006a0e58 R15: ffff8880503d0000 FS: 0000000000000000(0000) GS:ffff8880d686e000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 00007fe5e3a6ad58 CR3: 000000000e382000 CR4: 0000000000352ef0 DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 ---------------- Code disassembly (best guess): 0: 54 push %rsp 1: d9 31 fnstenv (%rcx) 3: fb sti 4: 45 85 e4 test %r12d,%r12d 7: 0f 85 db 08 00 00 jne 0x8e8 d: e8 06 de 31 fb call 0xfb31de18 12: 48 8d bd c0 04 00 00 lea 0x4c0(%rbp),%rdi 19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax 20: fc ff df 23: 48 89 fa mov %rdi,%rdx 26: 48 c1 ea 03 shr $0x3,%rdx * 2a: 0f b6 04 02 movzbl (%rdx,%rax,1),%eax <-- trapping instruction 2e: 84 c0 test %al,%al 30: 74 08 je 0x3a 32: 3c 03 cmp $0x3,%al 34: 0f 8e 18 0c 00 00 jle 0xc52 3a: 44 rex.R 3b: 8b .byte 0x8b 3c: a5 movsl %ds:(%rsi),%es:(%rdi) 3d: c0 .byte 0xc0 3e: 04 00 add $0x0,%al --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller at googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. If the report is already addressed, let syzbot know by replying with: #syz fix: exact-commit-title If you want to overwrite report's subsystems, reply with: #syz set subsystems: new-subsystem (See the list of subsystem names on the web dashboard) If the report is a duplicate of another one, reply with: #syz dup: exact-subject-of-another-report If you want to undo deduplication, reply with: #syz undup From yury.norov at gmail.com Wed Jun 4 23:36:55 2025 From: yury.norov at gmail.com (Yury Norov) Date: Wed, 4 Jun 2025 19:36:55 -0400 Subject: [PATCH] wireguard/queueing: simplify wg_cpumask_next_online() Message-ID: <20250604233656.41896-1-yury.norov@gmail.com> wg_cpumask_choose_online() opencodes cpumask_nth(). Use it and make the function significantly simpler. While there, fix opencoded cpu_online() too. Signed-off-by: Yury Norov --- drivers/net/wireguard/queueing.h | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h index 7eb76724b3ed..3bfe16f71af0 100644 --- a/drivers/net/wireguard/queueing.h +++ b/drivers/net/wireguard/queueing.h @@ -104,17 +104,11 @@ static inline void wg_reset_packet(struct sk_buff *skb, bool encapsulating) static inline int wg_cpumask_choose_online(int *stored_cpu, unsigned int id) { - unsigned int cpu = *stored_cpu, cpu_index, i; + if (likely(*stored_cpu < nr_cpu_ids && cpu_online(*stored_cpu))) + return cpu; - if (unlikely(cpu >= nr_cpu_ids || - !cpumask_test_cpu(cpu, cpu_online_mask))) { - cpu_index = id % cpumask_weight(cpu_online_mask); - cpu = cpumask_first(cpu_online_mask); - for (i = 0; i < cpu_index; ++i) - cpu = cpumask_next(cpu, cpu_online_mask); - *stored_cpu = cpu; - } - return cpu; + *stored_cpu = cpumask_nth(id % num_online_cpus(), cpu_online_mask); + return *stored_cpu; } /* This function is racy, in the sense that it's called while last_cpu is -- 2.43.0 From yury.norov at gmail.com Thu Jun 5 04:23:29 2025 From: yury.norov at gmail.com (Yury Norov) Date: Thu, 5 Jun 2025 00:23:29 -0400 Subject: [PATCH] wireguard/queueing: simplify wg_cpumask_next_online() In-Reply-To: <20250604233656.41896-1-yury.norov@gmail.com> References: <20250604233656.41896-1-yury.norov@gmail.com> Message-ID: On Wed, Jun 04, 2025 at 07:36:55PM -0400, Yury Norov wrote: > wg_cpumask_choose_online() opencodes cpumask_nth(). Use it and make the > function significantly simpler. While there, fix opencoded cpu_online() > too. > > Signed-off-by: Yury Norov > --- > drivers/net/wireguard/queueing.h | 14 ++++---------- > 1 file changed, 4 insertions(+), 10 deletions(-) > > diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h > index 7eb76724b3ed..3bfe16f71af0 100644 > --- a/drivers/net/wireguard/queueing.h > +++ b/drivers/net/wireguard/queueing.h > @@ -104,17 +104,11 @@ static inline void wg_reset_packet(struct sk_buff *skb, bool encapsulating) > > static inline int wg_cpumask_choose_online(int *stored_cpu, unsigned int id) > { > - unsigned int cpu = *stored_cpu, cpu_index, i; > + if (likely(*stored_cpu < nr_cpu_ids && cpu_online(*stored_cpu))) > + return cpu; Oops... This should be return *stored_cpu; I'll resend, sorry for noise. > > - if (unlikely(cpu >= nr_cpu_ids || > - !cpumask_test_cpu(cpu, cpu_online_mask))) { > - cpu_index = id % cpumask_weight(cpu_online_mask); > - cpu = cpumask_first(cpu_online_mask); > - for (i = 0; i < cpu_index; ++i) > - cpu = cpumask_next(cpu, cpu_online_mask); > - *stored_cpu = cpu; > - } > - return cpu; > + *stored_cpu = cpumask_nth(id % num_online_cpus(), cpu_online_mask); > + return *stored_cpu; > } > > /* This function is racy, in the sense that it's called while last_cpu is > -- > 2.43.0 From vegeta at tuxpowered.net Thu Jun 5 10:27:22 2025 From: vegeta at tuxpowered.net (Kajetan Staszkiewicz) Date: Thu, 5 Jun 2025 12:27:22 +0200 Subject: are WG clients expected to automatically handle it when the endpoint is within the AllowedIPs In-Reply-To: <1a897464d3fb56184b83cb6ac7b4a2407047b10e.camel@scientia.org> References: <1a897464d3fb56184b83cb6ac7b4a2407047b10e.camel@scientia.org> Message-ID: <8e9f8b10-f438-40d5-a03a-85ef64632b11@tuxpowered.net> On 2025-05-23 00:36, Christoph Anton Mitterer wrote: > (re-posting, now that the list seems to work again) > > > Hey folks. > > In science/education, many organisations (I could find the total list > only in the Android app, but there it seems to be several 1000) use > eduVPN to provide VPN access to their users. > It comes with a client which, AFAIU, either sets up some OpenVPN or WG > VPN. > > I've previously used the OpenVPN profile files successfully with > NetworkManager but now wanted to switch to WG, and again I don't wanna > use the eduVPN client, because I think this should be done with the > native tools that integrate nicely into the system (e.g. NM for desktop > environments, ifupdown/systemd-networkd/etc. for servers). > > ? > > Using that config with NM fails NetworkManager's Wireguard implemmentation already has a way of supporting it by using fwmarks. It's just that the fwmark operation is not automatically turned unless the tunnel is configured with AllowedIPs=::/0 See my comment and a workaround which always forces the fwmark operation on https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1157#note_2426757 -- | pozdrawiam / regards | Powered by Debian and FreeBSD | | Kajetan Staszkiewicz | www: http://tuxpowered.net | | | matrix: @vegeta:tuxpowered.net | `----------------------^--------------------------------' -------------- next part -------------- A non-text attachment was scrubbed... Name: OpenPGP_signature.asc Type: application/pgp-signature Size: 840 bytes Desc: OpenPGP digital signature URL: From atann at alphasrv.net Wed Jun 4 14:53:33 2025 From: atann at alphasrv.net (Andre Tann) Date: Wed, 4 Jun 2025 16:53:33 +0200 Subject: Delay in ipv6 Message-ID: <7e977585-5b93-4591-94f7-bf33c8923543@alphasrv.net> Hi all, I hope this is not offtopic here. If so, pls let me know a better place for this question. I configured wireguard to route both IPv4 and IPv6. Both protocols work fine. But test-ipv6.com only gives 9/10 points because the browser does not use IPV6 even though it is available. Then I investigated a bit and found this: ping -4 dns.google => ping sequence starts immediately ping -6 dns.google => .5 secs delay => ping sequence starts ping -6 dns.google => ping sequence starts immediately i.e.: On the first try, ping6 takes longer, but the second time there is no delay anymore. I suspected DNS trouble, but pinging 2001:4860:4860::8844 shows the exact same behavior: delay the first time, no delay next time. Yet I couldn't determine how long I need to wait until a second try becomes a first one again, i.e. the delay shows up again. Any ideas where to look next? -- Andre Tann From Jason at zx2c4.com Thu Jun 5 11:33:19 2025 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Thu, 5 Jun 2025 13:33:19 +0200 Subject: [PATCH] wireguard/queueing: simplify wg_cpumask_next_online() In-Reply-To: References: <20250604233656.41896-1-yury.norov@gmail.com> Message-ID: On Thu, Jun 05, 2025 at 12:23:29AM -0400, Yury Norov wrote: > On Wed, Jun 04, 2025 at 07:36:55PM -0400, Yury Norov wrote: > > wg_cpumask_choose_online() opencodes cpumask_nth(). Use it and make the > > function significantly simpler. While there, fix opencoded cpu_online() > > too. > > > > Signed-off-by: Yury Norov > > --- > > drivers/net/wireguard/queueing.h | 14 ++++---------- > > 1 file changed, 4 insertions(+), 10 deletions(-) > > > > diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h > > index 7eb76724b3ed..3bfe16f71af0 100644 > > --- a/drivers/net/wireguard/queueing.h > > +++ b/drivers/net/wireguard/queueing.h > > @@ -104,17 +104,11 @@ static inline void wg_reset_packet(struct sk_buff *skb, bool encapsulating) > > > > static inline int wg_cpumask_choose_online(int *stored_cpu, unsigned int id) > > { > > - unsigned int cpu = *stored_cpu, cpu_index, i; > > + if (likely(*stored_cpu < nr_cpu_ids && cpu_online(*stored_cpu))) > > + return cpu; > > Oops... This should be > return *stored_cpu; Maybe it's best to structure the function something like: unsigned int cpu = *stored_cpu; if (unlikely(cpu >= nr_cpu_ids || !cpu_online(cpu))) { cpu = *stored_cpu = cpumask_nth(id % num_online_cpus(), cpu_online_mask); return cpu; From rm at romanrm.net Thu Jun 5 12:04:59 2025 From: rm at romanrm.net (Roman Mamedov) Date: Thu, 5 Jun 2025 17:04:59 +0500 Subject: Delay in ipv6 In-Reply-To: <7e977585-5b93-4591-94f7-bf33c8923543@alphasrv.net> References: <7e977585-5b93-4591-94f7-bf33c8923543@alphasrv.net> Message-ID: <20250605170459.43439532@nvm> On Wed, 4 Jun 2025 16:53:33 +0200 Andre Tann wrote: > Hi all, > > I hope this is not offtopic here. If so, pls let me know a better place > for this question. > > I configured wireguard to route both IPv4 and IPv6. Both protocols work > fine. But test-ipv6.com only gives 9/10 points because the browser does > not use IPV6 even though it is available. > > Then I investigated a bit and found this: > > ping -4 dns.google => ping sequence starts immediately > ping -6 dns.google => .5 secs delay => ping sequence starts > ping -6 dns.google => ping sequence starts immediately > > i.e.: On the first try, ping6 takes longer, but the second time there is > no delay anymore. Hello, Which DNS resolvers do you use? Try 8.8.8.8 or 1.1.1.1 at first, and then their v6 equivalents. > I suspected DNS trouble, but pinging 2001:4860:4860::8844 shows the > exact same behavior: delay the first time, no delay next time. This might be caused by DNS again, trying to resolve PTR record for the IP. Recheck if "ping -n" starts in this case without a delay. -- With respect, Roman From yury.norov at gmail.com Thu Jun 5 14:24:32 2025 From: yury.norov at gmail.com (Yury Norov) Date: Thu, 5 Jun 2025 10:24:32 -0400 Subject: [PATCH] wireguard/queueing: simplify wg_cpumask_next_online() In-Reply-To: References: <20250604233656.41896-1-yury.norov@gmail.com> Message-ID: On Thu, Jun 05, 2025 at 01:33:19PM +0200, Jason A. Donenfeld wrote: > On Thu, Jun 05, 2025 at 12:23:29AM -0400, Yury Norov wrote: > > On Wed, Jun 04, 2025 at 07:36:55PM -0400, Yury Norov wrote: > > > wg_cpumask_choose_online() opencodes cpumask_nth(). Use it and make the > > > function significantly simpler. While there, fix opencoded cpu_online() > > > too. > > > > > > Signed-off-by: Yury Norov > > > --- > > > drivers/net/wireguard/queueing.h | 14 ++++---------- > > > 1 file changed, 4 insertions(+), 10 deletions(-) > > > > > > diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h > > > index 7eb76724b3ed..3bfe16f71af0 100644 > > > --- a/drivers/net/wireguard/queueing.h > > > +++ b/drivers/net/wireguard/queueing.h > > > @@ -104,17 +104,11 @@ static inline void wg_reset_packet(struct sk_buff *skb, bool encapsulating) > > > > > > static inline int wg_cpumask_choose_online(int *stored_cpu, unsigned int id) > > > { > > > - unsigned int cpu = *stored_cpu, cpu_index, i; > > > + if (likely(*stored_cpu < nr_cpu_ids && cpu_online(*stored_cpu))) > > > + return cpu; > > > > Oops... This should be > > return *stored_cpu; > > Maybe it's best to structure the function something like: > > unsigned int cpu = *stored_cpu; > if (unlikely(cpu >= nr_cpu_ids || !cpu_online(cpu))) { > cpu = *stored_cpu = cpumask_nth(id % num_online_cpus(), cpu_online_mask); > return cpu; If you prefer. I'll send v2 shortly From Jason at zx2c4.com Thu Jun 5 15:47:32 2025 From: Jason at zx2c4.com (Jason A. Donenfeld) Date: Thu, 5 Jun 2025 17:47:32 +0200 Subject: [PATCH] wireguard/queueing: simplify wg_cpumask_next_online() In-Reply-To: References: <20250604233656.41896-1-yury.norov@gmail.com>

Message-ID: On Thu, Jun 05, 2025 at 10:24:32AM -0400, Yury Norov wrote: > On Thu, Jun 05, 2025 at 01:33:19PM +0200, Jason A. Donenfeld wrote: > > On Thu, Jun 05, 2025 at 12:23:29AM -0400, Yury Norov wrote: > > > On Wed, Jun 04, 2025 at 07:36:55PM -0400, Yury Norov wrote: > > > > wg_cpumask_choose_online() opencodes cpumask_nth(). Use it and make the > > > > function significantly simpler. While there, fix opencoded cpu_online() > > > > too. > > > > > > > > Signed-off-by: Yury Norov > > > > --- > > > > drivers/net/wireguard/queueing.h | 14 ++++---------- > > > > 1 file changed, 4 insertions(+), 10 deletions(-) > > > > > > > > diff --git a/drivers/net/wireguard/queueing.h b/drivers/net/wireguard/queueing.h > > > > index 7eb76724b3ed..3bfe16f71af0 100644 > > > > --- a/drivers/net/wireguard/queueing.h > > > > +++ b/drivers/net/wireguard/queueing.h > > > > @@ -104,17 +104,11 @@ static inline void wg_reset_packet(struct sk_buff *skb, bool encapsulating) > > > > > > > > static inline int wg_cpumask_choose_online(int *stored_cpu, unsigned int id) > > > > { > > > > - unsigned int cpu = *stored_cpu, cpu_index, i; > > > > + if (likely(*stored_cpu < nr_cpu_ids && cpu_online(*stored_cpu))) > > > > + return cpu; > > > > > > Oops... This should be > > > return *stored_cpu; > > > > Maybe it's best to structure the function something like: > > > > unsigned int cpu = *stored_cpu; > > if (unlikely(cpu >= nr_cpu_ids || !cpu_online(cpu))) { > > cpu = *stored_cpu = cpumask_nth(id % num_online_cpus(), cpu_online_mask); > > return cpu; > > If you prefer. I'll send v2 shortly While you're at it, fix the commit subject to match the format used by every single other wireguard commit. `$ git log --oneline drivers/net/wireguard` to see what I mean. From calestyo at scientia.org Sun Jun 8 21:11:01 2025 From: calestyo at scientia.org (Christoph Anton Mitterer) Date: Sun, 08 Jun 2025 23:11:01 +0200 Subject: are WG clients expected to automatically handle it when the endpoint is within the AllowedIPs In-Reply-To: <8e9f8b10-f438-40d5-a03a-85ef64632b11@tuxpowered.net> References: <1a897464d3fb56184b83cb6ac7b4a2407047b10e.camel@scientia.org> <8e9f8b10-f438-40d5-a03a-85ef64632b11@tuxpowered.net> Message-ID: <27eacd15c147889708652227cedadf5f01d79d8e.camel@scientia.org> Hey. On Thu, 2025-06-05 at 12:27 +0200, Kajetan Staszkiewicz wrote: > NetworkManager's Wireguard implemmentation already has a way of > supporting it by using fwmarks. It's just that the fwmark operation > is > not automatically turned unless the tunnel is configured with > AllowedIPs=::/0 AFAIU, even the AllowedIPs=::/0 case was only fixed[0] (in the sense of: making it work out-of-the-box) recently, right? But nevertheless, my main point was,... is it expected to be handled *automatically* by WG clients? It's clear that one can always make it somehow manually working, like with the way from your comment or like how I did with adding a specific route for the endpoint in [1] (though your approach is probably cleaner). And at least as of now, neither NM nor wg-quick seem to work out-of- the-box with a split profile as described before. > See my comment and a workaround which always forces the fwmark > operation > on > https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1157#note_2426757 I would rather not have that imposed on "end-users"... not ruled out they get it wrong and perhaps even compromise security. Cheers, Chris. [0] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2158 [1] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/1737 From petrm at nvidia.com Mon Jun 9 20:50:17 2025 From: petrm at nvidia.com (Petr Machata) Date: Mon, 9 Jun 2025 22:50:17 +0200 Subject: [PATCH net-next 01/14] net: ipv4: Add a flags argument to iptunnel_xmit(), udp_tunnel_xmit_skb() In-Reply-To: References: Message-ID: iptunnel_xmit() erases the contents of the SKB control block. In order to be able to set particular IPCB flags on the SKB, add a corresponding parameter, and propagate it to udp_tunnel_xmit_skb() as well. In one of the following patches, VXLAN driver will use this facility to mark packets as subject to IP multicast routing. Signed-off-by: Petr Machata Reviewed-by: Ido Schimmel --- Notes: CC: Pablo Neira Ayuso CC: osmocom-net-gprs at lists.osmocom.org CC: Andrew Lunn CC: Taehee Yoo CC: Antonio Quartulli CC: "Jason A. Donenfeld" CC: wireguard at lists.zx2c4.com CC: Marcelo Ricardo Leitner CC: linux-sctp at vger.kernel.org CC: Jon Maloy CC: tipc-discussion at lists.sourceforge.net drivers/net/amt.c | 9 ++++++--- drivers/net/bareudp.c | 4 ++-- drivers/net/geneve.c | 4 ++-- drivers/net/gtp.c | 10 ++++++---- drivers/net/ovpn/udp.c | 2 +- drivers/net/vxlan/vxlan_core.c | 2 +- drivers/net/wireguard/socket.c | 2 +- include/net/ip_tunnels.h | 2 +- include/net/udp_tunnel.h | 2 +- net/ipv4/ip_tunnel.c | 4 ++-- net/ipv4/ip_tunnel_core.c | 4 +++- net/ipv4/udp_tunnel_core.c | 5 +++-- net/ipv6/sit.c | 2 +- net/sctp/protocol.c | 3 ++- net/tipc/udp_media.c | 2 +- 15 files changed, 33 insertions(+), 24 deletions(-) diff --git a/drivers/net/amt.c b/drivers/net/amt.c index 734a0b3242a9..d0f719531499 100644 --- a/drivers/net/amt.c +++ b/drivers/net/amt.c @@ -1046,7 +1046,8 @@ static bool amt_send_membership_update(struct amt_dev *amt, amt->gw_port, amt->relay_port, false, - false); + false, + 0); amt_update_gw_status(amt, AMT_STATUS_SENT_UPDATE, true); return false; } @@ -1103,7 +1104,8 @@ static void amt_send_multicast_data(struct amt_dev *amt, amt->relay_port, tunnel->source_port, false, - false); + false, + 0); } static bool amt_send_membership_query(struct amt_dev *amt, @@ -1161,7 +1163,8 @@ static bool amt_send_membership_query(struct amt_dev *amt, amt->relay_port, tunnel->source_port, false, - false); + false, + 0); amt_update_relay_status(tunnel, AMT_STATUS_SENT_QUERY, true); return false; } diff --git a/drivers/net/bareudp.c b/drivers/net/bareudp.c index a9dffdcac805..5e613080d3f8 100644 --- a/drivers/net/bareudp.c +++ b/drivers/net/bareudp.c @@ -362,8 +362,8 @@ static int bareudp_xmit_skb(struct sk_buff *skb, struct net_device *dev, udp_tunnel_xmit_skb(rt, sock->sk, skb, saddr, info->key.u.ipv4.dst, tos, ttl, df, sport, bareudp->port, !net_eq(bareudp->net, dev_net(bareudp->dev)), - !test_bit(IP_TUNNEL_CSUM_BIT, - info->key.tun_flags)); + !test_bit(IP_TUNNEL_CSUM_BIT, info->key.tun_flags), + 0); return 0; free_dst: diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c index ffc15a432689..c668e8b00ed2 100644 --- a/drivers/net/geneve.c +++ b/drivers/net/geneve.c @@ -921,8 +921,8 @@ static int geneve_xmit_skb(struct sk_buff *skb, struct net_device *dev, udp_tunnel_xmit_skb(rt, gs4->sock->sk, skb, saddr, info->key.u.ipv4.dst, tos, ttl, df, sport, geneve->cfg.info.key.tp_dst, !net_eq(geneve->net, dev_net(geneve->dev)), - !test_bit(IP_TUNNEL_CSUM_BIT, - info->key.tun_flags)); + !test_bit(IP_TUNNEL_CSUM_BIT, info->key.tun_flags), + 0); return 0; } diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c index d4dec741c7f4..14584793fe4e 100644 --- a/drivers/net/gtp.c +++ b/drivers/net/gtp.c @@ -446,7 +446,8 @@ static int gtp0_send_echo_resp_ip(struct gtp_dev *gtp, struct sk_buff *skb) htons(GTP0_PORT), htons(GTP0_PORT), !net_eq(sock_net(gtp->sk1u), dev_net(gtp->dev)), - false); + false, + 0); return 0; } @@ -704,7 +705,8 @@ static int gtp1u_send_echo_resp(struct gtp_dev *gtp, struct sk_buff *skb) htons(GTP1U_PORT), htons(GTP1U_PORT), !net_eq(sock_net(gtp->sk1u), dev_net(gtp->dev)), - false); + false, + 0); return 0; } @@ -1304,7 +1306,7 @@ static netdev_tx_t gtp_dev_xmit(struct sk_buff *skb, struct net_device *dev) pktinfo.gtph_port, pktinfo.gtph_port, !net_eq(sock_net(pktinfo.pctx->sk), dev_net(dev)), - false); + false, 0); break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) @@ -2405,7 +2407,7 @@ static int gtp_genl_send_echo_req(struct sk_buff *skb, struct genl_info *info) port, port, !net_eq(sock_net(sk), dev_net(gtp->dev)), - false); + false, 0); return 0; } diff --git a/drivers/net/ovpn/udp.c b/drivers/net/ovpn/udp.c index bff00946eae2..d866e6bfda70 100644 --- a/drivers/net/ovpn/udp.c +++ b/drivers/net/ovpn/udp.c @@ -199,7 +199,7 @@ static int ovpn_udp4_output(struct ovpn_peer *peer, struct ovpn_bind *bind, transmit: udp_tunnel_xmit_skb(rt, sk, skb, fl.saddr, fl.daddr, 0, ip4_dst_hoplimit(&rt->dst), 0, fl.fl4_sport, - fl.fl4_dport, false, sk->sk_no_check_tx); + fl.fl4_dport, false, sk->sk_no_check_tx, 0); ret = 0; err: local_bh_enable(); diff --git a/drivers/net/vxlan/vxlan_core.c b/drivers/net/vxlan/vxlan_core.c index a56d7239b127..d7a5d8873a1b 100644 --- a/drivers/net/vxlan/vxlan_core.c +++ b/drivers/net/vxlan/vxlan_core.c @@ -2522,7 +2522,7 @@ void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev, udp_tunnel_xmit_skb(rt, sock4->sock->sk, skb, saddr, pkey->u.ipv4.dst, tos, ttl, df, - src_port, dst_port, xnet, !udp_sum); + src_port, dst_port, xnet, !udp_sum, 0); #if IS_ENABLED(CONFIG_IPV6) } else { struct vxlan_sock *sock6 = rcu_dereference(vxlan->vn6_sock); diff --git a/drivers/net/wireguard/socket.c b/drivers/net/wireguard/socket.c index 0414d7a6ce74..88e685667bc0 100644 --- a/drivers/net/wireguard/socket.c +++ b/drivers/net/wireguard/socket.c @@ -84,7 +84,7 @@ static int send4(struct wg_device *wg, struct sk_buff *skb, skb->ignore_df = 1; udp_tunnel_xmit_skb(rt, sock, skb, fl.saddr, fl.daddr, ds, ip4_dst_hoplimit(&rt->dst), 0, fl.fl4_sport, - fl.fl4_dport, false, false); + fl.fl4_dport, false, false, 0); goto out; err: diff --git a/include/net/ip_tunnels.h b/include/net/ip_tunnels.h index 0c3d571a04a1..8cf1380f3656 100644 --- a/include/net/ip_tunnels.h +++ b/include/net/ip_tunnels.h @@ -603,7 +603,7 @@ static inline int iptunnel_pull_header(struct sk_buff *skb, int hdr_len, void iptunnel_xmit(struct sock *sk, struct rtable *rt, struct sk_buff *skb, __be32 src, __be32 dst, u8 proto, - u8 tos, u8 ttl, __be16 df, bool xnet); + u8 tos, u8 ttl, __be16 df, bool xnet, u16 ipcb_flags); struct metadata_dst *iptunnel_metadata_reply(struct metadata_dst *md, gfp_t flags); int skb_tunnel_check_pmtu(struct sk_buff *skb, struct dst_entry *encap_dst, diff --git a/include/net/udp_tunnel.h b/include/net/udp_tunnel.h index 2df3b8344eb5..28102c8fd8a8 100644 --- a/include/net/udp_tunnel.h +++ b/include/net/udp_tunnel.h @@ -150,7 +150,7 @@ static inline void udp_tunnel_drop_rx_info(struct net_device *dev) void udp_tunnel_xmit_skb(struct rtable *rt, struct sock *sk, struct sk_buff *skb, __be32 src, __be32 dst, __u8 tos, __u8 ttl, __be16 df, __be16 src_port, __be16 dst_port, - bool xnet, bool nocheck); + bool xnet, bool nocheck, u16 ipcb_flags); int udp_tunnel6_xmit_skb(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb, diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c index 678b8f96e3e9..aaeb5d16f0c9 100644 --- a/net/ipv4/ip_tunnel.c +++ b/net/ipv4/ip_tunnel.c @@ -668,7 +668,7 @@ void ip_md_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, ip_tunnel_adj_headroom(dev, headroom); iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr, proto, tos, ttl, - df, !net_eq(tunnel->net, dev_net(dev))); + df, !net_eq(tunnel->net, dev_net(dev)), 0); return; tx_error: DEV_STATS_INC(dev, tx_errors); @@ -857,7 +857,7 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, ip_tunnel_adj_headroom(dev, max_headroom); iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr, protocol, tos, ttl, - df, !net_eq(tunnel->net, dev_net(dev))); + df, !net_eq(tunnel->net, dev_net(dev)), 0); return; #if IS_ENABLED(CONFIG_IPV6) diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c index f65d2f727381..cc9915543637 100644 --- a/net/ipv4/ip_tunnel_core.c +++ b/net/ipv4/ip_tunnel_core.c @@ -49,7 +49,8 @@ EXPORT_SYMBOL(ip6tun_encaps); void iptunnel_xmit(struct sock *sk, struct rtable *rt, struct sk_buff *skb, __be32 src, __be32 dst, __u8 proto, - __u8 tos, __u8 ttl, __be16 df, bool xnet) + __u8 tos, __u8 ttl, __be16 df, bool xnet, + u16 ipcb_flags) { int pkt_len = skb->len - skb_inner_network_offset(skb); struct net *net = dev_net(rt->dst.dev); @@ -62,6 +63,7 @@ void iptunnel_xmit(struct sock *sk, struct rtable *rt, struct sk_buff *skb, skb_clear_hash_if_not_l4(skb); skb_dst_set(skb, &rt->dst); memset(IPCB(skb), 0, sizeof(*IPCB(skb))); + IPCB(skb)->flags = ipcb_flags; /* Push down and install the IP header. */ skb_push(skb, sizeof(struct iphdr)); diff --git a/net/ipv4/udp_tunnel_core.c b/net/ipv4/udp_tunnel_core.c index 2326548997d3..9efd62505916 100644 --- a/net/ipv4/udp_tunnel_core.c +++ b/net/ipv4/udp_tunnel_core.c @@ -169,7 +169,7 @@ EXPORT_SYMBOL_GPL(udp_tunnel_notify_del_rx_port); void udp_tunnel_xmit_skb(struct rtable *rt, struct sock *sk, struct sk_buff *skb, __be32 src, __be32 dst, __u8 tos, __u8 ttl, __be16 df, __be16 src_port, __be16 dst_port, - bool xnet, bool nocheck) + bool xnet, bool nocheck, u16 ipcb_flags) { struct udphdr *uh; @@ -185,7 +185,8 @@ void udp_tunnel_xmit_skb(struct rtable *rt, struct sock *sk, struct sk_buff *skb udp_set_csum(nocheck, skb, src, dst, skb->len); - iptunnel_xmit(sk, rt, skb, src, dst, IPPROTO_UDP, tos, ttl, df, xnet); + iptunnel_xmit(sk, rt, skb, src, dst, IPPROTO_UDP, tos, ttl, df, xnet, + ipcb_flags); } EXPORT_SYMBOL_GPL(udp_tunnel_xmit_skb); diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c index a72dbca9e8fc..12496ba1b7d4 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -1035,7 +1035,7 @@ static netdev_tx_t ipip6_tunnel_xmit(struct sk_buff *skb, skb_set_inner_ipproto(skb, IPPROTO_IPV6); iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr, protocol, tos, ttl, - df, !net_eq(tunnel->net, dev_net(dev))); + df, !net_eq(tunnel->net, dev_net(dev)), 0); return NETDEV_TX_OK; tx_error_icmp: diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c index 8c3b80c4d40b..bfbb73e359f5 100644 --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c @@ -1103,7 +1103,8 @@ static inline int sctp_v4_xmit(struct sk_buff *skb, struct sctp_transport *t) skb_set_inner_ipproto(skb, IPPROTO_SCTP); udp_tunnel_xmit_skb(dst_rtable(dst), sk, skb, fl4->saddr, fl4->daddr, dscp, ip4_dst_hoplimit(dst), df, - sctp_sk(sk)->udp_port, t->encap_port, false, false); + sctp_sk(sk)->udp_port, t->encap_port, false, false, + 0); return 0; } diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c index 108a4cc2e001..87e8c1e6d550 100644 --- a/net/tipc/udp_media.c +++ b/net/tipc/udp_media.c @@ -197,7 +197,7 @@ static int tipc_udp_xmit(struct net *net, struct sk_buff *skb, ttl = ip4_dst_hoplimit(&rt->dst); udp_tunnel_xmit_skb(rt, ub->ubsock->sk, skb, src->ipv4.s_addr, dst->ipv4.s_addr, 0, ttl, 0, src->port, - dst->port, false, true); + dst->port, false, true, 0); #if IS_ENABLED(CONFIG_IPV6) } else { if (!ndst) { -- 2.49.0 From ihor.solodrai at linux.dev Mon Jun 9 20:55:18 2025 From: ihor.solodrai at linux.dev (Ihor Solodrai) Date: Mon, 9 Jun 2025 13:55:18 -0700 Subject: [syzbot] [net?] general protection fault in veth_xdp_rcv In-Reply-To: <683da55e.a00a0220.d8eae.0052.GAE@google.com> References: <683da55e.a00a0220.d8eae.0052.GAE@google.com> Message-ID: <6fd7a5b5-ee26-4cc5-8eb0-449c4e326ccc@linux.dev> On 6/2/25 6:21 AM, syzbot wrote: > Hello, > > syzbot found the following issue on: > > HEAD commit: 4cb6c8af8591 selftests/filesystems: Fix build of anon_inod.. > git tree: upstream > console output: https://syzkaller.appspot.com/x/log.txt?x=11e8300c580000 > kernel config: https://syzkaller.appspot.com/x/.config?x=5319177d225a42f1 > dashboard link: https://syzkaller.appspot.com/bug?extid=c4c7bf27f6b0c4bd97fe > compiler: gcc (Debian 12.2.0-14) 12.2.0, GNU ld (GNU Binutils for Debian) 2.40 > > Unfortunately, I don't have any reproducer for this issue yet. > > Downloadable assets: > disk image (non-bootable): https://storage.googleapis.com/syzbot-assets/d900f083ada3/non_bootable_disk-4cb6c8af.raw.xz > vmlinux: https://storage.googleapis.com/syzbot-assets/bc0e5dfdd686/vmlinux-4cb6c8af.xz > kernel image: https://storage.googleapis.com/syzbot-assets/2cdd323de6ca/bzImage-4cb6c8af.xz > > IMPORTANT: if you fix the issue, please add the following tag to the commit: > Reported-by: syzbot+c4c7bf27f6b0c4bd97fe at syzkaller.appspotmail.com > > Oops: general protection fault, probably for non-canonical address 0xdffffc0000000098: 0000 [#1] SMP KASAN NOPTI > KASAN: null-ptr-deref in range [0x00000000000004c0-0x00000000000004c7] > CPU: 1 UID: 0 PID: 5975 Comm: kworker/1:4 Not tainted 6.15.0-syzkaller-10402-g4cb6c8af8591 #0 PREEMPT(full) > Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 > Workqueue: wg-kex-wg0 wg_packet_handshake_receive_worker > RIP: 0010:netdev_get_tx_queue include/linux/netdevice.h:2636 [inline] > RIP: 0010:veth_xdp_rcv.constprop.0+0x142/0xda0 drivers/net/veth.c:912 > Code: 54 d9 31 fb 45 85 e4 0f 85 db 08 00 00 e8 06 de 31 fb 48 8d bd c0 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 18 0c 00 00 44 8b a5 c0 04 00 > RSP: 0018:ffffc900006a09b8 EFLAGS: 00010202 > RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff868a1686 > RDX: 0000000000000098 RSI: ffffffff868a0d9a RDI: 00000000000004c0 > RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 > R10: 0000000000000001 R11: ffffc900006a0ff8 R12: 0000000000000001 > R13: 1ffff920000d4145 R14: ffffc900006a0e58 R15: ffff8880503d0000 > FS: 0000000000000000(0000) GS:ffff8880d686e000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00007fe5e3a6ad58 CR3: 000000000e382000 CR4: 0000000000352ef0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > Call Trace: > > veth_poll+0x19c/0x9c0 drivers/net/veth.c:979 > __napi_poll.constprop.0+0xba/0x550 net/core/dev.c:7414 > napi_poll net/core/dev.c:7478 [inline] > net_rx_action+0xa9f/0xfe0 net/core/dev.c:7605 > handle_softirqs+0x219/0x8e0 kernel/softirq.c:579 > do_softirq kernel/softirq.c:480 [inline] > do_softirq+0xb2/0xf0 kernel/softirq.c:467 > > > __local_bh_enable_ip+0x100/0x120 kernel/softirq.c:407 > local_bh_enable include/linux/bottom_half.h:33 [inline] > fpregs_unlock arch/x86/include/asm/fpu/api.h:77 [inline] > kernel_fpu_end+0x5e/0x70 arch/x86/kernel/fpu/core.c:476 > blake2s_compress+0x7f/0xe0 arch/x86/lib/crypto/blake2s-glue.c:46 > blake2s_final+0xc9/0x150 lib/crypto/blake2s.c:54 > hmac.constprop.0+0x335/0x420 drivers/net/wireguard/noise.c:333 > kdf.constprop.0+0x122/0x280 drivers/net/wireguard/noise.c:360 > mix_dh+0xe8/0x150 drivers/net/wireguard/noise.c:413 > wg_noise_handshake_consume_initiation+0x265/0x880 drivers/net/wireguard/noise.c:608 > wg_receive_handshake_packet+0x219/0xbf0 drivers/net/wireguard/receive.c:144 > wg_packet_handshake_receive_worker+0x17f/0x3a0 drivers/net/wireguard/receive.c:213 > process_one_work+0x9cc/0x1b70 kernel/workqueue.c:3238 > process_scheduled_works kernel/workqueue.c:3321 [inline] > worker_thread+0x6c8/0xf10 kernel/workqueue.c:3402 > kthread+0x3c2/0x780 kernel/kthread.c:464 > ret_from_fork+0x5d4/0x6f0 arch/x86/kernel/process.c:148 > ret_from_fork_asm+0x1a/0x30 arch/x86/entry/entry_64.S:245 > > Modules linked in: > ---[ end trace 0000000000000000 ]--- > RIP: 0010:netdev_get_tx_queue include/linux/netdevice.h:2636 [inline] > RIP: 0010:veth_xdp_rcv.constprop.0+0x142/0xda0 drivers/net/veth.c:912 > Code: 54 d9 31 fb 45 85 e4 0f 85 db 08 00 00 e8 06 de 31 fb 48 8d bd c0 04 00 00 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 84 c0 74 08 3c 03 0f 8e 18 0c 00 00 44 8b a5 c0 04 00 > RSP: 0018:ffffc900006a09b8 EFLAGS: 00010202 > RAX: dffffc0000000000 RBX: 0000000000000000 RCX: ffffffff868a1686 > RDX: 0000000000000098 RSI: ffffffff868a0d9a RDI: 00000000000004c0 > RBP: 0000000000000000 R08: 0000000000000005 R09: 0000000000000000 > R10: 0000000000000001 R11: ffffc900006a0ff8 R12: 0000000000000001 > R13: 1ffff920000d4145 R14: ffffc900006a0e58 R15: ffff8880503d0000 > FS: 0000000000000000(0000) GS:ffff8880d686e000(0000) knlGS:0000000000000000 > CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 > CR2: 00007fe5e3a6ad58 CR3: 000000000e382000 CR4: 0000000000352ef0 > DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 > DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 > ---------------- Got a very similar call trace on current bpf-next (e41079f53e87) [1], see a paste below. It's flaky, couldn't reproduce so far. Any relevant fixes in flight? #629/1 xdp_veth_broadcast_redirect/0/BROADCAST:OK #629/2 xdp_veth_broadcast_redirect/0/(BROADCAST | EXCLUDE_INGRESS):OK #629/3 xdp_veth_broadcast_redirect/DRV_MODE/BROADCAST:OK #629/4 xdp_veth_broadcast_redirect/DRV_MODE/(BROADCAST | EXCLUDE_INGRESS):OK #629/5 xdp_veth_broadcast_redirect/SKB_MODE/BROADCAST:OK #629/6 xdp_veth_broadcast_redirect/SKB_MODE/(BROADCAST | EXCLUDE_INGRESS):OK #629 xdp_veth_broadcast_redirect:OK [ 343.217465] BUG: kernel NULL pointer dereference, address: 0000000000000018 [ 343.218173] #PF: supervisor read access in kernel mode [ 343.218644] #PF: error_code(0x0000) - not-present page [ 343.219128] PGD 0 P4D 0 [ 343.219379] Oops: Oops: 0000 [#1] SMP NOPTI [ 343.219768] CPU: 1 UID: 0 PID: 7635 Comm: kworker/1:11 Tainted: G W OE 6.15.0-g2b36f2252b0a-dirty #7 PREEMPT(full) [ 343.220844] Tainted: [W]=WARN, [O]=OOT_MODULE, [E]=UNSIGNED_MODULE [ 343.221436] Hardware name: QEMU Ubuntu 24.04 PC (i440FX + PIIX, 1996), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 343.222356] Workqueue: mld mld_dad_work [ 343.222730] RIP: 0010:veth_xdp_rcv.constprop.0+0x6b/0x380 [ 343.223242] Code: 01 48 89 84 24 90 00 00 00 31 c0 48 8b aa 80 0c 00 00 f3 48 ab e8 f5 e3 48 00 85 c0 0f 85 9c 02 00 00 4c 8d 34 5b 49 c1 e6 07 <4c> 03 75 18 45 85 e4 0f 8e ec 02 00 00 31 db 31 ed eb 4c 48 83 e6 [ 343.224977] RSP: 0018:ffff9aaa400e8ca8 EFLAGS: 00010246 [ 343.225475] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000002 [ 343.226139] RDX: 0000000000000001 RSI: ffff8f22912a5000 RDI: ffff9aaa400e8d38 [ 343.226808] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 343.227484] R10: 0000000000000001 R11: ffff9aaa400e8ff8 R12: 0000000000000040 [ 343.228143] R13: ffff9aaa400e8d78 R14: 0000000000000000 R15: ffff8f220ad0f000 [ 343.228820] FS: 0000000000000000(0000) GS:ffff8f22912a5000(0000) knlGS:0000000000000000 [ 343.229572] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 343.230118] CR2: 0000000000000018 CR3: 000000010ce45005 CR4: 0000000000770ef0 [ 343.230794] PKRU: 55555554 [ 343.231061] Call Trace: [ 343.231306] [ 343.231522] veth_poll+0x7b/0x3a0 [ 343.231856] __napi_poll.constprop.0+0x28/0x1d0 [ 343.232297] net_rx_action+0x199/0x350 [ 343.232682] handle_softirqs+0xd3/0x400 [ 343.233057] ? __dev_queue_xmit+0x27b/0x1250 [ 343.233473] do_softirq+0x43/0x90 [ 343.233804] [ 343.234016] [ 343.234226] __local_bh_enable_ip+0xb5/0xd0 [ 343.234622] ? __dev_queue_xmit+0x27b/0x1250 [ 343.235035] __dev_queue_xmit+0x290/0x1250 [ 343.235431] ? lock_acquire+0xbe/0x2c0 [ 343.235797] ? ip6_finish_output+0x25e/0x540 [ 343.236210] ? mark_held_locks+0x40/0x70 [ 343.236583] ip6_finish_output2+0x38f/0xb80 [ 343.237002] ? lock_release+0xc6/0x290 [ 343.237364] ip6_finish_output+0x25e/0x540 [ 343.237761] mld_sendpack+0x1c1/0x3a0 [ 343.238123] mld_dad_work+0x3e/0x150 [ 343.238473] process_one_work+0x1f8/0x580 [ 343.238859] worker_thread+0x1ce/0x3c0 [ 343.239224] ? __pfx_worker_thread+0x10/0x10 [ 343.239638] kthread+0x128/0x250 [ 343.239954] ? __pfx_kthread+0x10/0x10 [ 343.240320] ? __pfx_kthread+0x10/0x10 [ 343.240691] ret_from_fork+0x15c/0x1b0 [ 343.241056] ? __pfx_kthread+0x10/0x10 [ 343.241418] ret_from_fork_asm+0x1a/0x30 [ 343.241800] [ 343.242021] Modules linked in: bpf_testmod(OE) [last unloaded: bpf_test_no_cfi(OE)] [ 343.242737] CR2: 0000000000000018 [ 343.243064] ---[ end trace 0000000000000000 ]--- [ 343.243503] RIP: 0010:veth_xdp_rcv.constprop.0+0x6b/0x380 [ 343.244014] Code: 01 48 89 84 24 90 00 00 00 31 c0 48 8b aa 80 0c 00 00 f3 48 ab e8 f5 e3 48 00 85 c0 0f 85 9c 02 00 00 4c 8d 34 5b 49 c1 e6 07 <4c> 03 75 18 45 85 e4 0f 8e ec 02 00 00 31 db 31 ed eb 4c 48 83 e6 [ 343.245743] RSP: 0018:ffff9aaa400e8ca8 EFLAGS: 00010246 [ 343.246236] RAX: 0000000000000001 RBX: 0000000000000000 RCX: 0000000000000002 [ 343.246897] RDX: 0000000000000001 RSI: ffff8f22912a5000 RDI: ffff9aaa400e8d38 [ 343.247557] RBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000 [ 343.248219] R10: 0000000000000001 R11: ffff9aaa400e8ff8 R12: 0000000000000040 [ 343.248868] R13: ffff9aaa400e8d78 R14: 0000000000000000 R15: ffff8f220ad0f000 [ 343.249496] FS: 0000000000000000(0000) GS:ffff8f22912a5000(0000) knlGS:0000000000000000 [ 343.250109] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 343.250651] CR2: 0000000000000018 CR3: 000000010ce45005 CR4: 0000000000770ef0 [ 343.251320] PKRU: 55555554 [ 343.251548] Kernel panic - not syncing: Fatal exception in interrupt [ 343.252317] Kernel Offset: 0x27000000 from 0xffffffff81000000 (relocation range: 0xffffffff80000000-0xffffffffbfffffff) Failed to run command Caused by: 0: Failed to QGA guest-exec-status 1: error running guest_exec_status 2: Broken pipe (os error 32) 3: Broken pipe (os error 32) ##[error]Process completed with exit code 2. [1] https://github.com/kernel-patches/bpf/actions/runs/15543380196/job/43759847203 > Code disassembly (best guess): > 0: 54 push %rsp > 1: d9 31 fnstenv (%rcx) > 3: fb sti > 4: 45 85 e4 test %r12d,%r12d > 7: 0f 85 db 08 00 00 jne 0x8e8 > d: e8 06 de 31 fb call 0xfb31de18 > 12: 48 8d bd c0 04 00 00 lea 0x4c0(%rbp),%rdi > 19: 48 b8 00 00 00 00 00 movabs $0xdffffc0000000000,%rax > 20: fc ff df > 23: 48 89 fa mov %rdi,%rdx > 26: 48 c1 ea 03 shr $0x3,%rdx > * 2a: 0f b6 04 02 movzbl (%rdx,%rax,1),%eax <-- trapping instruction > 2e: 84 c0 test %al,%al > 30: 74 08 je 0x3a > 32: 3c 03 cmp $0x3,%al > 34: 0f 8e 18 0c 00 00 jle 0xc52 > 3a: 44 rex.R > 3b: 8b .byte 0x8b > 3c: a5 movsl %ds:(%rsi),%es:(%rdi) > 3d: c0 .byte 0xc0 > 3e: 04 00 add $0x0,%al > > > --- > This report is generated by a bot. It may contain errors. > See https://goo.gl/tpsmEJ for more information about syzbot. > syzbot engineers can be reached at syzkaller at googlegroups.com. > > syzbot will keep track of this issue. See: > https://goo.gl/tpsmEJ#status for how to communicate with syzbot. > > If the report is already addressed, let syzbot know by replying with: > #syz fix: exact-commit-title > > If you want to overwrite report's subsystems, reply with: > #syz set subsystems: new-subsystem > (See the list of subsystem names on the web dashboard) > > If the report is a duplicate of another one, reply with: > #syz dup: exact-subject-of-another-report > > If you want to undo deduplication, reply with: > #syz undup From razor at blackwall.org Thu Jun 12 10:28:19 2025 From: razor at blackwall.org (Nikolay Aleksandrov) Date: Thu, 12 Jun 2025 13:28:19 +0300 Subject: [PATCH net-next 01/14] net: ipv4: Add a flags argument to iptunnel_xmit(), udp_tunnel_xmit_skb() In-Reply-To: References: Message-ID: On 6/9/25 23:50, Petr Machata wrote: > iptunnel_xmit() erases the contents of the SKB control block. In order to > be able to set particular IPCB flags on the SKB, add a corresponding > parameter, and propagate it to udp_tunnel_xmit_skb() as well. > > In one of the following patches, VXLAN driver will use this facility to > mark packets as subject to IP multicast routing. > > Signed-off-by: Petr Machata > Reviewed-by: Ido Schimmel > --- > > Notes: > CC: Pablo Neira Ayuso > CC: osmocom-net-gprs at lists.osmocom.org > CC: Andrew Lunn > CC: Taehee Yoo > CC: Antonio Quartulli > CC: "Jason A. Donenfeld" > CC: wireguard at lists.zx2c4.com > CC: Marcelo Ricardo Leitner > CC: linux-sctp at vger.kernel.org > CC: Jon Maloy > CC: tipc-discussion at lists.sourceforge.net > > drivers/net/amt.c | 9 ++++++--- > drivers/net/bareudp.c | 4 ++-- > drivers/net/geneve.c | 4 ++-- > drivers/net/gtp.c | 10 ++++++---- > drivers/net/ovpn/udp.c | 2 +- > drivers/net/vxlan/vxlan_core.c | 2 +- > drivers/net/wireguard/socket.c | 2 +- > include/net/ip_tunnels.h | 2 +- > include/net/udp_tunnel.h | 2 +- > net/ipv4/ip_tunnel.c | 4 ++-- > net/ipv4/ip_tunnel_core.c | 4 +++- > net/ipv4/udp_tunnel_core.c | 5 +++-- > net/ipv6/sit.c | 2 +- > net/sctp/protocol.c | 3 ++- > net/tipc/udp_media.c | 2 +- > 15 files changed, 33 insertions(+), 24 deletions(-) > Reviewed-by: Nikolay Aleksandrov From petrm at nvidia.com Thu Jun 12 20:10:35 2025 From: petrm at nvidia.com (Petr Machata) Date: Thu, 12 Jun 2025 22:10:35 +0200 Subject: [PATCH net-next v2 01/14] net: ipv4: Add a flags argument to iptunnel_xmit(), udp_tunnel_xmit_skb() In-Reply-To: References: Message-ID: <93258d0156bab6c2d8c7c6e1a43d23e13e9830ec.1749757582.git.petrm@nvidia.com> iptunnel_xmit() erases the contents of the SKB control block. In order to be able to set particular IPCB flags on the SKB, add a corresponding parameter, and propagate it to udp_tunnel_xmit_skb() as well. In one of the following patches, VXLAN driver will use this facility to mark packets as subject to IP multicast routing. Signed-off-by: Petr Machata Reviewed-by: Ido Schimmel Reviewed-by: Nikolay Aleksandrov Acked-by: Antonio Quartulli --- Notes: CC: Pablo Neira Ayuso CC: osmocom-net-gprs at lists.osmocom.org CC: Andrew Lunn CC: Taehee Yoo CC: Antonio Quartulli CC: "Jason A. Donenfeld" CC: wireguard at lists.zx2c4.com CC: Marcelo Ricardo Leitner CC: linux-sctp at vger.kernel.org CC: Jon Maloy CC: tipc-discussion at lists.sourceforge.net drivers/net/amt.c | 9 ++++++--- drivers/net/bareudp.c | 4 ++-- drivers/net/geneve.c | 4 ++-- drivers/net/gtp.c | 10 ++++++---- drivers/net/ovpn/udp.c | 2 +- drivers/net/vxlan/vxlan_core.c | 2 +- drivers/net/wireguard/socket.c | 2 +- include/net/ip_tunnels.h | 2 +- include/net/udp_tunnel.h | 2 +- net/ipv4/ip_tunnel.c | 4 ++-- net/ipv4/ip_tunnel_core.c | 4 +++- net/ipv4/udp_tunnel_core.c | 5 +++-- net/ipv6/sit.c | 2 +- net/sctp/protocol.c | 3 ++- net/tipc/udp_media.c | 2 +- 15 files changed, 33 insertions(+), 24 deletions(-) diff --git a/drivers/net/amt.c b/drivers/net/amt.c index 734a0b3242a9..d0f719531499 100644 --- a/drivers/net/amt.c +++ b/drivers/net/amt.c @@ -1046,7 +1046,8 @@ static bool amt_send_membership_update(struct amt_dev *amt, amt->gw_port, amt->relay_port, false, - false); + false, + 0); amt_update_gw_status(amt, AMT_STATUS_SENT_UPDATE, true); return false; } @@ -1103,7 +1104,8 @@ static void amt_send_multicast_data(struct amt_dev *amt, amt->relay_port, tunnel->source_port, false, - false); + false, + 0); } static bool amt_send_membership_query(struct amt_dev *amt, @@ -1161,7 +1163,8 @@ static bool amt_send_membership_query(struct amt_dev *amt, amt->relay_port, tunnel->source_port, false, - false); + false, + 0); amt_update_relay_status(tunnel, AMT_STATUS_SENT_QUERY, true); return false; } diff --git a/drivers/net/bareudp.c b/drivers/net/bareudp.c index a9dffdcac805..5e613080d3f8 100644 --- a/drivers/net/bareudp.c +++ b/drivers/net/bareudp.c @@ -362,8 +362,8 @@ static int bareudp_xmit_skb(struct sk_buff *skb, struct net_device *dev, udp_tunnel_xmit_skb(rt, sock->sk, skb, saddr, info->key.u.ipv4.dst, tos, ttl, df, sport, bareudp->port, !net_eq(bareudp->net, dev_net(bareudp->dev)), - !test_bit(IP_TUNNEL_CSUM_BIT, - info->key.tun_flags)); + !test_bit(IP_TUNNEL_CSUM_BIT, info->key.tun_flags), + 0); return 0; free_dst: diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c index ffc15a432689..c668e8b00ed2 100644 --- a/drivers/net/geneve.c +++ b/drivers/net/geneve.c @@ -921,8 +921,8 @@ static int geneve_xmit_skb(struct sk_buff *skb, struct net_device *dev, udp_tunnel_xmit_skb(rt, gs4->sock->sk, skb, saddr, info->key.u.ipv4.dst, tos, ttl, df, sport, geneve->cfg.info.key.tp_dst, !net_eq(geneve->net, dev_net(geneve->dev)), - !test_bit(IP_TUNNEL_CSUM_BIT, - info->key.tun_flags)); + !test_bit(IP_TUNNEL_CSUM_BIT, info->key.tun_flags), + 0); return 0; } diff --git a/drivers/net/gtp.c b/drivers/net/gtp.c index d4dec741c7f4..14584793fe4e 100644 --- a/drivers/net/gtp.c +++ b/drivers/net/gtp.c @@ -446,7 +446,8 @@ static int gtp0_send_echo_resp_ip(struct gtp_dev *gtp, struct sk_buff *skb) htons(GTP0_PORT), htons(GTP0_PORT), !net_eq(sock_net(gtp->sk1u), dev_net(gtp->dev)), - false); + false, + 0); return 0; } @@ -704,7 +705,8 @@ static int gtp1u_send_echo_resp(struct gtp_dev *gtp, struct sk_buff *skb) htons(GTP1U_PORT), htons(GTP1U_PORT), !net_eq(sock_net(gtp->sk1u), dev_net(gtp->dev)), - false); + false, + 0); return 0; } @@ -1304,7 +1306,7 @@ static netdev_tx_t gtp_dev_xmit(struct sk_buff *skb, struct net_device *dev) pktinfo.gtph_port, pktinfo.gtph_port, !net_eq(sock_net(pktinfo.pctx->sk), dev_net(dev)), - false); + false, 0); break; case AF_INET6: #if IS_ENABLED(CONFIG_IPV6) @@ -2405,7 +2407,7 @@ static int gtp_genl_send_echo_req(struct sk_buff *skb, struct genl_info *info) port, port, !net_eq(sock_net(sk), dev_net(gtp->dev)), - false); + false, 0); return 0; } diff --git a/drivers/net/ovpn/udp.c b/drivers/net/ovpn/udp.c index bff00946eae2..d866e6bfda70 100644 --- a/drivers/net/ovpn/udp.c +++ b/drivers/net/ovpn/udp.c @@ -199,7 +199,7 @@ static int ovpn_udp4_output(struct ovpn_peer *peer, struct ovpn_bind *bind, transmit: udp_tunnel_xmit_skb(rt, sk, skb, fl.saddr, fl.daddr, 0, ip4_dst_hoplimit(&rt->dst), 0, fl.fl4_sport, - fl.fl4_dport, false, sk->sk_no_check_tx); + fl.fl4_dport, false, sk->sk_no_check_tx, 0); ret = 0; err: local_bh_enable(); diff --git a/drivers/net/vxlan/vxlan_core.c b/drivers/net/vxlan/vxlan_core.c index a56d7239b127..d7a5d8873a1b 100644 --- a/drivers/net/vxlan/vxlan_core.c +++ b/drivers/net/vxlan/vxlan_core.c @@ -2522,7 +2522,7 @@ void vxlan_xmit_one(struct sk_buff *skb, struct net_device *dev, udp_tunnel_xmit_skb(rt, sock4->sock->sk, skb, saddr, pkey->u.ipv4.dst, tos, ttl, df, - src_port, dst_port, xnet, !udp_sum); + src_port, dst_port, xnet, !udp_sum, 0); #if IS_ENABLED(CONFIG_IPV6) } else { struct vxlan_sock *sock6 = rcu_dereference(vxlan->vn6_sock); diff --git a/drivers/net/wireguard/socket.c b/drivers/net/wireguard/socket.c index 0414d7a6ce74..88e685667bc0 100644 --- a/drivers/net/wireguard/socket.c +++ b/drivers/net/wireguard/socket.c @@ -84,7 +84,7 @@ static int send4(struct wg_device *wg, struct sk_buff *skb, skb->ignore_df = 1; udp_tunnel_xmit_skb(rt, sock, skb, fl.saddr, fl.daddr, ds, ip4_dst_hoplimit(&rt->dst), 0, fl.fl4_sport, - fl.fl4_dport, false, false); + fl.fl4_dport, false, false, 0); goto out; err: diff --git a/include/net/ip_tunnels.h b/include/net/ip_tunnels.h index 0c3d571a04a1..8cf1380f3656 100644 --- a/include/net/ip_tunnels.h +++ b/include/net/ip_tunnels.h @@ -603,7 +603,7 @@ static inline int iptunnel_pull_header(struct sk_buff *skb, int hdr_len, void iptunnel_xmit(struct sock *sk, struct rtable *rt, struct sk_buff *skb, __be32 src, __be32 dst, u8 proto, - u8 tos, u8 ttl, __be16 df, bool xnet); + u8 tos, u8 ttl, __be16 df, bool xnet, u16 ipcb_flags); struct metadata_dst *iptunnel_metadata_reply(struct metadata_dst *md, gfp_t flags); int skb_tunnel_check_pmtu(struct sk_buff *skb, struct dst_entry *encap_dst, diff --git a/include/net/udp_tunnel.h b/include/net/udp_tunnel.h index 2df3b8344eb5..28102c8fd8a8 100644 --- a/include/net/udp_tunnel.h +++ b/include/net/udp_tunnel.h @@ -150,7 +150,7 @@ static inline void udp_tunnel_drop_rx_info(struct net_device *dev) void udp_tunnel_xmit_skb(struct rtable *rt, struct sock *sk, struct sk_buff *skb, __be32 src, __be32 dst, __u8 tos, __u8 ttl, __be16 df, __be16 src_port, __be16 dst_port, - bool xnet, bool nocheck); + bool xnet, bool nocheck, u16 ipcb_flags); int udp_tunnel6_xmit_skb(struct dst_entry *dst, struct sock *sk, struct sk_buff *skb, diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c index 678b8f96e3e9..aaeb5d16f0c9 100644 --- a/net/ipv4/ip_tunnel.c +++ b/net/ipv4/ip_tunnel.c @@ -668,7 +668,7 @@ void ip_md_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, ip_tunnel_adj_headroom(dev, headroom); iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr, proto, tos, ttl, - df, !net_eq(tunnel->net, dev_net(dev))); + df, !net_eq(tunnel->net, dev_net(dev)), 0); return; tx_error: DEV_STATS_INC(dev, tx_errors); @@ -857,7 +857,7 @@ void ip_tunnel_xmit(struct sk_buff *skb, struct net_device *dev, ip_tunnel_adj_headroom(dev, max_headroom); iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr, protocol, tos, ttl, - df, !net_eq(tunnel->net, dev_net(dev))); + df, !net_eq(tunnel->net, dev_net(dev)), 0); return; #if IS_ENABLED(CONFIG_IPV6) diff --git a/net/ipv4/ip_tunnel_core.c b/net/ipv4/ip_tunnel_core.c index f65d2f727381..cc9915543637 100644 --- a/net/ipv4/ip_tunnel_core.c +++ b/net/ipv4/ip_tunnel_core.c @@ -49,7 +49,8 @@ EXPORT_SYMBOL(ip6tun_encaps); void iptunnel_xmit(struct sock *sk, struct rtable *rt, struct sk_buff *skb, __be32 src, __be32 dst, __u8 proto, - __u8 tos, __u8 ttl, __be16 df, bool xnet) + __u8 tos, __u8 ttl, __be16 df, bool xnet, + u16 ipcb_flags) { int pkt_len = skb->len - skb_inner_network_offset(skb); struct net *net = dev_net(rt->dst.dev); @@ -62,6 +63,7 @@ void iptunnel_xmit(struct sock *sk, struct rtable *rt, struct sk_buff *skb, skb_clear_hash_if_not_l4(skb); skb_dst_set(skb, &rt->dst); memset(IPCB(skb), 0, sizeof(*IPCB(skb))); + IPCB(skb)->flags = ipcb_flags; /* Push down and install the IP header. */ skb_push(skb, sizeof(struct iphdr)); diff --git a/net/ipv4/udp_tunnel_core.c b/net/ipv4/udp_tunnel_core.c index 2326548997d3..9efd62505916 100644 --- a/net/ipv4/udp_tunnel_core.c +++ b/net/ipv4/udp_tunnel_core.c @@ -169,7 +169,7 @@ EXPORT_SYMBOL_GPL(udp_tunnel_notify_del_rx_port); void udp_tunnel_xmit_skb(struct rtable *rt, struct sock *sk, struct sk_buff *skb, __be32 src, __be32 dst, __u8 tos, __u8 ttl, __be16 df, __be16 src_port, __be16 dst_port, - bool xnet, bool nocheck) + bool xnet, bool nocheck, u16 ipcb_flags) { struct udphdr *uh; @@ -185,7 +185,8 @@ void udp_tunnel_xmit_skb(struct rtable *rt, struct sock *sk, struct sk_buff *skb udp_set_csum(nocheck, skb, src, dst, skb->len); - iptunnel_xmit(sk, rt, skb, src, dst, IPPROTO_UDP, tos, ttl, df, xnet); + iptunnel_xmit(sk, rt, skb, src, dst, IPPROTO_UDP, tos, ttl, df, xnet, + ipcb_flags); } EXPORT_SYMBOL_GPL(udp_tunnel_xmit_skb); diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c index a72dbca9e8fc..12496ba1b7d4 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -1035,7 +1035,7 @@ static netdev_tx_t ipip6_tunnel_xmit(struct sk_buff *skb, skb_set_inner_ipproto(skb, IPPROTO_IPV6); iptunnel_xmit(NULL, rt, skb, fl4.saddr, fl4.daddr, protocol, tos, ttl, - df, !net_eq(tunnel->net, dev_net(dev))); + df, !net_eq(tunnel->net, dev_net(dev)), 0); return NETDEV_TX_OK; tx_error_icmp: diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c index 8c3b80c4d40b..bfbb73e359f5 100644 --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c @@ -1103,7 +1103,8 @@ static inline int sctp_v4_xmit(struct sk_buff *skb, struct sctp_transport *t) skb_set_inner_ipproto(skb, IPPROTO_SCTP); udp_tunnel_xmit_skb(dst_rtable(dst), sk, skb, fl4->saddr, fl4->daddr, dscp, ip4_dst_hoplimit(dst), df, - sctp_sk(sk)->udp_port, t->encap_port, false, false); + sctp_sk(sk)->udp_port, t->encap_port, false, false, + 0); return 0; } diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c index 108a4cc2e001..87e8c1e6d550 100644 --- a/net/tipc/udp_media.c +++ b/net/tipc/udp_media.c @@ -197,7 +197,7 @@ static int tipc_udp_xmit(struct net *net, struct sk_buff *skb, ttl = ip4_dst_hoplimit(&rt->dst); udp_tunnel_xmit_skb(rt, ub->ubsock->sk, skb, src->ipv4.s_addr, dst->ipv4.s_addr, 0, ttl, 0, src->port, - dst->port, false, true); + dst->port, false, true, 0); #if IS_ENABLED(CONFIG_IPV6) } else { if (!ndst) { -- 2.49.0 From kuba at kernel.org Fri Jun 13 16:48:58 2025 From: kuba at kernel.org (Jakub Kicinski) Date: Fri, 13 Jun 2025 09:48:58 -0700 Subject: [PATCH net-next v2 01/14] net: ipv4: Add a flags argument to iptunnel_xmit(), udp_tunnel_xmit_skb() In-Reply-To: <93258d0156bab6c2d8c7c6e1a43d23e13e9830ec.1749757582.git.petrm@nvidia.com> References: <93258d0156bab6c2d8c7c6e1a43d23e13e9830ec.1749757582.git.petrm@nvidia.com> Message-ID: <20250613094858.5dfa435e@kernel.org> On Thu, 12 Jun 2025 22:10:35 +0200 Petr Machata wrote: > void udp_tunnel_xmit_skb(struct rtable *rt, struct sock *sk, struct sk_buff *skb, > __be32 src, __be32 dst, __u8 tos, __u8 ttl, > __be16 df, __be16 src_port, __be16 dst_port, > - bool xnet, bool nocheck) > + bool xnet, bool nocheck, u16 ipcb_flags) This is a lot of arguments for a function. I don't have a great suggestion off the top of my head, but maybe think more about it? From petrm at nvidia.com Fri Jun 13 19:23:20 2025 From: petrm at nvidia.com (Petr Machata) Date: Fri, 13 Jun 2025 21:23:20 +0200 Subject: [PATCH net-next v2 01/14] net: ipv4: Add a flags argument to iptunnel_xmit(), udp_tunnel_xmit_skb() In-Reply-To: <20250613094858.5dfa435e@kernel.org> References: <93258d0156bab6c2d8c7c6e1a43d23e13e9830ec.1749757582.git.petrm@nvidia.com> <20250613094858.5dfa435e@kernel.org> Message-ID: <87wm9f2zwd.fsf@nvidia.com> Jakub Kicinski writes: > On Thu, 12 Jun 2025 22:10:35 +0200 Petr Machata wrote: >> void udp_tunnel_xmit_skb(struct rtable *rt, struct sock *sk, struct sk_buff *skb, >> __be32 src, __be32 dst, __u8 tos, __u8 ttl, >> __be16 df, __be16 src_port, __be16 dst_port, >> - bool xnet, bool nocheck) >> + bool xnet, bool nocheck, u16 ipcb_flags) > > This is a lot of arguments for a function. > I don't have a great suggestion off the top of my head, but maybe > think more about it? It wraps functions that take many arguments ^o^ We could exchange src_port, dst_port by passing in the UDP header directly, but I don't think that's a good idea. I guess I don't have great ideas either.