From patchwork Tue Mar 6 22:57:08 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Shannon Nelson X-Patchwork-Id: 882309 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=pass (p=none dis=none) header.from=oracle.com Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=oracle.com header.i=@oracle.com header.b="trCBFKlZ"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zwscH0XpMz9sd0 for ; Wed, 7 Mar 2018 09:57:34 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754039AbeCFW5b (ORCPT ); Tue, 6 Mar 2018 17:57:31 -0500 Received: from aserp2120.oracle.com ([141.146.126.78]:41318 "EHLO aserp2120.oracle.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753971AbeCFW5a (ORCPT ); Tue, 6 Mar 2018 17:57:30 -0500 Received: from pps.filterd (aserp2120.oracle.com [127.0.0.1]) by aserp2120.oracle.com (8.16.0.22/8.16.0.22) with SMTP id w26MuW2e064440; Tue, 6 Mar 2018 22:57:24 GMT DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=oracle.com; h=from : to : subject : date : message-id; s=corp-2017-10-26; bh=iJCbe2RiR1AVXfAHgrU4ftJ73BAjqNnmfFwDMGK6vvo=; b=trCBFKlZhIUDs6orjMTR48zXyA3PnkYglPVZNleuMA1pz12vonFeRhhShjzeJotYdLhR B/968bzUvsWiCsbuE9E6Hb9kDldKgX0iLc9Ns2h2Q4JvaaEjS1KfZJXo2DmnPHpYkzND sM7KhkikFMDSbMo0k15DsDFnzFfW5WOWEO4F/gscvFYKXsm4e6zzPIU52iTBvKMpqVuG P6tJP494gmlVXx+c+TPh6wnXdNPbN0EMqmd/MXMjQtG+p3oz9WSNCnZ86Frb99gSlH8L sHFuTZDYtQrWLXBP4zx3RPSnmVsJcaCfVdGCwsYZkBwdAYmVtlU/+mh/mKYo5c1sgU0X 1w== Received: from aserv0021.oracle.com (aserv0021.oracle.com [141.146.126.233]) by aserp2120.oracle.com with ESMTP id 2gj38h07e2-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 06 Mar 2018 22:57:24 +0000 Received: from aserv0121.oracle.com (aserv0121.oracle.com [141.146.126.235]) by aserv0021.oracle.com (8.14.4/8.14.4) with ESMTP id w26MvNTr022665 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Tue, 6 Mar 2018 22:57:24 GMT Received: from abhmp0019.oracle.com (abhmp0019.oracle.com [141.146.116.25]) by aserv0121.oracle.com (8.14.4/8.13.8) with ESMTP id w26MvN7c012674; Tue, 6 Mar 2018 22:57:23 GMT Received: from slnelson-mint18.us.oracle.com (/10.159.229.201) by default (Oracle Beehive Gateway v4.0) with ESMTP ; Tue, 06 Mar 2018 14:57:23 -0800 From: Shannon Nelson To: davem@davemloft.net, netdev@vger.kernel.org, steffen.klassert@secunet.com Subject: [PATCH net] macvlan: filter out xfrm feature flags Date: Tue, 6 Mar 2018 14:57:08 -0800 Message-Id: <1520377028-14818-1-git-send-email-shannon.nelson@oracle.com> X-Mailer: git-send-email 2.7.4 X-Proofpoint-Virus-Version: vendor=nai engine=5900 definitions=8824 signatures=668685 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1803060247 Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org Adding a macvlan device on top of a lowerdev that supports the xfrm offloads fails. # ip link add link ens1f0 mv0 type macvlan RTNETLINK answers: Operation not permitted Tracing down the failure shows that the macvlan device inherits the NETIF_F_HW_ESP and NETIF_F_HW_ESP_TX_CSUM feature flags from the lowerdev, but doesn't actually support xfrm so doesn't have the dev->xfrmdev_ops API filled in. When the request is made to add the new macvlan device, the various feature flags are checked by the feature subsystems, and the xfrm_api_check() fails the check since the dev->xfrmdev_ops are not set up. The macvlan creation succeeds when we filter out those flags in macvlan_fix_features(). This isn't broken for vlans because they use a separate features connection (vlan_features) for inheriting features. This is fine, but I don't think trying to add something like this to every driver for every new upperdev is a good idea - I think the upperdev should try to protect itself. Fixes: d77e38e612a0 ("xfrm: Add an IPsec hardware offloading API") Signed-off-by: Shannon Nelson --- drivers/net/macvlan.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c index 8fc02d9..76b8fb5 100644 --- a/drivers/net/macvlan.c +++ b/drivers/net/macvlan.c @@ -844,6 +844,10 @@ static struct lock_class_key macvlan_netdev_addr_lock_key; NETIF_F_TSO_ECN | NETIF_F_TSO6 | NETIF_F_GRO | NETIF_F_RXCSUM | \ NETIF_F_HW_VLAN_CTAG_FILTER | NETIF_F_HW_VLAN_STAG_FILTER) +#define MACVLAN_NON_FEATURES \ + (NETIF_F_HW_ESP | NETIF_F_HW_ESP_TX_CSUM | NETIF_F_GSO_ESP | \ + NETIF_F_NETNS_LOCAL) + #define MACVLAN_STATE_MASK \ ((1<<__LINK_STATE_NOCARRIER) | (1<<__LINK_STATE_DORMANT)) @@ -1036,7 +1040,7 @@ static netdev_features_t macvlan_fix_features(struct net_device *dev, lowerdev_features &= (features | ~NETIF_F_LRO); features = netdev_increment_features(lowerdev_features, features, mask); features |= ALWAYS_ON_FEATURES; - features &= ~NETIF_F_NETNS_LOCAL; + features &= ~MACVLAN_NON_FEATURES; return features; }