diff mbox series

net: ipv6: fix the address length for net_device on a GRE tunnel

Message ID 20241108092555.5714-1-emanuele.santini.88@gmail.com (mailing list archive)
State Changes Requested
Delegated to: Netdev Maintainers
Headers show
Series net: ipv6: fix the address length for net_device on a GRE tunnel | expand

Checks

Context Check Description
netdev/series_format warning Single patches do not need cover letters; Target tree name not specified in the subject
netdev/tree_selection success Guessed tree name to be net-next
netdev/ynl success Generated files up to date; no warnings/errors; no diff in generated;
netdev/fixes_present success Fixes tag not required for -next series
netdev/header_inline success No static functions without inline keyword in header files
netdev/build_32bit success Errors and warnings before: 3 this patch: 3
netdev/build_tools success No tools touched, skip
netdev/cc_maintainers warning 2 maintainers not CCed: horms@kernel.org edumazet@google.com
netdev/build_clang success Errors and warnings before: 3 this patch: 3
netdev/verify_signedoff success Signed-off-by tag matches author and committer
netdev/deprecated_api success None detected
netdev/check_selftest success No net selftest shell script
netdev/verify_fixes success No Fixes tag
netdev/build_allmodconfig_warn success Errors and warnings before: 4 this patch: 4
netdev/checkpatch success total: 0 errors, 0 warnings, 0 checks, 8 lines checked
netdev/build_clang_rust success No Rust files in patch. Skipping build
netdev/kdoc success Errors and warnings before: 0 this patch: 0
netdev/source_inline success Was 0 now: 0
netdev/contest success net-next-2024-11-09--18-00 (tests: 785)

Commit Message

Emanuele Santini Nov. 8, 2024, 9:25 a.m. UTC
The 'addr_len' field in 'net_device' should represent the size of the
hardware address for the device. While GRE tunneling does not require
a hardware address, a random Ethernet address is still assigned to
the 'net_device'. Therefore, the correct 'addr_len' value should be
the size of an Ethernet address (6 bytes), not the size of an IPv6
address.

This fix sets 'addr_len' to the appropriate value, ensuring
consistency in the net_device setup for IPv6 GRE tunnels.

Bug: Setting addr_len to the size of an IPv6 network address (16 bytes)
can cause a packet socket with SOCK_DGRAM to fail on 'sendto' calls.
This happens due to a check in 'packet_snd' for SOCK_DGRAM types,
which validates the address length.

This bug was introduced in kernel version 4.20.0 and is still present in the current version.

Steps to reproduce:

  ip -6 tunnel add <dev_name> mode ip6gre remote <remote_addr> local <local_addr> ttl 255
  ip link set dev <dev_name> up
  busybox udhcpc -i <dev_name> -n -f
  -> It returns Invalid Argument.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=202147
Reported-by: Friedrich Oslage <friedrich@oslage.de>
Signed-off-by: Emanuele Santini <emanuele.santini.88@gmail.com>
---
 net/ipv6/ip6_gre.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Guillaume Nault Nov. 8, 2024, 12:08 p.m. UTC | #1
On Fri, Nov 08, 2024 at 10:25:55AM +0100, Emanuele Santini wrote:
> While GRE tunneling does not require
> a hardware address, a random Ethernet address is still assigned to
> the 'net_device'.

That's really surprising and not what I can see on my system. Are you
really talking about ip6gre (and not ip6gretap)?

> Therefore, the correct 'addr_len' value should be
> the size of an Ethernet address (6 bytes), not the size of an IPv6
> address.

Ethernet address length only makes sense for ip6gretap. This doesn't
seem like a valid justification for ip6gre.

> This fix sets 'addr_len' to the appropriate value, ensuring
> consistency in the net_device setup for IPv6 GRE tunnels.
> 
> Bug: Setting addr_len to the size of an IPv6 network address (16 bytes)
> can cause a packet socket with SOCK_DGRAM to fail on 'sendto' calls.
> This happens due to a check in 'packet_snd' for SOCK_DGRAM types,
> which validates the address length.
> 
> This bug was introduced in kernel version 4.20.0 and is still present in the current version.
> 
> Steps to reproduce:
> 
>   ip -6 tunnel add <dev_name> mode ip6gre remote <remote_addr> local <local_addr> ttl 255
>   ip link set dev <dev_name> up
>   busybox udhcpc -i <dev_name> -n -f
>   -> It returns Invalid Argument.
> 
> Link: https://bugzilla.kernel.org/show_bug.cgi?id=202147
> Reported-by: Friedrich Oslage <friedrich@oslage.de>
> Signed-off-by: Emanuele Santini <emanuele.santini.88@gmail.com>
> ---
>  net/ipv6/ip6_gre.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
> index 235808cfec70..db7679b04a02 100644
> --- a/net/ipv6/ip6_gre.c
> +++ b/net/ipv6/ip6_gre.c
> @@ -1455,7 +1455,7 @@ static void ip6gre_tunnel_setup(struct net_device *dev)
>  	dev->type = ARPHRD_IP6GRE;
>  
>  	dev->flags |= IFF_NOARP;
> -	dev->addr_len = sizeof(struct in6_addr);
> +	dev->addr_len = ETH_ALEN;

I guess it should be "dev->addr_len = 0" instead. We have no "hardware"
address.

>  	netif_keep_dst(dev);
>  	/* This perm addr will be used as interface identifier by IPv6 */
>  	dev->addr_assign_type = NET_ADDR_RANDOM;
> -- 
> 2.46.0
> 
>
Emanuele Santini Nov. 8, 2024, 2:24 p.m. UTC | #2
I'm talking about the ip6gre. I agree that setting the hardware address to 0 is appropriate.
However, in the ip6gre_tunnel_setup function, the perm_addr field of net_device is 
currently assigned a random Ethernet address:

        dev->flags |= IFF_NOARP;
       - dev->addr_len = sizeof(struct in6_addr);
       + dev->addr_len = ETH_ALEN;
        netif_keep_dst(dev);
        /* This perm addr will be used as interface identifier by IPv6 */
        dev->addr_assign_type = NET_ADDR_RANDOM;
        eth_random_addr(dev->perm_addr);

maybe this is not a valid justification to set addr_len to ETH_ALEN.

I will make a review setting addr_len to 0, and will resubmit the patch after successful testing.
Guillaume Nault Nov. 8, 2024, 4:17 p.m. UTC | #3
On Fri, Nov 08, 2024 at 03:24:03PM +0100, Emanuele Santini wrote:
> I'm talking about the ip6gre. I agree that setting the hardware address to 0 is appropriate.
> However, in the ip6gre_tunnel_setup function, the perm_addr field of net_device is 
> currently assigned a random Ethernet address:
> 
>         dev->flags |= IFF_NOARP;
>        - dev->addr_len = sizeof(struct in6_addr);
>        + dev->addr_len = ETH_ALEN;
>         netif_keep_dst(dev);
>         /* This perm addr will be used as interface identifier by IPv6 */
>         dev->addr_assign_type = NET_ADDR_RANDOM;
>         eth_random_addr(dev->perm_addr);
> 
> maybe this is not a valid justification to set addr_len to ETH_ALEN.

I think that having a fake permanent address for the purpose of IPv6
interface Id. generation isn't a correct justification for setting
dev->addr_len.

If setting ->perm_addr and ->addr_assign_type have side effects on the
acceptable values of ->addr_len, then the commit description should
explain that in more details.

> I will make a review setting addr_len to 0, and will resubmit the patch after successful testing.

Thanks.
diff mbox series

Patch

diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index 235808cfec70..db7679b04a02 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -1455,7 +1455,7 @@  static void ip6gre_tunnel_setup(struct net_device *dev)
 	dev->type = ARPHRD_IP6GRE;
 
 	dev->flags |= IFF_NOARP;
-	dev->addr_len = sizeof(struct in6_addr);
+	dev->addr_len = ETH_ALEN;
 	netif_keep_dst(dev);
 	/* This perm addr will be used as interface identifier by IPv6 */
 	dev->addr_assign_type = NET_ADDR_RANDOM;