Drop "net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup"
This commit is contained in:
parent
a3892db44e
commit
e7da2d7b4f
|
@ -38,7 +38,6 @@ linux (4.19.119-1) UNRELEASED; urgency=medium
|
||||||
- virtio-blk: improve virtqueue error to BLK_STS
|
- virtio-blk: improve virtqueue error to BLK_STS
|
||||||
- scsi: smartpqi: fix call trace in device discovery
|
- scsi: smartpqi: fix call trace in device discovery
|
||||||
- PCI/ASPM: Allow re-enabling Clock PM
|
- PCI/ASPM: Allow re-enabling Clock PM
|
||||||
- net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
|
|
||||||
- blktrace: Protect q->blk_trace with RCU
|
- blktrace: Protect q->blk_trace with RCU
|
||||||
- blktrace: fix dereference after null check
|
- blktrace: fix dereference after null check
|
||||||
- KVM: VMX: Zero out *all* general purpose registers after VM-Exit
|
- KVM: VMX: Zero out *all* general purpose registers after VM-Exit
|
||||||
|
|
|
@ -1,267 +0,0 @@
|
||||||
From: Sabrina Dubroca <sd@queasysnail.net>
|
|
||||||
Date: Wed, 4 Dec 2019 15:35:53 +0100
|
|
||||||
Subject: net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
|
|
||||||
Origin: https://git.kernel.org/linus/6c8991f41546c3c472503dff1ea9daaddf9331c2
|
|
||||||
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-1749
|
|
||||||
|
|
||||||
ipv6_stub uses the ip6_dst_lookup function to allow other modules to
|
|
||||||
perform IPv6 lookups. However, this function skips the XFRM layer
|
|
||||||
entirely.
|
|
||||||
|
|
||||||
All users of ipv6_stub->ip6_dst_lookup use ip_route_output_flow (via the
|
|
||||||
ip_route_output_key and ip_route_output helpers) for their IPv4 lookups,
|
|
||||||
which calls xfrm_lookup_route(). This patch fixes this inconsistent
|
|
||||||
behavior by switching the stub to ip6_dst_lookup_flow, which also calls
|
|
||||||
xfrm_lookup_route().
|
|
||||||
|
|
||||||
This requires some changes in all the callers, as these two functions
|
|
||||||
take different arguments and have different return types.
|
|
||||||
|
|
||||||
Fixes: 5f81bd2e5d80 ("ipv6: export a stub for IPv6 symbols used by vxlan")
|
|
||||||
Reported-by: Xiumei Mu <xmu@redhat.com>
|
|
||||||
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
|
|
||||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
|
||||||
[bwh: Backported to 4.19:
|
|
||||||
- Drop change in lwt_bpf.c
|
|
||||||
- Delete now-unused "ret" in mlx5e_route_lookup_ipv6()
|
|
||||||
- Initialise "out_dev" in mlx5e_create_encap_header_ipv6() to avoid
|
|
||||||
introducing a spurious "may be used uninitialised" warning
|
|
||||||
- Adjust filenames, context, indentation]
|
|
||||||
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
|
|
||||||
Signed-off-by: Sasha Levin <sashal@kernel.org>
|
|
||||||
---
|
|
||||||
drivers/infiniband/core/addr.c | 7 +++----
|
|
||||||
drivers/infiniband/sw/rxe/rxe_net.c | 8 +++++---
|
|
||||||
drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 11 +++++------
|
|
||||||
drivers/net/geneve.c | 4 +++-
|
|
||||||
drivers/net/vxlan.c | 8 +++-----
|
|
||||||
include/net/addrconf.h | 6 ++++--
|
|
||||||
net/ipv6/addrconf_core.c | 11 ++++++-----
|
|
||||||
net/ipv6/af_inet6.c | 2 +-
|
|
||||||
net/mpls/af_mpls.c | 7 +++----
|
|
||||||
net/tipc/udp_media.c | 9 ++++++---
|
|
||||||
10 files changed, 39 insertions(+), 34 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/drivers/infiniband/core/addr.c b/drivers/infiniband/core/addr.c
|
|
||||||
index 6e96a2fb97dc4..df8f5ceea2dd4 100644
|
|
||||||
--- a/drivers/infiniband/core/addr.c
|
|
||||||
+++ b/drivers/infiniband/core/addr.c
|
|
||||||
@@ -408,16 +408,15 @@ static int addr6_resolve(struct sockaddr_in6 *src_in,
|
|
||||||
struct flowi6 fl6;
|
|
||||||
struct dst_entry *dst;
|
|
||||||
struct rt6_info *rt;
|
|
||||||
- int ret;
|
|
||||||
|
|
||||||
memset(&fl6, 0, sizeof fl6);
|
|
||||||
fl6.daddr = dst_in->sin6_addr;
|
|
||||||
fl6.saddr = src_in->sin6_addr;
|
|
||||||
fl6.flowi6_oif = addr->bound_dev_if;
|
|
||||||
|
|
||||||
- ret = ipv6_stub->ipv6_dst_lookup(addr->net, NULL, &dst, &fl6);
|
|
||||||
- if (ret < 0)
|
|
||||||
- return ret;
|
|
||||||
+ dst = ipv6_stub->ipv6_dst_lookup_flow(addr->net, NULL, &fl6, NULL);
|
|
||||||
+ if (IS_ERR(dst))
|
|
||||||
+ return PTR_ERR(dst);
|
|
||||||
|
|
||||||
rt = (struct rt6_info *)dst;
|
|
||||||
if (ipv6_addr_any(&src_in->sin6_addr)) {
|
|
||||||
diff --git a/drivers/infiniband/sw/rxe/rxe_net.c b/drivers/infiniband/sw/rxe/rxe_net.c
|
|
||||||
index 54add70c22b5c..7903bd5c639ea 100644
|
|
||||||
--- a/drivers/infiniband/sw/rxe/rxe_net.c
|
|
||||||
+++ b/drivers/infiniband/sw/rxe/rxe_net.c
|
|
||||||
@@ -154,10 +154,12 @@ static struct dst_entry *rxe_find_route6(struct net_device *ndev,
|
|
||||||
memcpy(&fl6.daddr, daddr, sizeof(*daddr));
|
|
||||||
fl6.flowi6_proto = IPPROTO_UDP;
|
|
||||||
|
|
||||||
- if (unlikely(ipv6_stub->ipv6_dst_lookup(sock_net(recv_sockets.sk6->sk),
|
|
||||||
- recv_sockets.sk6->sk, &ndst, &fl6))) {
|
|
||||||
+ ndst = ipv6_stub->ipv6_dst_lookup_flow(sock_net(recv_sockets.sk6->sk),
|
|
||||||
+ recv_sockets.sk6->sk, &fl6,
|
|
||||||
+ NULL);
|
|
||||||
+ if (unlikely(IS_ERR(ndst))) {
|
|
||||||
pr_err_ratelimited("no route to %pI6\n", daddr);
|
|
||||||
- goto put;
|
|
||||||
+ return NULL;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (unlikely(ndst->error)) {
|
|
||||||
diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
|
|
||||||
index c8928ce69185f..3050853774ee0 100644
|
|
||||||
--- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
|
|
||||||
+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
|
|
||||||
@@ -2217,12 +2217,11 @@ static int mlx5e_route_lookup_ipv6(struct mlx5e_priv *priv,
|
|
||||||
#if IS_ENABLED(CONFIG_INET) && IS_ENABLED(CONFIG_IPV6)
|
|
||||||
struct mlx5e_rep_priv *uplink_rpriv;
|
|
||||||
struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
|
|
||||||
- int ret;
|
|
||||||
|
|
||||||
- ret = ipv6_stub->ipv6_dst_lookup(dev_net(mirred_dev), NULL, &dst,
|
|
||||||
- fl6);
|
|
||||||
- if (ret < 0)
|
|
||||||
- return ret;
|
|
||||||
+ dst = ipv6_stub->ipv6_dst_lookup_flow(dev_net(mirred_dev), NULL, fl6,
|
|
||||||
+ NULL);
|
|
||||||
+ if (IS_ERR(dst))
|
|
||||||
+ return PTR_ERR(dst);
|
|
||||||
|
|
||||||
if (!(*out_ttl))
|
|
||||||
*out_ttl = ip6_dst_hoplimit(dst);
|
|
||||||
@@ -2428,7 +2427,7 @@ static int mlx5e_create_encap_header_ipv6(struct mlx5e_priv *priv,
|
|
||||||
int max_encap_size = MLX5_CAP_ESW(priv->mdev, max_encap_header_size);
|
|
||||||
int ipv6_encap_size = ETH_HLEN + sizeof(struct ipv6hdr) + VXLAN_HLEN;
|
|
||||||
struct ip_tunnel_key *tun_key = &e->tun_info.key;
|
|
||||||
- struct net_device *out_dev;
|
|
||||||
+ struct net_device *out_dev = NULL;
|
|
||||||
struct neighbour *n = NULL;
|
|
||||||
struct flowi6 fl6 = {};
|
|
||||||
u8 nud_state, tos, ttl;
|
|
||||||
diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c
|
|
||||||
index ff83408733d45..36444de701cd9 100644
|
|
||||||
--- a/drivers/net/geneve.c
|
|
||||||
+++ b/drivers/net/geneve.c
|
|
||||||
@@ -801,7 +801,9 @@ static struct dst_entry *geneve_get_v6_dst(struct sk_buff *skb,
|
|
||||||
if (dst)
|
|
||||||
return dst;
|
|
||||||
}
|
|
||||||
- if (ipv6_stub->ipv6_dst_lookup(geneve->net, gs6->sock->sk, &dst, fl6)) {
|
|
||||||
+ dst = ipv6_stub->ipv6_dst_lookup_flow(geneve->net, gs6->sock->sk, fl6,
|
|
||||||
+ NULL);
|
|
||||||
+ if (IS_ERR(dst)) {
|
|
||||||
netdev_dbg(dev, "no route to %pI6\n", &fl6->daddr);
|
|
||||||
return ERR_PTR(-ENETUNREACH);
|
|
||||||
}
|
|
||||||
diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
|
|
||||||
index 64751b089482b..7ee0bad184662 100644
|
|
||||||
--- a/drivers/net/vxlan.c
|
|
||||||
+++ b/drivers/net/vxlan.c
|
|
||||||
@@ -1963,7 +1963,6 @@ static struct dst_entry *vxlan6_get_route(struct vxlan_dev *vxlan,
|
|
||||||
bool use_cache = ip_tunnel_dst_cache_usable(skb, info);
|
|
||||||
struct dst_entry *ndst;
|
|
||||||
struct flowi6 fl6;
|
|
||||||
- int err;
|
|
||||||
|
|
||||||
if (!sock6)
|
|
||||||
return ERR_PTR(-EIO);
|
|
||||||
@@ -1986,10 +1985,9 @@ static struct dst_entry *vxlan6_get_route(struct vxlan_dev *vxlan,
|
|
||||||
fl6.fl6_dport = dport;
|
|
||||||
fl6.fl6_sport = sport;
|
|
||||||
|
|
||||||
- err = ipv6_stub->ipv6_dst_lookup(vxlan->net,
|
|
||||||
- sock6->sock->sk,
|
|
||||||
- &ndst, &fl6);
|
|
||||||
- if (unlikely(err < 0)) {
|
|
||||||
+ ndst = ipv6_stub->ipv6_dst_lookup_flow(vxlan->net, sock6->sock->sk,
|
|
||||||
+ &fl6, NULL);
|
|
||||||
+ if (unlikely(IS_ERR(ndst))) {
|
|
||||||
netdev_dbg(dev, "no route to %pI6\n", daddr);
|
|
||||||
return ERR_PTR(-ENETUNREACH);
|
|
||||||
}
|
|
||||||
diff --git a/include/net/addrconf.h b/include/net/addrconf.h
|
|
||||||
index 6def0351bcc33..c8d5bb8b36169 100644
|
|
||||||
--- a/include/net/addrconf.h
|
|
||||||
+++ b/include/net/addrconf.h
|
|
||||||
@@ -235,8 +235,10 @@ struct ipv6_stub {
|
|
||||||
const struct in6_addr *addr);
|
|
||||||
int (*ipv6_sock_mc_drop)(struct sock *sk, int ifindex,
|
|
||||||
const struct in6_addr *addr);
|
|
||||||
- int (*ipv6_dst_lookup)(struct net *net, struct sock *sk,
|
|
||||||
- struct dst_entry **dst, struct flowi6 *fl6);
|
|
||||||
+ struct dst_entry *(*ipv6_dst_lookup_flow)(struct net *net,
|
|
||||||
+ const struct sock *sk,
|
|
||||||
+ struct flowi6 *fl6,
|
|
||||||
+ const struct in6_addr *final_dst);
|
|
||||||
|
|
||||||
struct fib6_table *(*fib6_get_table)(struct net *net, u32 id);
|
|
||||||
struct fib6_info *(*fib6_lookup)(struct net *net, int oif,
|
|
||||||
diff --git a/net/ipv6/addrconf_core.c b/net/ipv6/addrconf_core.c
|
|
||||||
index 5cd0029d930e2..66a1a0eb2ed05 100644
|
|
||||||
--- a/net/ipv6/addrconf_core.c
|
|
||||||
+++ b/net/ipv6/addrconf_core.c
|
|
||||||
@@ -127,11 +127,12 @@ int inet6addr_validator_notifier_call_chain(unsigned long val, void *v)
|
|
||||||
}
|
|
||||||
EXPORT_SYMBOL(inet6addr_validator_notifier_call_chain);
|
|
||||||
|
|
||||||
-static int eafnosupport_ipv6_dst_lookup(struct net *net, struct sock *u1,
|
|
||||||
- struct dst_entry **u2,
|
|
||||||
- struct flowi6 *u3)
|
|
||||||
+static struct dst_entry *eafnosupport_ipv6_dst_lookup_flow(struct net *net,
|
|
||||||
+ const struct sock *sk,
|
|
||||||
+ struct flowi6 *fl6,
|
|
||||||
+ const struct in6_addr *final_dst)
|
|
||||||
{
|
|
||||||
- return -EAFNOSUPPORT;
|
|
||||||
+ return ERR_PTR(-EAFNOSUPPORT);
|
|
||||||
}
|
|
||||||
|
|
||||||
static struct fib6_table *eafnosupport_fib6_get_table(struct net *net, u32 id)
|
|
||||||
@@ -169,7 +170,7 @@ eafnosupport_ip6_mtu_from_fib6(struct fib6_info *f6i, struct in6_addr *daddr,
|
|
||||||
}
|
|
||||||
|
|
||||||
const struct ipv6_stub *ipv6_stub __read_mostly = &(struct ipv6_stub) {
|
|
||||||
- .ipv6_dst_lookup = eafnosupport_ipv6_dst_lookup,
|
|
||||||
+ .ipv6_dst_lookup_flow = eafnosupport_ipv6_dst_lookup_flow,
|
|
||||||
.fib6_get_table = eafnosupport_fib6_get_table,
|
|
||||||
.fib6_table_lookup = eafnosupport_fib6_table_lookup,
|
|
||||||
.fib6_lookup = eafnosupport_fib6_lookup,
|
|
||||||
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
|
|
||||||
index 5db88be8b6ecb..5c2351deedc8f 100644
|
|
||||||
--- a/net/ipv6/af_inet6.c
|
|
||||||
+++ b/net/ipv6/af_inet6.c
|
|
||||||
@@ -904,7 +904,7 @@ static struct pernet_operations inet6_net_ops = {
|
|
||||||
static const struct ipv6_stub ipv6_stub_impl = {
|
|
||||||
.ipv6_sock_mc_join = ipv6_sock_mc_join,
|
|
||||||
.ipv6_sock_mc_drop = ipv6_sock_mc_drop,
|
|
||||||
- .ipv6_dst_lookup = ip6_dst_lookup,
|
|
||||||
+ .ipv6_dst_lookup_flow = ip6_dst_lookup_flow,
|
|
||||||
.fib6_get_table = fib6_get_table,
|
|
||||||
.fib6_table_lookup = fib6_table_lookup,
|
|
||||||
.fib6_lookup = fib6_lookup,
|
|
||||||
diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c
|
|
||||||
index d5a4db5b3fe7b..7623d9aec6364 100644
|
|
||||||
--- a/net/mpls/af_mpls.c
|
|
||||||
+++ b/net/mpls/af_mpls.c
|
|
||||||
@@ -618,16 +618,15 @@ static struct net_device *inet6_fib_lookup_dev(struct net *net,
|
|
||||||
struct net_device *dev;
|
|
||||||
struct dst_entry *dst;
|
|
||||||
struct flowi6 fl6;
|
|
||||||
- int err;
|
|
||||||
|
|
||||||
if (!ipv6_stub)
|
|
||||||
return ERR_PTR(-EAFNOSUPPORT);
|
|
||||||
|
|
||||||
memset(&fl6, 0, sizeof(fl6));
|
|
||||||
memcpy(&fl6.daddr, addr, sizeof(struct in6_addr));
|
|
||||||
- err = ipv6_stub->ipv6_dst_lookup(net, NULL, &dst, &fl6);
|
|
||||||
- if (err)
|
|
||||||
- return ERR_PTR(err);
|
|
||||||
+ dst = ipv6_stub->ipv6_dst_lookup_flow(net, NULL, &fl6, NULL);
|
|
||||||
+ if (IS_ERR(dst))
|
|
||||||
+ return ERR_CAST(dst);
|
|
||||||
|
|
||||||
dev = dst->dev;
|
|
||||||
dev_hold(dev);
|
|
||||||
diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c
|
|
||||||
index 382c84d9339d6..1d62354797061 100644
|
|
||||||
--- a/net/tipc/udp_media.c
|
|
||||||
+++ b/net/tipc/udp_media.c
|
|
||||||
@@ -189,10 +189,13 @@ static int tipc_udp_xmit(struct net *net, struct sk_buff *skb,
|
|
||||||
.saddr = src->ipv6,
|
|
||||||
.flowi6_proto = IPPROTO_UDP
|
|
||||||
};
|
|
||||||
- err = ipv6_stub->ipv6_dst_lookup(net, ub->ubsock->sk, &ndst,
|
|
||||||
- &fl6);
|
|
||||||
- if (err)
|
|
||||||
+ ndst = ipv6_stub->ipv6_dst_lookup_flow(net,
|
|
||||||
+ ub->ubsock->sk,
|
|
||||||
+ &fl6, NULL);
|
|
||||||
+ if (IS_ERR(ndst)) {
|
|
||||||
+ err = PTR_ERR(ndst);
|
|
||||||
goto tx_error;
|
|
||||||
+ }
|
|
||||||
ttl = ip6_dst_hoplimit(ndst);
|
|
||||||
err = udp_tunnel6_xmit_skb(ndst, ub->ubsock->sk, skb, NULL,
|
|
||||||
&src->ipv6, &dst->ipv6, 0, ttl, 0,
|
|
||||||
--
|
|
||||||
2.20.1
|
|
||||||
|
|
|
@ -298,7 +298,6 @@ features/arm/staging-vc04_services-Use-correct-cache-line-size.patch
|
||||||
# Security fixes
|
# Security fixes
|
||||||
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
|
||||||
debian/ntfs-mark-it-as-broken.patch
|
debian/ntfs-mark-it-as-broken.patch
|
||||||
bugfix/all/net-ipv6_stub-use-ip6_dst_lookup_flow-instead-of-ip6.patch
|
|
||||||
bugfix/all/blktrace-protect-q-blk_trace-with-rcu.patch
|
bugfix/all/blktrace-protect-q-blk_trace-with-rcu.patch
|
||||||
bugfix/all/blktrace-fix-dereference-after-null-check.patch
|
bugfix/all/blktrace-fix-dereference-after-null-check.patch
|
||||||
bugfix/s390x/s390-mm-fix-page-table-upgrade-vs-2ndary-address-mod.patch
|
bugfix/s390x/s390-mm-fix-page-table-upgrade-vs-2ndary-address-mod.patch
|
||||||
|
|
Loading…
Reference in New Issue