From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Shmulik Ladkani <shmulik.ladkani@gmail.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.19 01/23] ipv4: ip_do_fragment: Preserve skb_iif during fragmentation
Date: Sat, 4 May 2019 12:25:03 +0200 [thread overview]
Message-ID: <20190504102451.603020401@linuxfoundation.org> (raw)
In-Reply-To: <20190504102451.512405835@linuxfoundation.org>
From: Shmulik Ladkani <shmulik@metanetworks.com>
[ Upstream commit d2f0c961148f65bc73eda72b9fa3a4e80973cb49 ]
Previously, during fragmentation after forwarding, skb->skb_iif isn't
preserved, i.e. 'ip_copy_metadata' does not copy skb_iif from given
'from' skb.
As a result, ip_do_fragment's creates fragments with zero skb_iif,
leading to inconsistent behavior.
Assume for example an eBPF program attached at tc egress (post
forwarding) that examines __sk_buff->ingress_ifindex:
- the correct iif is observed if forwarding path does not involve
fragmentation/refragmentation
- a bogus iif is observed if forwarding path involves
fragmentation/refragmentatiom
Fix, by preserving skb_iif during 'ip_copy_metadata'.
Signed-off-by: Shmulik Ladkani <shmulik.ladkani@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/ip_output.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/ipv4/ip_output.c
+++ b/net/ipv4/ip_output.c
@@ -519,6 +519,7 @@ static void ip_copy_metadata(struct sk_b
to->pkt_type = from->pkt_type;
to->priority = from->priority;
to->protocol = from->protocol;
+ to->skb_iif = from->skb_iif;
skb_dst_drop(to);
skb_dst_copy(to, from);
to->dev = from->dev;
next prev parent reply other threads:[~2019-05-04 10:27 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-05-04 10:25 [PATCH 4.19 00/23] 4.19.40-stable review Greg Kroah-Hartman
2019-05-04 10:25 ` Greg Kroah-Hartman [this message]
2019-05-04 10:25 ` [PATCH 4.19 02/23] ipv6: A few fixes on dereferencing rt->from Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 03/23] ipv6: fix races in ip6_dst_destroy() Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 04/23] ipv6/flowlabel: wait rcu grace period before put_pid() Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 05/23] ipv6: invert flowlabel sharing check in process and user mode Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 06/23] l2ip: fix possible use-after-free Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 07/23] l2tp: use rcu_dereference_sk_user_data() in l2tp_udp_encap_recv() Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 08/23] net: dsa: bcm_sf2: fix buffer overflow doing set_rxnfc Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 09/23] net: phy: marvell: Fix buffer overrun with stats counters Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 10/23] net/tls: avoid NULL pointer deref on nskb->sk in fallback Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 11/23] rxrpc: Fix net namespace cleanup Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 12/23] sctp: avoid running the sctp state machine recursively Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 13/23] selftests: fib_rule_tests: print the result and return 1 if any tests failed Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 14/23] packet: validate msg_namelen in send directly Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 15/23] bnxt_en: Improve multicast address setup logic Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 16/23] bnxt_en: Free short FW command HWRM memory in error path in bnxt_init_one() Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 17/23] bnxt_en: Fix uninitialized variable usage in bnxt_rx_pkt() Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 18/23] net/tls: dont copy negative amounts of data in reencrypt Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 19/23] net/tls: fix copy to fragments " Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 20/23] KVM: x86: Whitelist port 0x7e for pre-incrementing %rip Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 21/23] KVM: nVMX: Fix size checks in vmx_set_nested_state Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 22/23] ALSA: line6: use dynamic buffers Greg Kroah-Hartman
2019-05-04 10:25 ` [PATCH 4.19 23/23] ath10k: Drop WARN_ON()s that always trigger during system resume Greg Kroah-Hartman
2019-05-04 18:46 ` [PATCH 4.19 00/23] 4.19.40-stable review kernelci.org bot
2019-05-04 23:32 ` Guenter Roeck
2019-05-05 3:00 ` Dan Rue
2019-05-05 7:08 ` Greg Kroah-Hartman
2019-05-05 8:53 ` Naresh Kamboju
2019-05-05 9:02 ` Greg Kroah-Hartman
2019-05-05 12:38 ` Dan Rue
2019-05-05 11:12 ` Bharath Vedartham
2019-05-05 11:53 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190504102451.603020401@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=shmulik.ladkani@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.