From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gregkh@linuxfoundation.org>
X-Google-Smtp-Source: AH8x225osSuC8iJCgHZ+TfAG+ks181vPAIkqRP/B2OhmvefRd4tpaQlWVyr54fcMZXls/MadhkI9
ARC-Seal: i=1; a=rsa-sha256; t=1517256778; cv=none;
        d=google.com; s=arc-20160816;
        b=TqJ4etXzw2R6e7/EB0UcW7jD+3Af0KCa+pzeoIp4CkYtgNfdotbQXeeVPSKQCDV4gP
         eAcQZoLH/TbTnodRsgZYzHQreY2DvR2ARCx5BpL1lUneLLGe61VuEdZqw7gaW4aGFiwr
         N8NC7RKjd6BMwQxLkaqk8LJjbEFEKuykL5uAPwolVCxf9r7bBxQhfV/FYhskrfwcXBaC
         l8hgQ2RglvZMd/HwWFPqjhxUyXrmJELDT72rNLuGkrn+vCI20Qum+TJNrJA+xBrmY0BE
         fLJPkXv6hY08JoabIFiCQeFn17CUoHen7CzQAuZH3Zc1+97ic3PznoiP7id+ldRVHZ3Z
         Ob/w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=mime-version:user-agent:references:in-reply-to:message-id:date
         :subject:cc:to:from:arc-authentication-results;
        bh=Wn16EsA38KrkyyfEAo7vud5+VozSZB04tP9zpBTiF74=;
        b=SiFtnqkmXXtUljwGhk50ZbFIYjk51ev1VFtMlozGjOGz/x/hq8lMT7+uzt7m5Ak/F6
         TppsdONmssyZtSpJ558OzSE97JaBQ7iVaIIFTrpEgm7T8hZl6EQHBdxxyV8AlGaTRte7
         vxP/7vM/A0viXjANBw/Y0FYBJNtPFDLcXv1P+KRKXaobi+hNS/uX1c9OpTM07tYOGBk4
         tOCLHcaV1dPaN5RE/CXJ62ZO6qInf40PBfFog7VBj6XYMk3rd4bybbdFlIG8s9YC/k0/
         AhX2fdXCoMQ5KqAaEL2/n/slPfiREpizCis32AjEpcu/3yNLKcw4rGwIgLRDEsAcdhKw
         YbPw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org
Authentication-Results: mx.google.com;
       spf=softfail (google.com: domain of transitioning gregkh@linuxfoundation.org does not designate 90.92.71.90 as permitted sender) smtp.mailfrom=gregkh@linuxfoundation.org
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org,
	Lorenzo Colitti <lorenzo@google.com>,
	David Ahern <dsahern@gmail.com>,
	"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.14 58/71] net: ipv4: Make "ip route get" match iif lo rules again.
Date: Mon, 29 Jan 2018 13:57:26 +0100
Message-Id: <20180129123831.481269376@linuxfoundation.org>
X-Mailer: git-send-email 2.16.1
In-Reply-To: <20180129123827.271171825@linuxfoundation.org>
References: <20180129123827.271171825@linuxfoundation.org>
User-Agent: quilt/0.65
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
X-getmail-retrieved-from-mailbox: INBOX
X-GMAIL-LABELS: =?utf-8?b?IlxcU2VudCI=?=
X-GMAIL-THRID: =?utf-8?q?1590959043545788511?=
X-GMAIL-MSGID: =?utf-8?q?1590959043545788511?=
X-Mailing-List: linux-kernel@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>

4.14-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Lorenzo Colitti <lorenzo@google.com>


[ Upstream commit 6503a30440962f1e1ccb8868816b4e18201218d4 ]

Commit 3765d35ed8b9 ("net: ipv4: Convert inet_rtm_getroute to rcu
versions of route lookup") broke "ip route get" in the presence
of rules that specify iif lo.

Host-originated traffic always has iif lo, because
ip_route_output_key_hash and ip6_route_output_flags set the flow
iif to LOOPBACK_IFINDEX. Thus, putting "iif lo" in an ip rule is a
convenient way to select only originated traffic and not forwarded
traffic.

inet_rtm_getroute used to match these rules correctly because
even though it sets the flow iif to 0, it called
ip_route_output_key which overwrites iif with LOOPBACK_IFINDEX.
But now that it calls ip_route_output_key_hash_rcu, the ifindex
will remain 0 and not match the iif lo in the rule. As a result,
"ip route get" will return ENETUNREACH.

Fixes: 3765d35ed8b9 ("net: ipv4: Convert inet_rtm_getroute to rcu versions of route lookup")
Tested: https://android.googlesource.com/kernel/tests/+/master/net/test/multinetwork_test.py passes again
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
Acked-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv4/route.c |    1 +
 1 file changed, 1 insertion(+)

--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -2762,6 +2762,7 @@ static int inet_rtm_getroute(struct sk_b
 		if (err == 0 && rt->dst.error)
 			err = -rt->dst.error;
 	} else {
+		fl4.flowi4_iif = LOOPBACK_IFINDEX;
 		rt = ip_route_output_key_hash_rcu(net, &fl4, &res, skb);
 		err = 0;
 		if (IS_ERR(rt))