From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, David Ahern <dsa@cumulusnetworks.com>,
Lance Richardson <lrichard@redhat.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.5 055/124] ipv4: initialize flowi4_flags before calling fib_lookup()
Date: Mon, 18 Apr 2016 11:28:47 +0900 [thread overview]
Message-ID: <20160418022618.558692282@linuxfoundation.org> (raw)
In-Reply-To: <20160418022615.726954227@linuxfoundation.org>
4.5-stable review patch. If anyone has any objections, please let me know.
------------------
From: Lance Richardson <lrichard@redhat.com>
[ Upstream commit 4cfc86f3dae6ca38ed49cdd78f458a03d4d87992 ]
Field fl4.flowi4_flags is not initialized in fib_compute_spec_dst()
before calling fib_lookup(), which means fib_table_lookup() is
using non-deterministic data at this line:
if (!(flp->flowi4_flags & FLOWI_FLAG_SKIP_NH_OIF)) {
Fix by initializing the entire fl4 structure, which will prevent
similar issues as fields are added in the future by ensuring that
all fields are initialized to zero unless explicitly initialized
to another value.
Fixes: 58189ca7b2741 ("net: Fix vti use case with oif in dst lookups")
Suggested-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: Lance Richardson <lrichard@redhat.com>
Acked-by: David Ahern <dsa@cumulusnetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/fib_frontend.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -280,7 +280,6 @@ __be32 fib_compute_spec_dst(struct sk_bu
struct in_device *in_dev;
struct fib_result res;
struct rtable *rt;
- struct flowi4 fl4;
struct net *net;
int scope;
@@ -296,14 +295,13 @@ __be32 fib_compute_spec_dst(struct sk_bu
scope = RT_SCOPE_UNIVERSE;
if (!ipv4_is_zeronet(ip_hdr(skb)->saddr)) {
- fl4.flowi4_oif = 0;
- fl4.flowi4_iif = LOOPBACK_IFINDEX;
- fl4.daddr = ip_hdr(skb)->saddr;
- fl4.saddr = 0;
- fl4.flowi4_tos = RT_TOS(ip_hdr(skb)->tos);
- fl4.flowi4_scope = scope;
- fl4.flowi4_mark = IN_DEV_SRC_VMARK(in_dev) ? skb->mark : 0;
- fl4.flowi4_tun_key.tun_id = 0;
+ struct flowi4 fl4 = {
+ .flowi4_iif = LOOPBACK_IFINDEX,
+ .daddr = ip_hdr(skb)->saddr,
+ .flowi4_tos = RT_TOS(ip_hdr(skb)->tos),
+ .flowi4_scope = scope,
+ .flowi4_mark = IN_DEV_SRC_VMARK(in_dev) ? skb->mark : 0,
+ };
if (!fib_lookup(net, &fl4, &res, 0))
return FIB_RES_PREFSRC(net, res);
} else {
next prev parent reply other threads:[~2016-04-18 2:33 UTC|newest]
Thread overview: 128+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-18 2:27 [PATCH 4.5 000/124] 4.5.2-stable review Greg Kroah-Hartman
2016-04-18 2:27 ` [PATCH 4.5 001/124] hwmon: (max1111) Return -ENODEV from max1111_read_channel if not instantiated Greg Kroah-Hartman
2016-04-18 2:27 ` [PATCH 4.5 002/124] PKCS#7: pkcs7_validate_trust(): initialize the _trusted output argument Greg Kroah-Hartman
2016-04-18 2:27 ` [PATCH 4.5 003/124] parisc: Fix SIGSYS signals in compat case Greg Kroah-Hartman
2016-04-18 2:27 ` [PATCH 4.5 004/124] parisc: Fix and enable seccomp filter support Greg Kroah-Hartman
2016-04-18 2:27 ` [PATCH 4.5 005/124] parisc: Avoid function pointers for kernel exception routines Greg Kroah-Hartman
2016-04-18 2:27 ` [PATCH 4.5 006/124] parisc: Fix kernel crash with reversed copy_from_user() Greg Kroah-Hartman
2016-04-18 2:27 ` [PATCH 4.5 007/124] parisc: Unbreak handling exceptions from kernel modules Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 008/124] ALSA: timer: Use mod_timer() for rearming the system timer Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 009/124] ALSA: hda - Asus N750JV external subwoofer fixup Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 010/124] ALSA: hda - Fix white noise on Asus N750JV headphone Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 011/124] ALSA: hda - Apply fix for white noise on Asus N550JV, too Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 012/124] ALSA: hda - fix front mic problem for a HP desktop Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 013/124] mm: fix invalid node in alloc_migrate_target() Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 014/124] powerpc/mm: Fixup preempt underflow with huge pages Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 015/124] s390/mm: handle PTE-mapped tail pages in fast gup Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 016/124] libnvdimm: fix smart data retrieval Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 017/124] libnvdimm, pfn: fix uuid validation Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 018/124] powerpc/process: Fix altivec SPR not being saved Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 019/124] compiler-gcc: disable -ftracer for __noclone functions Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 020/124] arm64: opcodes.h: Add arm big-endian config options before including arm header Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 022/124] drm/udl: Use unlocked gem unreferencing Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 023/124] drm/radeon: add a dpm quirk for sapphire Dual-X R7 370 2G D5 Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 024/124] drm/radeon: add another R7 370 quirk Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 025/124] drm/radeon: add a dpm quirk for all R7 370 parts Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 026/124] drm/amd/powerplay: fix segment fault issue in multi-display case Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 027/124] drm/amdgpu/gmc: move vram type fetching into sw_init Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 028/124] drm/amdgpu/gmc: use proper register for vram type on Fiji Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 029/124] xen/events: Mask a moving irq Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 030/124] net: validate variable length ll headers Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 031/124] ax25: add link layer header validation function Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 032/124] packet: validate variable length ll headers Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 033/124] bpf: avoid copying junk bytes in bpf_get_current_comm() Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 034/124] net: dsa: Fix cleanup resources upon module removal Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 035/124] sh_eth: fix NULL pointer dereference in sh_eth_ring_format() Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 036/124] sh_eth: advance rxdesc later " Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 037/124] qlcnic: Remove unnecessary usage of atomic_t Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 038/124] qlcnic: Fix mailbox completion handling during spurious interrupt Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 039/124] macvtap: always pass ethernet header in linear Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 040/124] mlxsw: spectrum: Check requested ageing time is valid Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 041/124] rocker: set FDB cleanup timer according to lowest ageing time Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 042/124] bridge: allow zero " Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 043/124] ipv4: Dont do expensive useless work during inetdev destroy Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 044/124] net: Fix use after free in the recvmmsg exit path Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 045/124] mlx4: add missing braces in verify_qp_parameters Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 046/124] farsync: fix off-by-one bug in fst_add_one Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 047/124] ath9k: fix buffer overrun for ar9287 Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 048/124] net: mvneta: Fix spinlock usage Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 049/124] ppp: ensure file->private_data cant be overridden Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 050/124] tcp/dccp: remove obsolete WARN_ON() in icmp handlers Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 051/124] qlge: Fix receive packets drop Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 052/124] net: bcmgenet: fix dma api length mismatch Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 053/124] bonding: fix bond_get_stats() Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 054/124] ipv4: fix broadcast packets reception Greg Kroah-Hartman
2016-04-18 2:28 ` Greg Kroah-Hartman [this message]
2016-04-18 2:28 ` [PATCH 4.5 056/124] ppp: take reference on channels netns Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 057/124] xfrm: Fix crash observed during device unregistration and decryption Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 059/124] ipv6: udp: fix UDP_MIB_IGNOREDMULTI updates Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 060/124] bridge: Allow set bridge ageing time when switchdev disabled Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 061/124] rtnl: fix msg size calculation in if_nlmsg_size() Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 062/124] tun, bpf: fix suspicious RCU usage in tun_{attach, detach}_filter Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 063/124] tuntap: restore default qdisc Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 064/124] ipv4: l2tp: fix a potential issue in l2tp_ip_recv Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 065/124] ipv6: l2tp: fix a potential issue in l2tp_ip6_recv Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 066/124] ip6_tunnel: set rtnl_link_ops before calling register_netdevice Greg Kroah-Hartman
2016-04-18 2:28 ` [PATCH 4.5 067/124] ipv6: Count in extension headers in skb->network_header Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 068/124] mpls: find_outdev: check for err ptr in addition to NULL check Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 069/124] USB: uas: Limit qdepth at the scsi-host level Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 070/124] USB: uas: Add a new NO_REPORT_LUNS quirk Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 071/124] KVM: x86: Inject pending interrupt even if pending nmi exist Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 072/124] KVM: x86: reduce default value of halt_poll_ns parameter Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 073/124] MIPS: Fix MSA ld unaligned failure cases Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 074/124] pinctrl: pistachio: fix mfio84-89 function description and pinmux Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 075/124] pinctrl: sh-pfc: only use dummy states for non-DT platforms Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 076/124] pinctrl: sunxi: Fix A33 external interrupts not working Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 077/124] pinctrl: nomadik: fix pull debug print inversion Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 078/124] pinctrl: freescale: imx: fix bogus check of of_iomap() return value Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 079/124] gpio: pxa: fix legacy non pinctrl aware builds Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 080/124] [media] au0828: fix au0828_v4l2_close() dev_state race condition Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 081/124] [media] au0828: Fix dev_state handling Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 082/124] [media] coda: fix error path in case of missing pdata on non-DT platform Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 083/124] [media] v4l: vsp1: Set the SRU CTRL0 register when starting the stream Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 084/124] pcmcia: db1xxx_ss: fix last irq_to_gpio user Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 085/124] rbd: use GFP_NOIO consistently for request allocations Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 086/124] virtio: virtio 1.0 cs04 spec compliance for reset Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 087/124] mac80211: properly deal with station hashtable insert errors Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 088/124] mac80211: avoid excessive stack usage in sta_info Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 089/124] mac80211: fix ibss scan parameters Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 090/124] mac80211: fix unnecessary frame drops in mesh fwding Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 091/124] mac80211: fix txq queue related crashes Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 092/124] gpio: pca953x: Use correct u16 value for register word write Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 093/124] usb: renesas_usbhs: avoid NULL pointer derefernce in usbhsf_pkt_handler() Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 094/124] usb: renesas_usbhs: disable TX IRQ before starting TX DMAC transfer Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 095/124] usb: renesas_usbhs: fix to avoid using a disabled ep in usbhsg_queue_done() Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 096/124] scsi: Do not attach VPD to devices that dont support it Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 097/124] ARM: 8550/1: protect idiv patching against undefined gcc behavior Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 098/124] iio: fix config watermark initial value Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 099/124] iio: st_magn: always define ST_MAGN_TRIGGER_SET_STATE Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 100/124] iio: accel: bmc150: fix endianness when reading axes Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 101/124] iio: gyro: bmg160: fix buffer read values Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 102/124] iio: gyro: bmg160: fix endianness when reading axes Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 103/124] sd: Fix excessive capacity printing on devices with blocks bigger than 512 bytes Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 104/124] fs: add file_dentry() Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 105/124] nfs: use file_dentry() Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 106/124] ext4 crypto: use dget_parent() in ext4_d_revalidate() Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 107/124] ext4: use dget_parent() in ext4_file_open() Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 108/124] ext4: use file_dentry() Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 109/124] btrfs: fix crash/invalid memory access on fsync when using overlayfs Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 110/124] ext4: add lockdep annotations for i_data_sem Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 111/124] ext4: ignore quota mount options if the quota feature is enabled Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 112/124] iommu: Dont overwrite domain pointer when there is no default_domain Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 113/124] Btrfs: fix file/data loss caused by fsync after rename and new inode Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 114/124] arm64: replace read_lock to rcu lock in call_step_hook Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 115/124] mmc: sdhci: Fix regression setting power on Trats2 board Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 116/124] mmc: sdhci-pci: Add support and PCI IDs for more Broxton host controllers Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 117/124] ALSA: hda - Fix regression of monitor_present flag in eld proc file Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 118/124] ALSA: hda/realtek - Enable the ALC292 dock fixup on the Thinkpad T460s Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 119/124] ALSA: usb-audio: Add a sample rate quirk for Phoenix Audio TMX320 Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 120/124] ALSA: usb-audio: Add a quirk for Plantronics BT300 Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 121/124] ALSA: usb-audio: Skip volume controls triggers hangup on Dell USB Dock Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 122/124] HID: wacom: fix Bamboo ONE oops Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 123/124] HID: usbhid: fix inconsistent reset/resume/reset-resume behavior Greg Kroah-Hartman
2016-04-18 2:29 ` [PATCH 4.5 124/124] staging: android: ion: Set the length of the DMA sg entries in buffer Greg Kroah-Hartman
2016-04-18 16:35 ` [PATCH 4.5 000/124] 4.5.2-stable review Shuah Khan
2016-04-19 5:57 ` Greg Kroah-Hartman
2016-04-18 16:35 ` Guenter Roeck
2016-04-19 5:56 ` Greg Kroah-Hartman
[not found] ` <57148c50.63dfc20a.74bb8.ffffc6df@mx.google.com>
2016-04-19 5:56 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160418022618.558692282@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=dsa@cumulusnetworks.com \
--cc=linux-kernel@vger.kernel.org \
--cc=lrichard@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).