From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Stephen Suryaputra <ssuryaextr@gmail.com>,
David Ahern <dsahern@gmail.com>,
"David S. Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.19 023/101] vrf: check accept_source_route on the original netdevice
Date: Mon, 15 Apr 2019 20:58:21 +0200 [thread overview]
Message-ID: <20190415183741.614733227@linuxfoundation.org> (raw)
In-Reply-To: <20190415183740.341577907@linuxfoundation.org>
[ Upstream commit 8c83f2df9c6578ea4c5b940d8238ad8a41b87e9e ]
Configuration check to accept source route IP options should be made on
the incoming netdevice when the skb->dev is an l3mdev master. The route
lookup for the source route next hop also needs the incoming netdev.
v2->v3:
- Simplify by passing the original netdevice down the stack (per David
Ahern).
Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
include/net/ip.h | 2 +-
net/ipv4/ip_input.c | 7 +++----
net/ipv4/ip_options.c | 4 ++--
3 files changed, 6 insertions(+), 7 deletions(-)
diff --git a/include/net/ip.h b/include/net/ip.h
index 71d31e4d4391..cfc3dd5ff085 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -648,7 +648,7 @@ int ip_options_get_from_user(struct net *net, struct ip_options_rcu **optp,
unsigned char __user *data, int optlen);
void ip_options_undo(struct ip_options *opt);
void ip_forward_options(struct sk_buff *skb);
-int ip_options_rcv_srr(struct sk_buff *skb);
+int ip_options_rcv_srr(struct sk_buff *skb, struct net_device *dev);
/*
* Functions provided by ip_sockglue.c
diff --git a/net/ipv4/ip_input.c b/net/ipv4/ip_input.c
index bd8ef4f87c79..c3a0683e83df 100644
--- a/net/ipv4/ip_input.c
+++ b/net/ipv4/ip_input.c
@@ -258,11 +258,10 @@ int ip_local_deliver(struct sk_buff *skb)
ip_local_deliver_finish);
}
-static inline bool ip_rcv_options(struct sk_buff *skb)
+static inline bool ip_rcv_options(struct sk_buff *skb, struct net_device *dev)
{
struct ip_options *opt;
const struct iphdr *iph;
- struct net_device *dev = skb->dev;
/* It looks as overkill, because not all
IP options require packet mangling.
@@ -298,7 +297,7 @@ static inline bool ip_rcv_options(struct sk_buff *skb)
}
}
- if (ip_options_rcv_srr(skb))
+ if (ip_options_rcv_srr(skb, dev))
goto drop;
}
@@ -354,7 +353,7 @@ static int ip_rcv_finish_core(struct net *net, struct sock *sk,
}
#endif
- if (iph->ihl > 5 && ip_rcv_options(skb))
+ if (iph->ihl > 5 && ip_rcv_options(skb, dev))
goto drop;
rt = skb_rtable(skb);
diff --git a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c
index 32a35043c9f5..3db31bb9df50 100644
--- a/net/ipv4/ip_options.c
+++ b/net/ipv4/ip_options.c
@@ -612,7 +612,7 @@ void ip_forward_options(struct sk_buff *skb)
}
}
-int ip_options_rcv_srr(struct sk_buff *skb)
+int ip_options_rcv_srr(struct sk_buff *skb, struct net_device *dev)
{
struct ip_options *opt = &(IPCB(skb)->opt);
int srrspace, srrptr;
@@ -647,7 +647,7 @@ int ip_options_rcv_srr(struct sk_buff *skb)
orefdst = skb->_skb_refdst;
skb_dst_set(skb, NULL);
- err = ip_route_input(skb, nexthop, iph->saddr, iph->tos, skb->dev);
+ err = ip_route_input(skb, nexthop, iph->saddr, iph->tos, dev);
rt2 = skb_rtable(skb);
if (err || (rt2->rt_type != RTN_UNICAST && rt2->rt_type != RTN_LOCAL)) {
skb_dst_drop(skb);
--
2.19.1
next prev parent reply other threads:[~2019-04-15 19:25 UTC|newest]
Thread overview: 111+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-15 18:57 [PATCH 4.19 000/101] 4.19.35-stable review Greg Kroah-Hartman
2019-04-15 18:57 ` [PATCH 4.19 001/101] kvm: nVMX: NMI-window and interrupt-window exiting should wake L2 from HLT Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 002/101] drm/i915/gvt: do not let pin count of shadow mm go negative Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 003/101] powerpc/tm: Limit TM code inside PPC_TRANSACTIONAL_MEM Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 004/101] hv_netvsc: Fix unwanted wakeup after tx_disable Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 005/101] ibmvnic: Fix completion structure initialization Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 006/101] ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 007/101] ipv6: Fix dangling pointer when ipv6 fragment Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 008/101] ipv6: sit: reset ip header pointer in ipip6_rcv Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 009/101] kcm: switch order of device registration to fix a crash Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 010/101] net: ethtool: not call vzalloc for zero sized memory request Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 011/101] net-gro: Fix GRO flush when receiving a GSO packet Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 012/101] net/mlx5: Decrease default mr cache size Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 013/101] netns: provide pure entropy for net_hash_mix() Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 014/101] net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock() Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 015/101] net/sched: act_sample: fix divide by zero in the traffic path Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 016/101] net/sched: fix ->get helper of the matchall cls Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 017/101] openvswitch: fix flow actions reallocation Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 018/101] qmi_wwan: add Olicard 600 Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 019/101] r8169: disable ASPM again Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 020/101] sctp: initialize _pad of sockaddr_in before copying to user memory Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 021/101] tcp: Ensure DCTCP reacts to losses Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 022/101] tcp: fix a potential NULL pointer dereference in tcp_sk_exit Greg Kroah-Hartman
2019-04-15 18:58 ` Greg Kroah-Hartman [this message]
2019-04-15 18:58 ` [PATCH 4.19 024/101] net/mlx5e: Fix error handling when refreshing TIRs Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 025/101] net/mlx5e: Add a lock on tir list Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 026/101] nfp: validate the return code from dev_queue_xmit() Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 027/101] nfp: disable netpoll on representors Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 028/101] bnxt_en: Improve RX consumer index validity check Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 029/101] bnxt_en: Reset device on RX buffer errors Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 030/101] net: ip_gre: fix possible use-after-free in erspan_rcv Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 031/101] net: ip6_gre: fix possible use-after-free in ip6erspan_rcv Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 032/101] net: core: netif_receive_skb_list: unlist skb before passing to pt->func Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 033/101] r8169: disable default rx interrupt coalescing on RTL8168 Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 034/101] net: mlx5: Add a missing check on idr_find, free buf Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 035/101] net/mlx5e: Update xoff formula Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 036/101] net/mlx5e: Update xon formula Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 037/101] kbuild: deb-pkg: fix bindeb-pkg breakage when O= is used Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 038/101] kbuild: clang: choose GCC_TOOLCHAIN_DIR not on LD Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 039/101] x86/vdso: Drop implicit common-page-size linker flag Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 040/101] lib/string.c: implement a basic bcmp Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 041/101] Revert "clk: meson: clean-up clock registration" Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 042/101] netfilter: nfnetlink_cttimeout: pass default timeout policy to obj_to_nlattr Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 043/101] netfilter: nfnetlink_cttimeout: fetch timeouts for udplite and gre, too Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 044/101] arm64: kaslr: Reserve size of ARM64_MEMSTART_ALIGN in linear region Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 045/101] tty: mark Siemens R3964 line discipline as BROKEN Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 046/101] tty: ldisc: add sysctl to prevent autoloading of ldiscs Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 047/101] hwmon: (w83773g) Select REGMAP_I2C to fix build error Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 048/101] ACPICA: Clear status of GPEs before enabling them Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 049/101] ACPICA: Namespace: remove address node from global list after method termination Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 050/101] ALSA: seq: Fix OOB-reads from strlcpy Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 051/101] ALSA: hda/realtek: Enable headset MIC of Acer TravelMate B114-21 with ALC233 Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 052/101] ALSA: hda/realtek - Add quirk for Tuxedo XC 1509 Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 053/101] ALSA: hda - Add two more machines to the power_save_blacklist Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 054/101] mm/huge_memory.c: fix modifying of page protection by insert_pfn_pmd() Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 055/101] arm64: dts: rockchip: fix rk3328 sdmmc0 write errors Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 056/101] parisc: Detect QEMU earlier in boot process Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 057/101] parisc: regs_return_value() should return gpr28 Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 058/101] parisc: also set iaoq_b in instruction_pointer_set() Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 059/101] alarmtimer: Return correct remaining time Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 060/101] drm/i915/gvt: do not deliver a workload if its creation fails Greg Kroah-Hartman
2019-04-15 18:58 ` [PATCH 4.19 061/101] drm/udl: add a release method and delay modeset teardown Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 062/101] kvm: svm: fix potential get_num_contig_pages overflow Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 063/101] include/linux/bitrev.h: fix constant bitrev Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 064/101] mm: writeback: use exact memcg dirty counts Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 065/101] ASoC: intel: Fix crash at suspend/resume after failed codec registration Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 066/101] ASoC: fsl_esai: fix channel swap issue when stream starts Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 067/101] Btrfs: do not allow trimming when a fs is mounted with the nologreplay option Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 068/101] btrfs: prop: fix zstd compression parameter validation Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 069/101] btrfs: prop: fix vanished compression property after failed set Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 070/101] riscv: Fix syscall_get_arguments() and syscall_set_arguments() Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 071/101] block: do not leak memory in bio_copy_user_iov() Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 072/101] block: fix the return errno for direct IO Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 073/101] genirq: Respect IRQCHIP_SKIP_SET_WAKE in irq_chip_set_wake_parent() Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 074/101] genirq: Initialize request_mutex if CONFIG_SPARSE_IRQ=n Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 075/101] virtio: Honour may_reduce_num in vring_create_virtqueue Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 076/101] ARM: dts: rockchip: fix rk3288 cpu opp node reference Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 077/101] ARM: dts: am335x-evmsk: Correct the regulators for the audio codec Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 078/101] ARM: dts: am335x-evm: " Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 079/101] ARM: dts: at91: Fix typo in ISC_D0 on PC9 Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 080/101] arm64: futex: Fix FUTEX_WAKE_OP atomic ops with non-zero result value Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 081/101] arm64: dts: rockchip: fix rk3328 rgmii high tx error rate Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 082/101] arm64: backtrace: Dont bother trying to unwind the userspace stack Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 083/101] xen: Prevent buffer overflow in privcmd ioctl Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 084/101] sched/fair: Do not re-read ->h_load_next during hierarchical load calculation Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 085/101] xtensa: fix return_address Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 086/101] x86/asm: Remove dead __GNUC__ conditionals Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 087/101] x86/asm: Use stricter assembly constraints in bitops Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 088/101] x86/perf/amd: Resolve race condition when disabling PMC Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 089/101] x86/perf/amd: Resolve NMI latency issues for active PMCs Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 090/101] x86/perf/amd: Remove need to check "running" bit in NMI handler Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 091/101] PCI: Add function 1 DMA alias quirk for Marvell 9170 SATA controller Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 092/101] PCI: pciehp: Ignore Link State Changes after powering off a slot Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 093/101] dm integrity: change memcmp to strncmp in dm_integrity_ctr Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 094/101] dm: revert 8f50e358153d ("dm: limit the max bio size as BIO_MAX_PAGES * PAGE_SIZE") Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 095/101] dm table: propagate BDI_CAP_STABLE_WRITES to fix sporadic checksum errors Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 096/101] dm integrity: fix deadlock with overlapping I/O Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 097/101] arm64: dts: rockchip: fix vcc_host1_5v pin assign on rk3328-rock64 Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 098/101] arm64: dts: rockchip: Fix vcc_host1_5v GPIO polarity " Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 099/101] ACPICA: AML interpreter: add region addresses in global list during initialization Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 100/101] KVM: x86: nVMX: close leak of L0s x2APIC MSRs (CVE-2019-3887) Greg Kroah-Hartman
2019-04-15 18:59 ` [PATCH 4.19 101/101] KVM: x86: nVMX: fix x2APIC VTPR read intercept Greg Kroah-Hartman
2019-04-16 0:24 ` [PATCH 4.19 000/101] 4.19.35-stable review kernelci.org bot
2019-04-16 10:34 ` Jon Hunter
2019-04-16 11:21 ` Naresh Kamboju
2019-04-16 16:30 ` Guenter Roeck
2019-04-16 21:39 ` shuah
2019-04-16 22:16 ` Bharath Vedartham
2019-04-17 6:15 ` Greg Kroah-Hartman
2019-04-17 6:16 ` Greg Kroah-Hartman
2019-04-17 16:40 ` Bharath Vedartham
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190415183741.614733227@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=dsahern@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=sashal@kernel.org \
--cc=ssuryaextr@gmail.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).