]>
Commit | Line | Data |
---|---|---|
2ee025e9 GKH |
1 | From foo@baz Sat Mar 18 22:03:53 CST 2017 |
2 | From: Julian Anastasov <ja@ssi.bg> | |
3 | Date: Sun, 26 Feb 2017 15:50:52 +0200 | |
4 | Subject: ipv4: add missing initialization for flowi4_uid | |
5 | ||
6 | From: Julian Anastasov <ja@ssi.bg> | |
7 | ||
8 | ||
9 | [ Upstream commit 8bcfd0925ef15f072ba1e7bee2c25e9e1b5fd6ca ] | |
10 | ||
11 | Avoid matching of random stack value for uid when rules | |
12 | are looked up on input route or when RP filter is used. | |
13 | Problem should affect only setups that use ip rules with | |
14 | uid range. | |
15 | ||
16 | Fixes: 622ec2c9d524 ("net: core: add UID to flows, rules, and routes") | |
17 | Signed-off-by: Julian Anastasov <ja@ssi.bg> | |
18 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
19 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
20 | --- | |
21 | net/ipv4/fib_frontend.c | 6 +++--- | |
22 | net/ipv4/route.c | 1 + | |
23 | 2 files changed, 4 insertions(+), 3 deletions(-) | |
24 | ||
25 | --- a/net/ipv4/fib_frontend.c | |
26 | +++ b/net/ipv4/fib_frontend.c | |
27 | @@ -319,7 +319,7 @@ static int __fib_validate_source(struct | |
28 | int ret, no_addr; | |
29 | struct fib_result res; | |
30 | struct flowi4 fl4; | |
31 | - struct net *net; | |
32 | + struct net *net = dev_net(dev); | |
33 | bool dev_match; | |
34 | ||
35 | fl4.flowi4_oif = 0; | |
36 | @@ -332,6 +332,7 @@ static int __fib_validate_source(struct | |
37 | fl4.flowi4_scope = RT_SCOPE_UNIVERSE; | |
38 | fl4.flowi4_tun_key.tun_id = 0; | |
39 | fl4.flowi4_flags = 0; | |
40 | + fl4.flowi4_uid = sock_net_uid(net, NULL); | |
41 | ||
42 | no_addr = idev->ifa_list == NULL; | |
43 | ||
44 | @@ -339,13 +340,12 @@ static int __fib_validate_source(struct | |
45 | ||
46 | trace_fib_validate_source(dev, &fl4); | |
47 | ||
48 | - net = dev_net(dev); | |
49 | if (fib_lookup(net, &fl4, &res, 0)) | |
50 | goto last_resort; | |
51 | if (res.type != RTN_UNICAST && | |
52 | (res.type != RTN_LOCAL || !IN_DEV_ACCEPT_LOCAL(idev))) | |
53 | goto e_inval; | |
54 | - if (!rpf && !fib_num_tclassid_users(dev_net(dev)) && | |
55 | + if (!rpf && !fib_num_tclassid_users(net) && | |
56 | (dev->ifindex != oif || !IN_DEV_TX_REDIRECTS(idev))) | |
57 | goto last_resort; | |
58 | fib_combine_itag(itag, &res); | |
59 | --- a/net/ipv4/route.c | |
60 | +++ b/net/ipv4/route.c | |
61 | @@ -1858,6 +1858,7 @@ static int ip_route_input_slow(struct sk | |
62 | fl4.flowi4_flags = 0; | |
63 | fl4.daddr = daddr; | |
64 | fl4.saddr = saddr; | |
65 | + fl4.flowi4_uid = sock_net_uid(net, NULL); | |
66 | err = fib_lookup(net, &fl4, &res, 0); | |
67 | if (err != 0) { | |
68 | if (!IN_DEV_FORWARD(in_dev)) |