ipv4: Convert __fib_validate_source() to dscp_t.

Pass a dscp_t variable to __fib_validate_source(), instead of a plain
u8, to prevent accidental setting of ECN bits in ->flowi4_tos.

Only fib_validate_source() actually calls __fib_validate_source().
Since it already has a dscp_t variable to pass as parameter, we only
need to remove the inet_dscp_to_dsfield() conversion.

Signed-off-by: Guillaume Nault <gnault@redhat.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Tested-by: Ido Schimmel <idosch@nvidia.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://patch.msgid.link/8206b0a64a21a208ed94774e261a251c8d7bc251.1728302212.git.gnault@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index d0fbc8c8c5e6a59e5e56887e20f09ce9b5670244..8353518b110a2da615e346f83ef492e4f17b4094 100644 (file)
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -342,7 +342,7 @@ EXPORT_SYMBOL_GPL(fib_info_nh_uses_dev);
  * called with rcu_read_lock()
  */
 static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst,
-                                u8 tos, int oif, struct net_device *dev,
+                                dscp_t dscp, int oif, struct net_device *dev,
                                 int rpf, struct in_device *idev, u32 *itag)
 {
        struct net *net = dev_net(dev);
@@ -357,7 +357,7 @@ static int __fib_validate_source(struct sk_buff *skb, __be32 src, __be32 dst,
        fl4.flowi4_iif = oif ? : LOOPBACK_IFINDEX;
        fl4.daddr = src;
        fl4.saddr = dst;
-       fl4.flowi4_tos = tos;
+       fl4.flowi4_tos = inet_dscp_to_dsfield(dscp);
        fl4.flowi4_scope = RT_SCOPE_UNIVERSE;
        fl4.flowi4_tun_key.tun_id = 0;
        fl4.flowi4_flags = 0;
@@ -448,8 +448,8 @@ ok:
        }
 
 full_check:
-       return __fib_validate_source(skb, src, dst, inet_dscp_to_dsfield(dscp),
-                                    oif, dev, r, idev, itag);
+       return __fib_validate_source(skb, src, dst, dscp, oif, dev, r, idev,
+                                    itag);
 }
 
 static inline __be32 sk_extract_addr(struct sockaddr *addr)