From: Greg Kroah-Hartman Date: Mon, 16 May 2022 13:24:47 +0000 (+0200) Subject: 5.10-stable patches X-Git-Tag: v4.9.315~13 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7745050efed6ec45d5907dd97e5063987c7780bb;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: ping-fix-address-binding-wrt-vrf.patch --- diff --git a/queue-5.10/ping-fix-address-binding-wrt-vrf.patch b/queue-5.10/ping-fix-address-binding-wrt-vrf.patch new file mode 100644 index 00000000000..af09503792b --- /dev/null +++ b/queue-5.10/ping-fix-address-binding-wrt-vrf.patch @@ -0,0 +1,75 @@ +From e1a7ac6f3ba6e157adcd0ca94d92a401f1943f56 Mon Sep 17 00:00:00 2001 +From: Nicolas Dichtel +Date: Wed, 4 May 2022 11:07:38 +0200 +Subject: ping: fix address binding wrt vrf + +From: Nicolas Dichtel + +commit e1a7ac6f3ba6e157adcd0ca94d92a401f1943f56 upstream. + +When ping_group_range is updated, 'ping' uses the DGRAM ICMP socket, +instead of an IP raw socket. In this case, 'ping' is unable to bind its +socket to a local address owned by a vrflite. + +Before the patch: +$ sysctl -w net.ipv4.ping_group_range='0 2147483647' +$ ip link add blue type vrf table 10 +$ ip link add foo type dummy +$ ip link set foo master blue +$ ip link set foo up +$ ip addr add 192.168.1.1/24 dev foo +$ ip addr add 2001::1/64 dev foo +$ ip vrf exec blue ping -c1 -I 192.168.1.1 192.168.1.2 +ping: bind: Cannot assign requested address +$ ip vrf exec blue ping6 -c1 -I 2001::1 2001::2 +ping6: bind icmp socket: Cannot assign requested address + +CC: stable@vger.kernel.org +Fixes: 1b69c6d0ae90 ("net: Introduce L3 Master device abstraction") +Signed-off-by: Nicolas Dichtel +Reviewed-by: David Ahern +Signed-off-by: Jakub Kicinski +Signed-off-by: Nicolas Dichtel +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv4/ping.c | 15 +++++++++++++-- + 1 file changed, 13 insertions(+), 2 deletions(-) + +--- a/net/ipv4/ping.c ++++ b/net/ipv4/ping.c +@@ -305,6 +305,7 @@ static int ping_check_bind_addr(struct s + struct net *net = sock_net(sk); + if (sk->sk_family == AF_INET) { + struct sockaddr_in *addr = (struct sockaddr_in *) uaddr; ++ u32 tb_id = RT_TABLE_LOCAL; + int chk_addr_ret; + + if (addr_len < sizeof(*addr)) +@@ -320,8 +321,10 @@ static int ping_check_bind_addr(struct s + + if (addr->sin_addr.s_addr == htonl(INADDR_ANY)) + chk_addr_ret = RTN_LOCAL; +- else +- chk_addr_ret = inet_addr_type(net, addr->sin_addr.s_addr); ++ else { ++ tb_id = l3mdev_fib_table_by_index(net, sk->sk_bound_dev_if) ? : tb_id; ++ chk_addr_ret = inet_addr_type_table(net, addr->sin_addr.s_addr, tb_id); ++ } + + if ((!inet_can_nonlocal_bind(net, isk) && + chk_addr_ret != RTN_LOCAL) || +@@ -357,6 +360,14 @@ static int ping_check_bind_addr(struct s + if (!dev) { + rcu_read_unlock(); + return -ENODEV; ++ } ++ } ++ ++ if (!dev && sk->sk_bound_dev_if) { ++ dev = dev_get_by_index_rcu(net, sk->sk_bound_dev_if); ++ if (!dev) { ++ rcu_read_unlock(); ++ return -ENODEV; + } + } + has_addr = pingv6_ops.ipv6_chk_addr(net, &addr->sin6_addr, dev, diff --git a/queue-5.10/series b/queue-5.10/series index e5c1a855577..f2a2c94108f 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -61,3 +61,4 @@ sunrpc-don-t-call-connect-more-than-once-on-a-tcp-socket.patch sunrpc-ensure-we-flush-any-closed-sockets-before-xs_xprt_free.patch net-phy-fix-race-condition-on-link-status-change.patch arm-memremap-don-t-abuse-pfn_valid-to-ensure-presence-of-linear-map.patch +ping-fix-address-binding-wrt-vrf.patch