releases/4.14.112/vrf-check-accept_source_route-on-the-original-netdevice.patch

   1 From foo@baz Mon Apr 15 07:47:06 CEST 2019
   2 From: Stephen Suryaputra <ssuryaextr@gmail.com>
   3 Date: Mon, 1 Apr 2019 09:17:32 -0400
   4 Subject: vrf: check accept_source_route on the original netdevice
   5
   6 From: Stephen Suryaputra <ssuryaextr@gmail.com>
   7
   8 [ Upstream commit 8c83f2df9c6578ea4c5b940d8238ad8a41b87e9e ]
   9
  10 Configuration check to accept source route IP options should be made on
  11 the incoming netdevice when the skb->dev is an l3mdev master. The route
  12 lookup for the source route next hop also needs the incoming netdev.
  13
  14 v2->v3:
  15 - Simplify by passing the original netdevice down the stack (per David
  16   Ahern).
  17
  18 Signed-off-by: Stephen Suryaputra <ssuryaextr@gmail.com>
  19 Reviewed-by: David Ahern <dsahern@gmail.com>
  20 Signed-off-by: David S. Miller <davem@davemloft.net>
  21 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  22 ---
  23  include/net/ip.h      |    2 +-
  24  net/ipv4/ip_input.c   |    7 +++----
  25  net/ipv4/ip_options.c |    4 ++--
  26  3 files changed, 6 insertions(+), 7 deletions(-)
  27
  28 --- a/include/net/ip.h
  29 +++ b/include/net/ip.h
  30 @@ -603,7 +603,7 @@ int ip_options_get_from_user(struct net
  31                              unsigned char __user *data, int optlen);
  32  void ip_options_undo(struct ip_options *opt);
  33  void ip_forward_options(struct sk_buff *skb);
  34 -int ip_options_rcv_srr(struct sk_buff *skb);
  35 +int ip_options_rcv_srr(struct sk_buff *skb, struct net_device *dev);
  36
  37  /*
  38   *     Functions provided by ip_sockglue.c
  39 --- a/net/ipv4/ip_input.c
  40 +++ b/net/ipv4/ip_input.c
  41 @@ -259,11 +259,10 @@ int ip_local_deliver(struct sk_buff *skb
  42                        ip_local_deliver_finish);
  43  }
  44
  45 -static inline bool ip_rcv_options(struct sk_buff *skb)
  46 +static inline bool ip_rcv_options(struct sk_buff *skb, struct net_device *dev)
  47  {
  48         struct ip_options *opt;
  49         const struct iphdr *iph;
  50 -       struct net_device *dev = skb->dev;
  51
  52         /* It looks as overkill, because not all
  53            IP options require packet mangling.
  54 @@ -299,7 +298,7 @@ static inline bool ip_rcv_options(struct
  55                         }
  56                 }
  57
  58 -               if (ip_options_rcv_srr(skb))
  59 +               if (ip_options_rcv_srr(skb, dev))
  60                         goto drop;
  61         }
  62
  63 @@ -362,7 +361,7 @@ static int ip_rcv_finish(struct net *net
  64         }
  65  #endif
  66
  67 -       if (iph->ihl > 5 && ip_rcv_options(skb))
  68 +       if (iph->ihl > 5 && ip_rcv_options(skb, dev))
  69                 goto drop;
  70
  71         rt = skb_rtable(skb);
  72 --- a/net/ipv4/ip_options.c
  73 +++ b/net/ipv4/ip_options.c
  74 @@ -612,7 +612,7 @@ void ip_forward_options(struct sk_buff *
  75         }
  76  }
  77
  78 -int ip_options_rcv_srr(struct sk_buff *skb)
  79 +int ip_options_rcv_srr(struct sk_buff *skb, struct net_device *dev)
  80  {
  81         struct ip_options *opt = &(IPCB(skb)->opt);
  82         int srrspace, srrptr;
  83 @@ -647,7 +647,7 @@ int ip_options_rcv_srr(struct sk_buff *s
  84
  85                 orefdst = skb->_skb_refdst;
  86                 skb_dst_set(skb, NULL);
  87 -               err = ip_route_input(skb, nexthop, iph->saddr, iph->tos, skb->dev);
  88 +               err = ip_route_input(skb, nexthop, iph->saddr, iph->tos, dev);
  89                 rt2 = skb_rtable(skb);
  90                 if (err || (rt2->rt_type != RTN_UNICAST && rt2->rt_type != RTN_LOCAL)) {
  91                         skb_dst_drop(skb);