Fixes for 4.14

Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/queue-4.14/net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch b/queue-4.14/net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch
new file mode 100644 (file)
index 0000000..f8f7655
--- /dev/null
+++ b/queue-4.14/net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch
@@ -0,0 +1,63 @@
+From 4964041764c350cedd8d3ba6f9419d1538092dd5 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 9 Oct 2018 17:48:15 +0200
+Subject: net: ipv4: don't let PMTU updates increase route MTU
+
+From: Sabrina Dubroca <sd@queasysnail.net>
+
+[ Upstream commit 28d35bcdd3925e7293408cdb8aa5f2aac5f0d6e3 ]
+
+When an MTU update with PMTU smaller than net.ipv4.route.min_pmtu is
+received, we must clamp its value. However, we can receive a PMTU
+exception with PMTU < old_mtu < ip_rt_min_pmtu, which would lead to an
+increase in PMTU.
+
+To fix this, take the smallest of the old MTU and ip_rt_min_pmtu.
+
+Before this patch, in case of an update, the exception's MTU would
+always change. Now, an exception can have only its lock flag updated,
+but not the MTU, so we need to add a check on locking to the following
+"is this exception getting updated, or close to expiring?" test.
+
+Fixes: d52e5a7e7ca4 ("ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu")
+Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
+Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/ipv4/route.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/net/ipv4/route.c b/net/ipv4/route.c
+index 8b855d3eec9e7..05fe1d0075444 100644
+--- a/net/ipv4/route.c
++++ b/net/ipv4/route.c
+@@ -1014,21 +1014,22 @@ out:   kfree_skb(skb);
+ static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
+ {
+       struct dst_entry *dst = &rt->dst;
++      u32 old_mtu = ipv4_mtu(dst);
+       struct fib_result res;
+       bool lock = false;
+ 
+       if (ip_mtu_locked(dst))
+               return;
+ 
+-      if (ipv4_mtu(dst) < mtu)
++      if (old_mtu < mtu)
+               return;
+ 
+       if (mtu < ip_rt_min_pmtu) {
+               lock = true;
+-              mtu = ip_rt_min_pmtu;
++              mtu = min(old_mtu, ip_rt_min_pmtu);
+       }
+ 
+-      if (rt->rt_pmtu == mtu &&
++      if (rt->rt_pmtu == mtu && !lock &&
+           time_before(jiffies, dst->expires - ip_rt_mtu_expires / 2))
+               return;
+ 
+-- 
+2.20.1
+

diff --git a/queue-4.14/series b/queue-4.14/series
index 267e6ea69e0dc87c9fce32e9ecd9d6a28705a3b2..dfb4da939465eb774f921afe346c1b744bf62a4d 100644 (file)
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -70,3 +70,4 @@ vxlan-check-return-value-of-gro_cells_init.patch
 hsr-use-rcu_read_lock-in-hsr_get_node_-list-status.patch
 hsr-add-restart-routine-into-hsr_get_node_list.patch
 hsr-set-.netnsok-flag.patch
+net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch