From: Sasha Levin <sashal@kernel.org>
Date: Sat, 28 Mar 2020 23:40:04 +0000 (-0400)
Subject: Fixes for 4.14
X-Git-Tag: v5.6.1~75
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=0e9c2dc9d9cdde8f42fb60bc5fa7debc7d4e99e6;p=thirdparty%2Fkernel%2Fstable-queue.git

Fixes for 4.14

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-4.14/net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch b/queue-4.14/net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch
new file mode 100644
index 00000000000..f8f76557779
--- /dev/null
+++ b/queue-4.14/net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch
@@ -0,0 +1,63 @@
+From 4964041764c350cedd8d3ba6f9419d1538092dd5 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Tue, 9 Oct 2018 17:48:15 +0200
+Subject: net: ipv4: don't let PMTU updates increase route MTU
+
+From: Sabrina Dubroca <sd@queasysnail.net>
+
+[ Upstream commit 28d35bcdd3925e7293408cdb8aa5f2aac5f0d6e3 ]
+
+When an MTU update with PMTU smaller than net.ipv4.route.min_pmtu is
+received, we must clamp its value. However, we can receive a PMTU
+exception with PMTU < old_mtu < ip_rt_min_pmtu, which would lead to an
+increase in PMTU.
+
+To fix this, take the smallest of the old MTU and ip_rt_min_pmtu.
+
+Before this patch, in case of an update, the exception's MTU would
+always change. Now, an exception can have only its lock flag updated,
+but not the MTU, so we need to add a check on locking to the following
+"is this exception getting updated, or close to expiring?" test.
+
+Fixes: d52e5a7e7ca4 ("ipv4: lock mtu in fnhe when received PMTU < net.ipv4.route.min_pmtu")
+Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
+Reviewed-by: Stefano Brivio <sbrivio@redhat.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/ipv4/route.c | 7 ++++---
+ 1 file changed, 4 insertions(+), 3 deletions(-)
+
+diff --git a/net/ipv4/route.c b/net/ipv4/route.c
+index 8b855d3eec9e7..05fe1d0075444 100644
+--- a/net/ipv4/route.c
++++ b/net/ipv4/route.c
+@@ -1014,21 +1014,22 @@ out:	kfree_skb(skb);
+ static void __ip_rt_update_pmtu(struct rtable *rt, struct flowi4 *fl4, u32 mtu)
+ {
+ 	struct dst_entry *dst = &rt->dst;
++	u32 old_mtu = ipv4_mtu(dst);
+ 	struct fib_result res;
+ 	bool lock = false;
+ 
+ 	if (ip_mtu_locked(dst))
+ 		return;
+ 
+-	if (ipv4_mtu(dst) < mtu)
++	if (old_mtu < mtu)
+ 		return;
+ 
+ 	if (mtu < ip_rt_min_pmtu) {
+ 		lock = true;
+-		mtu = ip_rt_min_pmtu;
++		mtu = min(old_mtu, ip_rt_min_pmtu);
+ 	}
+ 
+-	if (rt->rt_pmtu == mtu &&
++	if (rt->rt_pmtu == mtu && !lock &&
+ 	    time_before(jiffies, dst->expires - ip_rt_mtu_expires / 2))
+ 		return;
+ 
+-- 
+2.20.1
+
diff --git a/queue-4.14/series b/queue-4.14/series
index 267e6ea69e0..dfb4da93946 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -70,3 +70,4 @@ vxlan-check-return-value-of-gro_cells_init.patch
 hsr-use-rcu_read_lock-in-hsr_get_node_-list-status.patch
 hsr-add-restart-routine-into-hsr_get_node_list.patch
 hsr-set-.netnsok-flag.patch
+net-ipv4-don-t-let-pmtu-updates-increase-route-mtu.patch