提交 ff7c8fa2 编写于 作者: S Sabrina Dubroca 提交者: Shile Zhang

net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup

to #24913189

commit 6c8991f41546c3c472503dff1ea9daaddf9331c2 upstream.

ipv6_stub uses the ip6_dst_lookup function to allow other modules to
perform IPv6 lookups. However, this function skips the XFRM layer
entirely.

All users of ipv6_stub->ip6_dst_lookup use ip_route_output_flow (via the
ip_route_output_key and ip_route_output helpers) for their IPv4 lookups,
which calls xfrm_lookup_route(). This patch fixes this inconsistent
behavior by switching the stub to ip6_dst_lookup_flow, which also calls
xfrm_lookup_route().

This requires some changes in all the callers, as these two functions
take different arguments and have different return types.

Fixes: 5f81bd2e ("ipv6: export a stub for IPv6 symbols used by vxlan")
Reported-by: NXiumei Mu <xmu@redhat.com>
Signed-off-by: NSabrina Dubroca <sd@queasysnail.net>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
[bwh: Backported to 4.19:
 - Drop change in lwt_bpf.c
 - Delete now-unused "ret" in mlx5e_route_lookup_ipv6()
 - Initialise "out_dev" in mlx5e_create_encap_header_ipv6() to avoid
   introducing a spurious "may be used uninitialised" warning
 - Adjust filenames, context, indentation]
Signed-off-by: NBen Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: NSasha Levin <sashal@kernel.org>
References: CVE-2020-1749
Signed-off-by: NShile Zhang <shile.zhang@linux.alibaba.com>
Acked-by: NJoseph Qi <joseph.qi@linux.alibaba.com>
Acked-by: NCaspar Zhang <caspar@linux.alibaba.com>
上级 c1394349
...@@ -408,16 +408,15 @@ static int addr6_resolve(struct sockaddr_in6 *src_in, ...@@ -408,16 +408,15 @@ static int addr6_resolve(struct sockaddr_in6 *src_in,
struct flowi6 fl6; struct flowi6 fl6;
struct dst_entry *dst; struct dst_entry *dst;
struct rt6_info *rt; struct rt6_info *rt;
int ret;
memset(&fl6, 0, sizeof fl6); memset(&fl6, 0, sizeof fl6);
fl6.daddr = dst_in->sin6_addr; fl6.daddr = dst_in->sin6_addr;
fl6.saddr = src_in->sin6_addr; fl6.saddr = src_in->sin6_addr;
fl6.flowi6_oif = addr->bound_dev_if; fl6.flowi6_oif = addr->bound_dev_if;
ret = ipv6_stub->ipv6_dst_lookup(addr->net, NULL, &dst, &fl6); dst = ipv6_stub->ipv6_dst_lookup_flow(addr->net, NULL, &fl6, NULL);
if (ret < 0) if (IS_ERR(dst))
return ret; return PTR_ERR(dst);
rt = (struct rt6_info *)dst; rt = (struct rt6_info *)dst;
if (ipv6_addr_any(&src_in->sin6_addr)) { if (ipv6_addr_any(&src_in->sin6_addr)) {
......
...@@ -154,10 +154,12 @@ static struct dst_entry *rxe_find_route6(struct net_device *ndev, ...@@ -154,10 +154,12 @@ static struct dst_entry *rxe_find_route6(struct net_device *ndev,
memcpy(&fl6.daddr, daddr, sizeof(*daddr)); memcpy(&fl6.daddr, daddr, sizeof(*daddr));
fl6.flowi6_proto = IPPROTO_UDP; fl6.flowi6_proto = IPPROTO_UDP;
if (unlikely(ipv6_stub->ipv6_dst_lookup(sock_net(recv_sockets.sk6->sk), ndst = ipv6_stub->ipv6_dst_lookup_flow(sock_net(recv_sockets.sk6->sk),
recv_sockets.sk6->sk, &ndst, &fl6))) { recv_sockets.sk6->sk, &fl6,
NULL);
if (unlikely(IS_ERR(ndst))) {
pr_err_ratelimited("no route to %pI6\n", daddr); pr_err_ratelimited("no route to %pI6\n", daddr);
goto put; return NULL;
} }
if (unlikely(ndst->error)) { if (unlikely(ndst->error)) {
......
...@@ -2217,12 +2217,11 @@ static int mlx5e_route_lookup_ipv6(struct mlx5e_priv *priv, ...@@ -2217,12 +2217,11 @@ static int mlx5e_route_lookup_ipv6(struct mlx5e_priv *priv,
#if IS_ENABLED(CONFIG_INET) && IS_ENABLED(CONFIG_IPV6) #if IS_ENABLED(CONFIG_INET) && IS_ENABLED(CONFIG_IPV6)
struct mlx5e_rep_priv *uplink_rpriv; struct mlx5e_rep_priv *uplink_rpriv;
struct mlx5_eswitch *esw = priv->mdev->priv.eswitch; struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
int ret;
ret = ipv6_stub->ipv6_dst_lookup(dev_net(mirred_dev), NULL, &dst, dst = ipv6_stub->ipv6_dst_lookup_flow(dev_net(mirred_dev), NULL, fl6,
fl6); NULL);
if (ret < 0) if (IS_ERR(dst))
return ret; return PTR_ERR(dst);
if (!(*out_ttl)) if (!(*out_ttl))
*out_ttl = ip6_dst_hoplimit(dst); *out_ttl = ip6_dst_hoplimit(dst);
...@@ -2428,7 +2427,7 @@ static int mlx5e_create_encap_header_ipv6(struct mlx5e_priv *priv, ...@@ -2428,7 +2427,7 @@ static int mlx5e_create_encap_header_ipv6(struct mlx5e_priv *priv,
int max_encap_size = MLX5_CAP_ESW(priv->mdev, max_encap_header_size); int max_encap_size = MLX5_CAP_ESW(priv->mdev, max_encap_header_size);
int ipv6_encap_size = ETH_HLEN + sizeof(struct ipv6hdr) + VXLAN_HLEN; int ipv6_encap_size = ETH_HLEN + sizeof(struct ipv6hdr) + VXLAN_HLEN;
struct ip_tunnel_key *tun_key = &e->tun_info.key; struct ip_tunnel_key *tun_key = &e->tun_info.key;
struct net_device *out_dev; struct net_device *out_dev = NULL;
struct neighbour *n = NULL; struct neighbour *n = NULL;
struct flowi6 fl6 = {}; struct flowi6 fl6 = {};
u8 nud_state, tos, ttl; u8 nud_state, tos, ttl;
......
...@@ -801,7 +801,9 @@ static struct dst_entry *geneve_get_v6_dst(struct sk_buff *skb, ...@@ -801,7 +801,9 @@ static struct dst_entry *geneve_get_v6_dst(struct sk_buff *skb,
if (dst) if (dst)
return dst; return dst;
} }
if (ipv6_stub->ipv6_dst_lookup(geneve->net, gs6->sock->sk, &dst, fl6)) { dst = ipv6_stub->ipv6_dst_lookup_flow(geneve->net, gs6->sock->sk, fl6,
NULL);
if (IS_ERR(dst)) {
netdev_dbg(dev, "no route to %pI6\n", &fl6->daddr); netdev_dbg(dev, "no route to %pI6\n", &fl6->daddr);
return ERR_PTR(-ENETUNREACH); return ERR_PTR(-ENETUNREACH);
} }
......
...@@ -1963,7 +1963,6 @@ static struct dst_entry *vxlan6_get_route(struct vxlan_dev *vxlan, ...@@ -1963,7 +1963,6 @@ static struct dst_entry *vxlan6_get_route(struct vxlan_dev *vxlan,
bool use_cache = ip_tunnel_dst_cache_usable(skb, info); bool use_cache = ip_tunnel_dst_cache_usable(skb, info);
struct dst_entry *ndst; struct dst_entry *ndst;
struct flowi6 fl6; struct flowi6 fl6;
int err;
if (!sock6) if (!sock6)
return ERR_PTR(-EIO); return ERR_PTR(-EIO);
...@@ -1986,10 +1985,9 @@ static struct dst_entry *vxlan6_get_route(struct vxlan_dev *vxlan, ...@@ -1986,10 +1985,9 @@ static struct dst_entry *vxlan6_get_route(struct vxlan_dev *vxlan,
fl6.fl6_dport = dport; fl6.fl6_dport = dport;
fl6.fl6_sport = sport; fl6.fl6_sport = sport;
err = ipv6_stub->ipv6_dst_lookup(vxlan->net, ndst = ipv6_stub->ipv6_dst_lookup_flow(vxlan->net, sock6->sock->sk,
sock6->sock->sk, &fl6, NULL);
&ndst, &fl6); if (unlikely(IS_ERR(ndst))) {
if (unlikely(err < 0)) {
netdev_dbg(dev, "no route to %pI6\n", daddr); netdev_dbg(dev, "no route to %pI6\n", daddr);
return ERR_PTR(-ENETUNREACH); return ERR_PTR(-ENETUNREACH);
} }
......
...@@ -235,8 +235,10 @@ struct ipv6_stub { ...@@ -235,8 +235,10 @@ struct ipv6_stub {
const struct in6_addr *addr); const struct in6_addr *addr);
int (*ipv6_sock_mc_drop)(struct sock *sk, int ifindex, int (*ipv6_sock_mc_drop)(struct sock *sk, int ifindex,
const struct in6_addr *addr); const struct in6_addr *addr);
int (*ipv6_dst_lookup)(struct net *net, struct sock *sk, struct dst_entry *(*ipv6_dst_lookup_flow)(struct net *net,
struct dst_entry **dst, struct flowi6 *fl6); const struct sock *sk,
struct flowi6 *fl6,
const struct in6_addr *final_dst);
struct fib6_table *(*fib6_get_table)(struct net *net, u32 id); struct fib6_table *(*fib6_get_table)(struct net *net, u32 id);
struct fib6_info *(*fib6_lookup)(struct net *net, int oif, struct fib6_info *(*fib6_lookup)(struct net *net, int oif,
......
...@@ -127,11 +127,12 @@ int inet6addr_validator_notifier_call_chain(unsigned long val, void *v) ...@@ -127,11 +127,12 @@ int inet6addr_validator_notifier_call_chain(unsigned long val, void *v)
} }
EXPORT_SYMBOL(inet6addr_validator_notifier_call_chain); EXPORT_SYMBOL(inet6addr_validator_notifier_call_chain);
static int eafnosupport_ipv6_dst_lookup(struct net *net, struct sock *u1, static struct dst_entry *eafnosupport_ipv6_dst_lookup_flow(struct net *net,
struct dst_entry **u2, const struct sock *sk,
struct flowi6 *u3) struct flowi6 *fl6,
const struct in6_addr *final_dst)
{ {
return -EAFNOSUPPORT; return ERR_PTR(-EAFNOSUPPORT);
} }
static struct fib6_table *eafnosupport_fib6_get_table(struct net *net, u32 id) static struct fib6_table *eafnosupport_fib6_get_table(struct net *net, u32 id)
...@@ -169,7 +170,7 @@ eafnosupport_ip6_mtu_from_fib6(struct fib6_info *f6i, struct in6_addr *daddr, ...@@ -169,7 +170,7 @@ eafnosupport_ip6_mtu_from_fib6(struct fib6_info *f6i, struct in6_addr *daddr,
} }
const struct ipv6_stub *ipv6_stub __read_mostly = &(struct ipv6_stub) { const struct ipv6_stub *ipv6_stub __read_mostly = &(struct ipv6_stub) {
.ipv6_dst_lookup = eafnosupport_ipv6_dst_lookup, .ipv6_dst_lookup_flow = eafnosupport_ipv6_dst_lookup_flow,
.fib6_get_table = eafnosupport_fib6_get_table, .fib6_get_table = eafnosupport_fib6_get_table,
.fib6_table_lookup = eafnosupport_fib6_table_lookup, .fib6_table_lookup = eafnosupport_fib6_table_lookup,
.fib6_lookup = eafnosupport_fib6_lookup, .fib6_lookup = eafnosupport_fib6_lookup,
......
...@@ -905,7 +905,7 @@ static struct pernet_operations inet6_net_ops = { ...@@ -905,7 +905,7 @@ static struct pernet_operations inet6_net_ops = {
static const struct ipv6_stub ipv6_stub_impl = { static const struct ipv6_stub ipv6_stub_impl = {
.ipv6_sock_mc_join = ipv6_sock_mc_join, .ipv6_sock_mc_join = ipv6_sock_mc_join,
.ipv6_sock_mc_drop = ipv6_sock_mc_drop, .ipv6_sock_mc_drop = ipv6_sock_mc_drop,
.ipv6_dst_lookup = ip6_dst_lookup, .ipv6_dst_lookup_flow = ip6_dst_lookup_flow,
.fib6_get_table = fib6_get_table, .fib6_get_table = fib6_get_table,
.fib6_table_lookup = fib6_table_lookup, .fib6_table_lookup = fib6_table_lookup,
.fib6_lookup = fib6_lookup, .fib6_lookup = fib6_lookup,
......
...@@ -618,16 +618,15 @@ static struct net_device *inet6_fib_lookup_dev(struct net *net, ...@@ -618,16 +618,15 @@ static struct net_device *inet6_fib_lookup_dev(struct net *net,
struct net_device *dev; struct net_device *dev;
struct dst_entry *dst; struct dst_entry *dst;
struct flowi6 fl6; struct flowi6 fl6;
int err;
if (!ipv6_stub) if (!ipv6_stub)
return ERR_PTR(-EAFNOSUPPORT); return ERR_PTR(-EAFNOSUPPORT);
memset(&fl6, 0, sizeof(fl6)); memset(&fl6, 0, sizeof(fl6));
memcpy(&fl6.daddr, addr, sizeof(struct in6_addr)); memcpy(&fl6.daddr, addr, sizeof(struct in6_addr));
err = ipv6_stub->ipv6_dst_lookup(net, NULL, &dst, &fl6); dst = ipv6_stub->ipv6_dst_lookup_flow(net, NULL, &fl6, NULL);
if (err) if (IS_ERR(dst))
return ERR_PTR(err); return ERR_CAST(dst);
dev = dst->dev; dev = dst->dev;
dev_hold(dev); dev_hold(dev);
......
...@@ -189,10 +189,13 @@ static int tipc_udp_xmit(struct net *net, struct sk_buff *skb, ...@@ -189,10 +189,13 @@ static int tipc_udp_xmit(struct net *net, struct sk_buff *skb,
.saddr = src->ipv6, .saddr = src->ipv6,
.flowi6_proto = IPPROTO_UDP .flowi6_proto = IPPROTO_UDP
}; };
err = ipv6_stub->ipv6_dst_lookup(net, ub->ubsock->sk, &ndst, ndst = ipv6_stub->ipv6_dst_lookup_flow(net,
&fl6); ub->ubsock->sk,
if (err) &fl6, NULL);
if (IS_ERR(ndst)) {
err = PTR_ERR(ndst);
goto tx_error; goto tx_error;
}
ttl = ip6_dst_hoplimit(ndst); ttl = ip6_dst_hoplimit(ndst);
err = udp_tunnel6_xmit_skb(ndst, ub->ubsock->sk, skb, NULL, err = udp_tunnel6_xmit_skb(ndst, ub->ubsock->sk, skb, NULL,
&src->ipv6, &dst->ipv6, 0, ttl, 0, &src->ipv6, &dst->ipv6, 0, ttl, 0,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册