Merge branch 'ip6ip6-crash'
Daniel Borkmann says: ==================== Fix ip6ip6 crash for collect_md skbs Fix a NULL pointer deref panic I ran into for regular ip6ip6 tunnel devices when collect_md populated skbs were redirected to them for xmit. See patches for further details, thanks! ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
David S. Miller
commit
c89489b472
@ -550,4 +550,15 @@ static inline void skb_dst_update_pmtu_no_confirm(struct sk_buff *skb, u32 mtu)
|
||||
dst->ops->update_pmtu(dst, NULL, skb, mtu, false);
|
||||
}
|
||||
|
||||
struct dst_entry *dst_blackhole_check(struct dst_entry *dst, u32 cookie);
|
||||
void dst_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
|
||||
struct sk_buff *skb, u32 mtu, bool confirm_neigh);
|
||||
void dst_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
|
||||
struct sk_buff *skb);
|
||||
u32 *dst_blackhole_cow_metrics(struct dst_entry *dst, unsigned long old);
|
||||
struct neighbour *dst_blackhole_neigh_lookup(const struct dst_entry *dst,
|
||||
struct sk_buff *skb,
|
||||
const void *daddr);
|
||||
unsigned int dst_blackhole_mtu(const struct dst_entry *dst);
|
||||
|
||||
#endif /* _NET_DST_H */
|
||||
|
||||
@ -237,37 +237,62 @@ void __dst_destroy_metrics_generic(struct dst_entry *dst, unsigned long old)
|
||||
}
|
||||
EXPORT_SYMBOL(__dst_destroy_metrics_generic);
|
||||
|
||||
static struct dst_ops md_dst_ops = {
|
||||
.family = AF_UNSPEC,
|
||||
struct dst_entry *dst_blackhole_check(struct dst_entry *dst, u32 cookie)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
u32 *dst_blackhole_cow_metrics(struct dst_entry *dst, unsigned long old)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
struct neighbour *dst_blackhole_neigh_lookup(const struct dst_entry *dst,
|
||||
struct sk_buff *skb,
|
||||
const void *daddr)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
void dst_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
|
||||
struct sk_buff *skb, u32 mtu,
|
||||
bool confirm_neigh)
|
||||
{
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(dst_blackhole_update_pmtu);
|
||||
|
||||
void dst_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
|
||||
struct sk_buff *skb)
|
||||
{
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(dst_blackhole_redirect);
|
||||
|
||||
unsigned int dst_blackhole_mtu(const struct dst_entry *dst)
|
||||
{
|
||||
unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
|
||||
|
||||
return mtu ? : dst->dev->mtu;
|
||||
}
|
||||
EXPORT_SYMBOL_GPL(dst_blackhole_mtu);
|
||||
|
||||
static struct dst_ops dst_blackhole_ops = {
|
||||
.family = AF_UNSPEC,
|
||||
.neigh_lookup = dst_blackhole_neigh_lookup,
|
||||
.check = dst_blackhole_check,
|
||||
.cow_metrics = dst_blackhole_cow_metrics,
|
||||
.update_pmtu = dst_blackhole_update_pmtu,
|
||||
.redirect = dst_blackhole_redirect,
|
||||
.mtu = dst_blackhole_mtu,
|
||||
};
|
||||
|
||||
static int dst_md_discard_out(struct net *net, struct sock *sk, struct sk_buff *skb)
|
||||
{
|
||||
WARN_ONCE(1, "Attempting to call output on metadata dst\n");
|
||||
kfree_skb(skb);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int dst_md_discard(struct sk_buff *skb)
|
||||
{
|
||||
WARN_ONCE(1, "Attempting to call input on metadata dst\n");
|
||||
kfree_skb(skb);
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void __metadata_dst_init(struct metadata_dst *md_dst,
|
||||
enum metadata_type type, u8 optslen)
|
||||
|
||||
{
|
||||
struct dst_entry *dst;
|
||||
|
||||
dst = &md_dst->dst;
|
||||
dst_init(dst, &md_dst_ops, NULL, 1, DST_OBSOLETE_NONE,
|
||||
dst_init(dst, &dst_blackhole_ops, NULL, 1, DST_OBSOLETE_NONE,
|
||||
DST_METADATA | DST_NOCOUNT);
|
||||
|
||||
dst->input = dst_md_discard;
|
||||
dst->output = dst_md_discard_out;
|
||||
|
||||
memset(dst + 1, 0, sizeof(*md_dst) + optslen - sizeof(*dst));
|
||||
md_dst->type = type;
|
||||
}
|
||||
|
||||
@ -2687,44 +2687,15 @@ out:
|
||||
return rth;
|
||||
}
|
||||
|
||||
static struct dst_entry *ipv4_blackhole_dst_check(struct dst_entry *dst, u32 cookie)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static unsigned int ipv4_blackhole_mtu(const struct dst_entry *dst)
|
||||
{
|
||||
unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
|
||||
|
||||
return mtu ? : dst->dev->mtu;
|
||||
}
|
||||
|
||||
static void ipv4_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
|
||||
struct sk_buff *skb, u32 mtu,
|
||||
bool confirm_neigh)
|
||||
{
|
||||
}
|
||||
|
||||
static void ipv4_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
|
||||
struct sk_buff *skb)
|
||||
{
|
||||
}
|
||||
|
||||
static u32 *ipv4_rt_blackhole_cow_metrics(struct dst_entry *dst,
|
||||
unsigned long old)
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
static struct dst_ops ipv4_dst_blackhole_ops = {
|
||||
.family = AF_INET,
|
||||
.check = ipv4_blackhole_dst_check,
|
||||
.mtu = ipv4_blackhole_mtu,
|
||||
.default_advmss = ipv4_default_advmss,
|
||||
.update_pmtu = ipv4_rt_blackhole_update_pmtu,
|
||||
.redirect = ipv4_rt_blackhole_redirect,
|
||||
.cow_metrics = ipv4_rt_blackhole_cow_metrics,
|
||||
.neigh_lookup = ipv4_neigh_lookup,
|
||||
.family = AF_INET,
|
||||
.default_advmss = ipv4_default_advmss,
|
||||
.neigh_lookup = ipv4_neigh_lookup,
|
||||
.check = dst_blackhole_check,
|
||||
.cow_metrics = dst_blackhole_cow_metrics,
|
||||
.update_pmtu = dst_blackhole_update_pmtu,
|
||||
.redirect = dst_blackhole_redirect,
|
||||
.mtu = dst_blackhole_mtu,
|
||||
};
|
||||
|
||||
struct dst_entry *ipv4_blackhole_route(struct net *net, struct dst_entry *dst_orig)
|
||||
|
||||
@ -260,34 +260,16 @@ static struct dst_ops ip6_dst_ops_template = {
|
||||
.confirm_neigh = ip6_confirm_neigh,
|
||||
};
|
||||
|
||||
static unsigned int ip6_blackhole_mtu(const struct dst_entry *dst)
|
||||
{
|
||||
unsigned int mtu = dst_metric_raw(dst, RTAX_MTU);
|
||||
|
||||
return mtu ? : dst->dev->mtu;
|
||||
}
|
||||
|
||||
static void ip6_rt_blackhole_update_pmtu(struct dst_entry *dst, struct sock *sk,
|
||||
struct sk_buff *skb, u32 mtu,
|
||||
bool confirm_neigh)
|
||||
{
|
||||
}
|
||||
|
||||
static void ip6_rt_blackhole_redirect(struct dst_entry *dst, struct sock *sk,
|
||||
struct sk_buff *skb)
|
||||
{
|
||||
}
|
||||
|
||||
static struct dst_ops ip6_dst_blackhole_ops = {
|
||||
.family = AF_INET6,
|
||||
.destroy = ip6_dst_destroy,
|
||||
.check = ip6_dst_check,
|
||||
.mtu = ip6_blackhole_mtu,
|
||||
.default_advmss = ip6_default_advmss,
|
||||
.update_pmtu = ip6_rt_blackhole_update_pmtu,
|
||||
.redirect = ip6_rt_blackhole_redirect,
|
||||
.cow_metrics = dst_cow_metrics_generic,
|
||||
.neigh_lookup = ip6_dst_neigh_lookup,
|
||||
.family = AF_INET6,
|
||||
.default_advmss = ip6_default_advmss,
|
||||
.neigh_lookup = ip6_dst_neigh_lookup,
|
||||
.check = ip6_dst_check,
|
||||
.destroy = ip6_dst_destroy,
|
||||
.cow_metrics = dst_cow_metrics_generic,
|
||||
.update_pmtu = dst_blackhole_update_pmtu,
|
||||
.redirect = dst_blackhole_redirect,
|
||||
.mtu = dst_blackhole_mtu,
|
||||
};
|
||||
|
||||
static const u32 ip6_template_metrics[RTAX_MAX] = {
|
||||
|
||||
Loading…
Reference in New Issue
Block a user