Patch "gre: Don't accidentally set RTO_ONLINK in gre_fill_metadata_dst()" has been added to the 5.4-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Mon, 24 Jan 2022 14:53:07 +0100

This is a note to let you know that I've just added the patch titled

    gre: Don't accidentally set RTO_ONLINK in gre_fill_metadata_dst()

to the 5.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     gre-don-t-accidentally-set-rto_onlink-in-gre_fill_metadata_dst.patch
and it can be found in the queue-5.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From f7716b318568b22fbf0e3be99279a979e217cf71 Mon Sep 17 00:00:00 2001
From: Guillaume Nault <gnault@xxxxxxxxxx>
Date: Mon, 10 Jan 2022 14:43:09 +0100
Subject: gre: Don't accidentally set RTO_ONLINK in gre_fill_metadata_dst()

From: Guillaume Nault <gnault@xxxxxxxxxx>

commit f7716b318568b22fbf0e3be99279a979e217cf71 upstream.

Mask the ECN bits before initialising ->flowi4_tos. The tunnel key may
have the last ECN bit set, which will interfere with the route lookup
process as ip_route_output_key_hash() interpretes this bit specially
(to restrict the route scope).

Found by code inspection, compile tested only.

Fixes: 962924fa2b7a ("ip_gre: Refactor collect metatdata mode tunnel xmit to ip_md_tunnel_xmit")
Signed-off-by: Guillaume Nault <gnault@xxxxxxxxxx>
Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 net/ipv4/ip_gre.c |    5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

--- a/net/ipv4/ip_gre.c
+++ b/net/ipv4/ip_gre.c
@@ -577,8 +577,9 @@ static int gre_fill_metadata_dst(struct
 
 	key = &info->key;
 	ip_tunnel_init_flow(&fl4, IPPROTO_GRE, key->u.ipv4.dst, key->u.ipv4.src,
-			    tunnel_id_to_key32(key->tun_id), key->tos, 0,
-			    skb->mark, skb_get_hash(skb));
+			    tunnel_id_to_key32(key->tun_id),
+			    key->tos & ~INET_ECN_MASK, 0, skb->mark,
+			    skb_get_hash(skb));
 	rt = ip_route_output_key(dev_net(dev), &fl4);
 	if (IS_ERR(rt))
 		return PTR_ERR(rt);


Patches currently in stable-queue which might be from gnault@xxxxxxxxxx are

queue-5.4/xfrm-don-t-accidentally-set-rto_onlink-in-decode_session4.patch
queue-5.4/ppp-ensure-minimum-packet-size-in-ppp_write.patch
queue-5.4/gre-don-t-accidentally-set-rto_onlink-in-gre_fill_metadata_dst.patch
queue-5.4/libcxgb-don-t-accidentally-set-rto_onlink-in-cxgb_find_route.patch






