This is a note to let you know that I've just added the patch titled libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() to the 5.16-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: libcxgb-don-t-accidentally-set-rto_onlink-in-cxgb_find_route.patch and it can be found in the queue-5.16 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From a915deaa9abe4fb3a440312c954253a6a733608e Mon Sep 17 00:00:00 2001 From: Guillaume Nault <gnault@xxxxxxxxxx> Date: Mon, 10 Jan 2022 14:43:11 +0100 Subject: libcxgb: Don't accidentally set RTO_ONLINK in cxgb_find_route() From: Guillaume Nault <gnault@xxxxxxxxxx> commit a915deaa9abe4fb3a440312c954253a6a733608e upstream. Mask the ECN bits before calling ip_route_output_ports(). The tos variable might be passed directly from an IPv4 header, so it may have the last ECN bit set. This interferes with the route lookup process as ip_route_output_key_hash() interpretes this bit specially (to restrict the route scope). Found by code inspection, compile tested only. Fixes: 804c2f3e36ef ("libcxgb,iw_cxgb4,cxgbit: add cxgb_find_route()") Signed-off-by: Guillaume Nault <gnault@xxxxxxxxxx> Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c +++ b/drivers/net/ethernet/chelsio/libcxgb/libcxgb_cm.c @@ -32,6 +32,7 @@ #include <linux/tcp.h> #include <linux/ipv6.h> +#include <net/inet_ecn.h> #include <net/route.h> #include <net/ip6_route.h> @@ -99,7 +100,7 @@ cxgb_find_route(struct cxgb4_lld_info *l rt = ip_route_output_ports(&init_net, &fl4, NULL, peer_ip, local_ip, peer_port, local_port, IPPROTO_TCP, - tos, 0); + tos & ~INET_ECN_MASK, 0); if (IS_ERR(rt)) return NULL; n = dst_neigh_lookup(&rt->dst, &peer_ip); Patches currently in stable-queue which might be from gnault@xxxxxxxxxx are queue-5.16/mlx5-don-t-accidentally-set-rto_onlink-before-mlx5e_route_lookup_ipv4_get.patch queue-5.16/xfrm-don-t-accidentally-set-rto_onlink-in-decode_session4.patch queue-5.16/ppp-ensure-minimum-packet-size-in-ppp_write.patch queue-5.16/gre-don-t-accidentally-set-rto_onlink-in-gre_fill_metadata_dst.patch queue-5.16/libcxgb-don-t-accidentally-set-rto_onlink-in-cxgb_find_route.patch