This is a note to let you know that I've just added the patch titled gre: Don't accidentally set RTO_ONLINK in gre_fill_metadata_dst() to the 5.15-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: gre-don-t-accidentally-set-rto_onlink-in-gre_fill_metadata_dst.patch and it can be found in the queue-5.15 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From f7716b318568b22fbf0e3be99279a979e217cf71 Mon Sep 17 00:00:00 2001 From: Guillaume Nault <gnault@xxxxxxxxxx> Date: Mon, 10 Jan 2022 14:43:09 +0100 Subject: gre: Don't accidentally set RTO_ONLINK in gre_fill_metadata_dst() From: Guillaume Nault <gnault@xxxxxxxxxx> commit f7716b318568b22fbf0e3be99279a979e217cf71 upstream. Mask the ECN bits before initialising ->flowi4_tos. The tunnel key may have the last ECN bit set, which will interfere with the route lookup process as ip_route_output_key_hash() interpretes this bit specially (to restrict the route scope). Found by code inspection, compile tested only. Fixes: 962924fa2b7a ("ip_gre: Refactor collect metatdata mode tunnel xmit to ip_md_tunnel_xmit") Signed-off-by: Guillaume Nault <gnault@xxxxxxxxxx> Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- net/ipv4/ip_gre.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c @@ -604,8 +604,9 @@ static int gre_fill_metadata_dst(struct key = &info->key; ip_tunnel_init_flow(&fl4, IPPROTO_GRE, key->u.ipv4.dst, key->u.ipv4.src, - tunnel_id_to_key32(key->tun_id), key->tos, 0, - skb->mark, skb_get_hash(skb)); + tunnel_id_to_key32(key->tun_id), + key->tos & ~INET_ECN_MASK, 0, skb->mark, + skb_get_hash(skb)); rt = ip_route_output_key(dev_net(dev), &fl4); if (IS_ERR(rt)) return PTR_ERR(rt); Patches currently in stable-queue which might be from gnault@xxxxxxxxxx are queue-5.15/mlx5-don-t-accidentally-set-rto_onlink-before-mlx5e_route_lookup_ipv4_get.patch queue-5.15/xfrm-don-t-accidentally-set-rto_onlink-in-decode_session4.patch queue-5.15/ppp-ensure-minimum-packet-size-in-ppp_write.patch queue-5.15/gre-don-t-accidentally-set-rto_onlink-in-gre_fill_metadata_dst.patch queue-5.15/libcxgb-don-t-accidentally-set-rto_onlink-in-cxgb_find_route.patch