On Mon, Aug 05, 2024 at 02:53:40PM +0200, Nicolas Dichtel wrote:
> Commit 252442f2ae317d109ef0b4b39ce0608c09563042 upstream.
>
> By default, an address assigned to the output interface is selected when
> the source address is not specified. This is problematic when a route,
> configured in a vrf, uses an interface from another vrf (aka route leak).
> The original vrf does not own the selected source address.
>
> Let's add a check against the output interface and call the appropriate
> function to select the source address.
>
> There was a conflict during the backport in the function
> ip6_dst_lookup_tail(). The upstream commit fa17a6d8a5bd ("ipv6: lockless
> IPV6_ADDR_PREFERENCES implementation") added a READ_ONCE() on
> inet6_sk(sk)->srcprefs.
>
> CC: stable@xxxxxxxxxxxxxxx
> Fixes: 0d240e7811c4 ("net: vrf: Implement get_saddr for IPv6")
> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx>
> Link: https://patch.msgid.link/20240710081521.3809742-3-nicolas.dichtel@xxxxxxxxx
> Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
> Signed-off-by: Nicolas Dichtel <nicolas.dichtel@xxxxxxxxx>
> ---
> include/net/ip6_route.h | 22 +++++++++++++++-------
> net/ipv6/ip6_output.c | 1 +
> net/ipv6/route.c | 2 +-
> 3 files changed, 17 insertions(+), 8 deletions(-)
Now queued up, thanks.
greg k-h
