diff options
| author |   David S. Miller <davem@davemloft.net> | 2018-12-20 16:42:39 -0800 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2018-12-20 16:42:39 -0800 |
| commit | 7de333090a803a6678c3848d4eed1031bbc3dc95 (patch) | |
| tree | 2514d96e1b568a191ea18700470972e7a439c85a | |
| parent | net: mscc: ocelot: Register poll timeout should be wall time not attempts (diff) | |
| parent | selftests: rtnetlink: Add a test case for multipath route get (diff) | |
| download | wireguard-linux-7de333090a803a6678c3848d4eed1031bbc3dc95.tar.xz wireguard-linux-7de333090a803a6678c3848d4eed1031bbc3dc95.zip | |
Merge branch 'ipv4-Prevent-user-triggerable-warning'
Ido Schimmel says:
====================
net: ipv4: Prevent user triggerable warning
Patch #1 prevents a user triaggerable warning in the flow dissector by
setting 'skb->dev' in skbs used for IPv4 output route get requests.
Patch #2 adds a test case that triggers the warning without the first
patch.
I have audited all the RTM_GETROUTE handlers and could not find any
other callpath where an skb is passed to the flow dissector with both
'skb->dev' and 'skb->sk' cleared.
====================
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to '')
| -rw-r--r-- | net/ipv4/route.c | 1 | ||||
| -rwxr-xr-x | tools/testing/selftests/net/rtnetlink.sh | 15 |
2 files changed, 16 insertions, 0 deletions
diff --git a/net/ipv4/route.c b/net/ipv4/route.c index c4ddbc5f01fc..ce92f73cf104 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2849,6 +2849,7 @@ static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, err = -rt->dst.error; } else { fl4.flowi4_iif = LOOPBACK_IFINDEX; + skb->dev = net->loopback_dev; rt = ip_route_output_key_hash_rcu(net, &fl4, &res, skb); err = 0; if (IS_ERR(rt)) diff --git a/tools/testing/selftests/net/rtnetlink.sh b/tools/testing/selftests/net/rtnetlink.sh index c5cbea9b317d..78fc593dfe40 100755 --- a/tools/testing/selftests/net/rtnetlink.sh +++ b/tools/testing/selftests/net/rtnetlink.sh @@ -205,6 +205,8 @@ kci_test_polrouting() kci_test_route_get() { + local hash_policy=$(sysctl -n net.ipv4.fib_multipath_hash_policy) + ret=0 ip route get 127.0.0.1 > /dev/null @@ -223,6 +225,19 @@ kci_test_route_get() check_err $? ip route get 10.23.7.11 from 10.23.7.12 iif "$devdummy" > /dev/null check_err $? + ip route add 10.23.8.0/24 \ + nexthop via 10.23.7.13 dev "$devdummy" \ + nexthop via 10.23.7.14 dev "$devdummy" + check_err $? + sysctl -wq net.ipv4.fib_multipath_hash_policy=0 + ip route get 10.23.8.11 > /dev/null + check_err $? + sysctl -wq net.ipv4.fib_multipath_hash_policy=1 + ip route get 10.23.8.11 > /dev/null + check_err $? + sysctl -wq net.ipv4.fib_multipath_hash_policy="$hash_policy" + ip route del 10.23.8.0/24 + check_err $? ip addr del dev "$devdummy" 10.23.7.11/24 check_err $? |