Received: by 10.213.65.68 with SMTP id h4csp497679imn;
        Fri, 16 Mar 2018 09:32:33 -0700 (PDT)
X-Google-Smtp-Source: AG47ELurJEvAPCzmXMWip9yi4QqTE428eAKir4WCONjq5tJjTG+/Ly5rDbHZewesh/H4LFN6lV4C
X-Received: by 2002:a17:902:2904:: with SMTP id g4-v6mr2822269plb.170.1521217953291;
        Fri, 16 Mar 2018 09:32:33 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1521217953; cv=none;
        d=google.com; s=arc-20160816;
        b=knWXKGpQAKVvL6XRISrnY1T89UIY8fvAT1ToHgfhEl+N7dTdfrw1U68BiZG6OmgGq6
         3HYSsChDPmC5zg1rDPkYSbfFn6iQksOzSl3A2YYqQED++PuHiVMwWbFhNtTpn3hGaQbO
         yK1KzZ5nV/OceeFZ18WlUxAtCVVsjT06D4vhLOAn/9QuveAdPKNGLp8QW+k/xO6JyEM0
         O8b310j0PuIAjrffIi3X9lTJFK+N9+rptL8ludxsf3RfJWZ0BVx8A9jkdNopomHq7TDj
         CcM7XXGE6RIexuGLGGxKWOnIcVqHz1RvQ663mWDFpehckTz9uXxn8tvVRTWXVoI3wfuH
         08JA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=koPalqGxY9MszQuLyX4feCyOOnZxTVuW02ikMURxGus=;
        b=AWcwz7xwUgfQHKXZ8IQu79dtvCbseCqZqIasx1a7jCU/WdHr7RIous/DYnzwBzhR43
         t7E0Y1OT6NhkmMP8AVenE/avy6grMHX7klmGSv5Urv9OqMygydrlOgxQCqMn3bZiJfCb
         GQOUacf6XGTADOih4QfzYObEOTEZaMoIuR512CP8jOjfzgeuX/vXCyPjio4HNhTPP9S/
         WM6B/ozXzRXWYGUY/Z+Am86GI+dNRiOPLVyU6z9LFWNEv9yJSv84vWRyY5I1/ysjexjL
         G14NNxRGHSvn/Ntd81PTysWwZD0KY3xh7rf3JTN0SRp6QdEd7Te7F8iB+cOqWk+sWX2G
         oXyA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id u2-v6si6460580plm.476.2018.03.16.09.32.19;
        Fri, 16 Mar 2018 09:32:33 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S964883AbeCPPi6 (ORCPT <rfc822;carmate383@gmail.com> + 99 others);
        Fri, 16 Mar 2018 11:38:58 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:43082 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S934235AbeCPPiz (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 16 Mar 2018 11:38:55 -0400
Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id 50FDC49F;
        Fri, 16 Mar 2018 15:38:54 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Amit Sikka <amit.sikka@ericsson.com>,
        Mahesh Bandewar <maheshb@google.com>,
        "David S. Miller" <davem@davemloft.net>,
        Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 4.14 103/109] ipvlan: add L2 check for packets arriving via virtual devices
Date:   Fri, 16 Mar 2018 16:24:12 +0100
Message-Id: <20180316152335.448287990@linuxfoundation.org>
X-Mailer: git-send-email 2.16.2
In-Reply-To: <20180316152329.844663293@linuxfoundation.org>
References: <20180316152329.844663293@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.14-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Mahesh Bandewar <maheshb@google.com>


[ Upstream commit 92ff42645028fa6f9b8aa767718457b9264316b4 ]

Packets that don't have dest mac as the mac of the master device should
not be entertained by the IPvlan rx-handler. This is mostly true as the
packet path mostly takes care of that, except when the master device is
a virtual device. As demonstrated in the following case -

  ip netns add ns1
  ip link add ve1 type veth peer name ve2
  ip link add link ve2 name iv1 type ipvlan mode l2
  ip link set dev iv1 netns ns1
  ip link set ve1 up
  ip link set ve2 up
  ip -n ns1 link set iv1 up
  ip addr add 192.168.10.1/24 dev ve1
  ip -n ns1 addr 192.168.10.2/24 dev iv1
  ping -c2 192.168.10.2
  <Works!>
  ip neigh show dev ve1
  ip neigh show 192.168.10.2 lladdr <random> dev ve1
  ping -c2 192.168.10.2
  <Still works! Wrong!!>

This patch adds that missing check in the IPvlan rx-handler.

Reported-by: Amit Sikka <amit.sikka@ericsson.com>
Signed-off-by: Mahesh Bandewar <maheshb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 drivers/net/ipvlan/ipvlan_core.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/drivers/net/ipvlan/ipvlan_core.c
+++ b/drivers/net/ipvlan/ipvlan_core.c
@@ -304,6 +304,10 @@ static int ipvlan_rcv_frame(struct ipvl_
 		if (dev_forward_skb(ipvlan->dev, skb) == NET_RX_SUCCESS)
 			success = true;
 	} else {
+		if (!ether_addr_equal_64bits(eth_hdr(skb)->h_dest,
+					     ipvlan->phy_dev->dev_addr))
+			skb->pkt_type = PACKET_OTHERHOST;
+
 		ret = RX_HANDLER_ANOTHER;
 		success = true;
 	}