Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp1676537pxu; Sun, 6 Dec 2020 03:42:44 -0800 (PST) X-Google-Smtp-Source: ABdhPJzjd+Xtsej1/M9cKZF5KDqryn0xsOjkn1VNTgN3Xg6wc+bAOEtRm5WGPP2rlsuXTNkWyQwI X-Received: by 2002:a17:906:c193:: with SMTP id g19mr14365346ejz.393.1607254964026; Sun, 06 Dec 2020 03:42:44 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1607254964; cv=none; d=google.com; s=arc-20160816; b=eM4MGL8eBS3V93yPMPaK78NsIahBY3XwJ2tfuXP+mUIDs525uzz7AqCfsYVTJRPnps kI1i0tjvRCtw7FGT/ippEUj/18njfIjmY0Rv7N3wP1LGIL1v84Vmv3FJ0FB1TNn2Pr7k JhqLvznBmMrLXd9QsVxfHZsuSErs2fIYgOPxWrGkBXlH6l3EAycPtYjGppO+uxaw40dP HBUHBmo7NHXz+qUBEA0VSgzo1gn/GNt2tNvPE29ApABJyMSEmUukaywly3ptlSHmJoE2 Tahm8DF1hur4pdhJ6WlGlLpeko4X/F7h7O+LN7C0wEVgYNBinp1dhh1y0tNS71YsO1FS TAUQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from; bh=zGx8WmkKYsSHPW8aw9czpb2qmHHfz7ubNXEOgyg0qSs=; b=s/QarHQ/h/snWSoLZmWbYvRFqFCpdB9YEuyCk2ejGstTzE/uKaZS9vYGXiweEAyQ9m Xlcci+I1daScc1tGL5asasTCtFzo0Ogulh3LUp/A8ptCLCNHVM3ZuIpcEzkCkw/DvLZt 5aaquQ1IvkwnGGhNZWVEO9Dd6BhQpv+pQycho4qS7/Lub15HaJwxWYyF4Sag1Z6oCrfg oiOBrqYQR8jm36pKNoJPplQcuGhpuKmHjfyLOTT+RFn6tVwHHdUGHYzO6LLmQbuJRmxG pGq6370FFuHoKqHx9vumaYgREjGhqs67f6a9As1rMdx/WWpOv8Un+IYRBJCmHBqEJ8cy qRiQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a3si5537276ejd.407.2020.12.06.03.42.21; Sun, 06 Dec 2020 03:42:44 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728090AbgLFLje (ORCPT + 99 others); Sun, 6 Dec 2020 06:39:34 -0500 Received: from mail.kernel.org ([198.145.29.99]:36364 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728076AbgLFLjd (ORCPT ); Sun, 6 Dec 2020 06:39:33 -0500 From: Greg Kroah-Hartman Authentication-Results: mail.kernel.org; dkim=permerror (bad message/signature format) To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Guillaume Nault , David Ahern , Jakub Kicinski Subject: [PATCH 4.14 09/20] ipv4: Fix tos mask in inet_rtm_getroute() Date: Sun, 6 Dec 2020 12:17:12 +0100 Message-Id: <20201206111556.004400819@linuxfoundation.org> X-Mailer: git-send-email 2.29.2 In-Reply-To: <20201206111555.569713359@linuxfoundation.org> References: <20201206111555.569713359@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Guillaume Nault [ Upstream commit 1ebf179037cb46c19da3a9c1e2ca16e7a754b75e ] When inet_rtm_getroute() was converted to use the RCU variants of ip_route_input() and ip_route_output_key(), the TOS parameters stopped being masked with IPTOS_RT_MASK before doing the route lookup. As a result, "ip route get" can return a different route than what would be used when sending real packets. For example: $ ip route add 192.0.2.11/32 dev eth0 $ ip route add unreachable 192.0.2.11/32 tos 2 $ ip route get 192.0.2.11 tos 2 RTNETLINK answers: No route to host But, packets with TOS 2 (ECT(0) if interpreted as an ECN bit) would actually be routed using the first route: $ ping -c 1 -Q 2 192.0.2.11 PING 192.0.2.11 (192.0.2.11) 56(84) bytes of data. 64 bytes from 192.0.2.11: icmp_seq=1 ttl=64 time=0.173 ms --- 192.0.2.11 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.173/0.173/0.173/0.000 ms This patch re-applies IPTOS_RT_MASK in inet_rtm_getroute(), to return results consistent with real route lookups. Fixes: 3765d35ed8b9 ("net: ipv4: Convert inet_rtm_getroute to rcu versions of route lookup") Signed-off-by: Guillaume Nault Reviewed-by: David Ahern Link: https://lore.kernel.org/r/b2d237d08317ca55926add9654a48409ac1b8f5b.1606412894.git.gnault@redhat.com Signed-off-by: Jakub Kicinski Signed-off-by: Greg Kroah-Hartman --- net/ipv4/route.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2788,7 +2788,7 @@ static int inet_rtm_getroute(struct sk_b memset(&fl4, 0, sizeof(fl4)); fl4.daddr = dst; fl4.saddr = src; - fl4.flowi4_tos = rtm->rtm_tos; + fl4.flowi4_tos = rtm->rtm_tos & IPTOS_RT_MASK; fl4.flowi4_oif = tb[RTA_OIF] ? nla_get_u32(tb[RTA_OIF]) : 0; fl4.flowi4_mark = mark; fl4.flowi4_uid = uid; @@ -2807,8 +2807,9 @@ static int inet_rtm_getroute(struct sk_b skb->protocol = htons(ETH_P_IP); skb->dev = dev; skb->mark = mark; - err = ip_route_input_rcu(skb, dst, src, rtm->rtm_tos, - dev, &res); + err = ip_route_input_rcu(skb, dst, src, + rtm->rtm_tos & IPTOS_RT_MASK, dev, + &res); rt = skb_rtable(skb); if (err == 0 && rt->dst.error)