Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3324071pxf; Mon, 15 Mar 2021 07:09:13 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz1GZsizhI7OV88PdI7Un0EXXXMjuSPED7JKSuP6pOH1tfPcDgZl+mwyE9kO5pN/aXRmH5I X-Received: by 2002:a17:906:af6f:: with SMTP id os15mr23949877ejb.279.1615817353290; Mon, 15 Mar 2021 07:09:13 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1615817353; cv=none; d=google.com; s=arc-20160816; b=ofmyrVKatnITGguyjMcq+CIWkthOZ1yMCLhxfomcuaAB5HmsHRyDBh/6EJSB+N0LzM 8aJjXKaPlhke9sBtrxhyszGRo0KxllrrEitH8lT0iErEe22q1/MCkLIbB7lExc65cFy6 IJyWXq7aeGMUaooNgKJcBU+yE9ysNkxZktbl9VHJvEY2gpiFoHHLWVLsoxxyH8J49CyN DOUIufNxHHsxsJ3XMVvGh+qw7ez+ATkA683oB+hQk45QizPZvrolXGNtXoAHHcS+IbFO qN5UGXNfjAtHW2rUgLEX9zeP0yRCfXfgLO+Aswk/5WrgySvu8CeRe80SIL1Y10kuSBiG xu7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=QTXldOvIf5jL4N0VPaAewxW8B5TP6FbXdek7YNFiJRM=; b=Opg3oxP8vlfncN/moGmO0in4em4i86fxFWmTej5N9zw1mged5DI0Ltu20vTN3ImRlt xbbx+LnlyuGBURqH5CWA9ajJeGccmzPN8N/CcORBFBA4/OrYCS3+MgK4XZvy/HmHRbn6 Jm5dLzKFzYnMAJxDIv3yes0VRzblta4x0LMytGpClrQg6RZycsaqfnz6QbaWeU2POb/Q Yh/KpiyH78RfuFwJqi7fOgTBiO553UwLDBTDq/VxeTzNzXroJgvDrmnbwff6vY1W1DBD BIMX+aTs2ZXiiO0OWnIMgvfeGNH2lIpAhKbbI9OKAFyOGPcZ4SHD2gdd9WK1b7Vlbx1l 2Eqg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="Cbf/kPNk"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id dg23si11174771edb.519.2021.03.15.07.08.49; Mon, 15 Mar 2021 07:09:13 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="Cbf/kPNk"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235085AbhCOOHF (ORCPT + 99 others); Mon, 15 Mar 2021 10:07:05 -0400 Received: from mail.kernel.org ([198.145.29.99]:35038 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232209AbhCON54 (ORCPT ); Mon, 15 Mar 2021 09:57:56 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id E93D964F04; Mon, 15 Mar 2021 13:57:54 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1615816676; bh=p2Qq4GYPioMsa0XKgXrE0A9OR9T7H/RwnkiV9NVLwRA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=Cbf/kPNk025miiqI8iyaa0drecSCQ69DHD12y7O4LrP5tP8qK67fn2hjiU3kHZZeh 3yjsSaMF2h9Gno32uGyuwZWn0ZLE/F0O9z2JE20Rsp5vFY0grh5ax5LGLl1HT6JLK+ b/Qgb9l0jFsf5O8cjroLPGaPADULt/vKtT4xQbJ4= From: gregkh@linuxfoundation.org To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Colin Ian King , Vladimir Oltean , "David S. Miller" Subject: [PATCH 5.10 049/290] net: mscc: ocelot: properly reject destination IP keys in VCAP IS1 Date: Mon, 15 Mar 2021 14:52:22 +0100 Message-Id: <20210315135543.583584863@linuxfoundation.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210315135541.921894249@linuxfoundation.org> References: <20210315135541.921894249@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Greg Kroah-Hartman From: Vladimir Oltean commit f1becbed411c6fa29d7ce3def3a1dcd4f63f2d74 upstream. An attempt is made to warn the user about the fact that VCAP IS1 cannot offload keys matching on destination IP (at least given the current half key format), but sadly that warning fails miserably in practice, due to the fact that it operates on an uninitialized "match" variable. We must first decode the keys from the flow rule. Fixes: 75944fda1dfe ("net: mscc: ocelot: offload ingress skbedit and vlan actions to VCAP IS1") Reported-by: Colin Ian King Signed-off-by: Vladimir Oltean Reviewed-by: Colin Ian King Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- drivers/net/ethernet/mscc/ocelot_flower.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/net/ethernet/mscc/ocelot_flower.c +++ b/drivers/net/ethernet/mscc/ocelot_flower.c @@ -540,13 +540,14 @@ ocelot_flower_parse_key(struct ocelot *o return -EOPNOTSUPP; } + flow_rule_match_ipv4_addrs(rule, &match); + if (filter->block_id == VCAP_IS1 && *(u32 *)&match.mask->dst) { NL_SET_ERR_MSG_MOD(extack, "Key type S1_NORMAL cannot match on destination IP"); return -EOPNOTSUPP; } - flow_rule_match_ipv4_addrs(rule, &match); tmp = &filter->key.ipv4.sip.value.addr[0]; memcpy(tmp, &match.key->src, 4);