Received: by 2002:a05:6a10:9848:0:0:0:0 with SMTP id x8csp3324428pxf; Mon, 15 Mar 2021 07:09:40 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxAUyhfFw5tmIct/33pPTGph0N0N6VGBu4NWGv3F5+Q6/a0GVW3Q/w6U69U1GvlHyBDspkK X-Received: by 2002:a50:fe06:: with SMTP id f6mr30441378edt.349.1615817379962; Mon, 15 Mar 2021 07:09:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1615817379; cv=none; d=google.com; s=arc-20160816; b=L9kO5yPAi0aRcILx5eX7aOSlIWcoYrdi5sRapR2tEONaaSfachB+GiVqjsB1lpYvbm MwxvvEiiknjMjezQ1FyoioX+Xe45nC1KhAGGFVUPLor7oz73vmqTGLN9kb+wo6YpFdP+ FGDvNq4lAoSJAUejKabcXW75h6dMnfP/nDsDKC91hLm6wkjl8Y0iiXA3q2TU+Gtt4Xhg S65QGb6dY1SmepffLeDl/4+gYSNLU/V+s+4CpyVEkEadLiGfaVwIOh93ExX8QeTBybNo kTJ2vXbpAkE3EIBQWeG8ktpRixN2Lh4mPlPTIvOgHohN58s3HdTeliv75CdnJU5LIKwU q6RA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=QTXldOvIf5jL4N0VPaAewxW8B5TP6FbXdek7YNFiJRM=; b=Vo89a3m9o1shhZwaP4/UlZEd5I+pwEvOFWLNj0H4WV0WbEIPtG2VbrqgGpQYKV5/9A 6UqAr4CtQJMwJOkcVkRf20m5oGv054pEgTX69AGTT5j9VDd7o4asqgD7Vinuhlw3s7j1 EKyTPNdUBePz9FfgS8bn3xh+UENdZ0hAVr4Cashc16NHnLPXU9fzqMh+o9WxQVMVF6uD VRqERX+eF5QpLOp0msUtu+cTSUXG4q0XvMqMjcqe+ZyEUFiEGkInHDw83IDuS3/A8tl5 QaXaDe9qHNR7xEGkrDl7/NxkxZ6Pxc8MnGRAmJXwWNQC1Lng5wuFejXen0TUzt0WeWXV SR1Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=sOsfEpCe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j13si10893915edn.369.2021.03.15.07.09.15; Mon, 15 Mar 2021 07:09:39 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=sOsfEpCe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235383AbhCOOHd (ORCPT + 99 others); Mon, 15 Mar 2021 10:07:33 -0400 Received: from mail.kernel.org ([198.145.29.99]:35610 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232241AbhCON6A (ORCPT ); Mon, 15 Mar 2021 09:58:00 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 2043C64F01; Mon, 15 Mar 2021 13:57:58 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1615816680; bh=p2Qq4GYPioMsa0XKgXrE0A9OR9T7H/RwnkiV9NVLwRA=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=sOsfEpCermotee2PbXAyuYHCuyiGX8HkBscMlp10o48Zg14vLk3Vqx4U7Ybt7A05r hDAxCyA+MiHzzWxksRkEP0dhC72eIA8p9IkXYURY1P9B4mkruAXPjuWjThJlRqXW+P dfqp8uHbObeWvTtJON5sHWd2agyWGbHuDJRT1pHc= From: gregkh@linuxfoundation.org To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Colin Ian King , Vladimir Oltean , "David S. Miller" Subject: [PATCH 5.11 060/306] net: mscc: ocelot: properly reject destination IP keys in VCAP IS1 Date: Mon, 15 Mar 2021 14:52:03 +0100 Message-Id: <20210315135509.678873406@linuxfoundation.org> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20210315135507.611436477@linuxfoundation.org> References: <20210315135507.611436477@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Greg Kroah-Hartman From: Vladimir Oltean commit f1becbed411c6fa29d7ce3def3a1dcd4f63f2d74 upstream. An attempt is made to warn the user about the fact that VCAP IS1 cannot offload keys matching on destination IP (at least given the current half key format), but sadly that warning fails miserably in practice, due to the fact that it operates on an uninitialized "match" variable. We must first decode the keys from the flow rule. Fixes: 75944fda1dfe ("net: mscc: ocelot: offload ingress skbedit and vlan actions to VCAP IS1") Reported-by: Colin Ian King Signed-off-by: Vladimir Oltean Reviewed-by: Colin Ian King Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- drivers/net/ethernet/mscc/ocelot_flower.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/drivers/net/ethernet/mscc/ocelot_flower.c +++ b/drivers/net/ethernet/mscc/ocelot_flower.c @@ -540,13 +540,14 @@ ocelot_flower_parse_key(struct ocelot *o return -EOPNOTSUPP; } + flow_rule_match_ipv4_addrs(rule, &match); + if (filter->block_id == VCAP_IS1 && *(u32 *)&match.mask->dst) { NL_SET_ERR_MSG_MOD(extack, "Key type S1_NORMAL cannot match on destination IP"); return -EOPNOTSUPP; } - flow_rule_match_ipv4_addrs(rule, &match); tmp = &filter->key.ipv4.sip.value.addr[0]; memcpy(tmp, &match.key->src, 4);