From be612f5e99e1d48de34f4befcb700d840c15e05e Mon Sep 17 00:00:00 2001 From: Guillaume Nault Date: Tue, 1 Oct 2024 21:28:55 +0200 Subject: ipv4: Convert ip_route_input_rcu() to dscp_t. Pass a dscp_t variable to ip_route_input_rcu(), instead of a plain u8, to prevent accidental setting of ECN bits in ->flowi4_tos. Callers of ip_route_input_rcu() to consider are: * ip_route_input_noref(), which already has a dscp_t variable to pass as parameter. We just need to remove the inet_dscp_to_dsfield() conversion. * inet_rtm_getroute(), which receives a u8 from user space and needs to convert it with inet_dsfield_to_dscp(). Signed-off-by: Guillaume Nault Reviewed-by: David Ahern Link: https://patch.msgid.link/c4dbb5aa9cbc79c4fcb317abbffa7c7156bc56a7.1727807926.git.gnault@redhat.com Signed-off-by: Jakub Kicinski --- net/ipv4/route.c | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) (limited to 'net/ipv4/route.c') diff --git a/net/ipv4/route.c b/net/ipv4/route.c index 00bfc0a11f64..a693b57b4111 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -2415,7 +2415,8 @@ martian_source: /* called with rcu_read_lock held */ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, - u8 tos, struct net_device *dev, struct fib_result *res) + dscp_t dscp, struct net_device *dev, + struct fib_result *res) { /* Multicast recognition logic is moved from route cache to here. * The problem was that too many Ethernet cards have broken/missing @@ -2456,12 +2457,14 @@ static int ip_route_input_rcu(struct sk_buff *skb, __be32 daddr, __be32 saddr, #endif ) { err = ip_route_input_mc(skb, daddr, saddr, - tos, dev, our); + inet_dscp_to_dsfield(dscp), + dev, our); } return err; } - return ip_route_input_slow(skb, daddr, saddr, tos, dev, res); + return ip_route_input_slow(skb, daddr, saddr, + inet_dscp_to_dsfield(dscp), dev, res); } int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, @@ -2471,8 +2474,7 @@ int ip_route_input_noref(struct sk_buff *skb, __be32 daddr, __be32 saddr, int err; rcu_read_lock(); - err = ip_route_input_rcu(skb, daddr, saddr, inet_dscp_to_dsfield(dscp), - dev, &res); + err = ip_route_input_rcu(skb, daddr, saddr, dscp, dev, &res); rcu_read_unlock(); return err; @@ -3286,8 +3288,8 @@ static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr *nlh, skb->dev = dev; skb->mark = mark; err = ip_route_input_rcu(skb, dst, src, - rtm->rtm_tos & INET_DSCP_MASK, dev, - &res); + inet_dsfield_to_dscp(rtm->rtm_tos), + dev, &res); rt = skb_rtable(skb); if (err == 0 && rt->dst.error) -- cgit v1.2.3