From ece9c2a70f7cb2d22827b07074cbc988f5f13199 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Fri, 24 Jun 2022 10:01:39 +0200 Subject: [PATCH] Revert "xfrm: fix "disable_policy" flag use when arriving from different devices" This reverts commit 47f04f95edb1aa00ac2d9a9fb0f1e50031965618 which is e6175a2ed1f18bf2f649625bf725e07adcfa6a28 commit upstream. It breaks the Android kernel ABI and if this really needs to be added to Android, it must come back in a format in the future that does not break the abi. Signed-off-by: Greg Kroah-Hartman Change-Id: Ibb0fcc031d2bf71f137d3c760d84858436acc801 --- include/net/ip.h | 1 - include/net/xfrm.h | 14 +------------- net/ipv4/route.c | 23 +++++------------------ 3 files changed, 6 insertions(+), 32 deletions(-) diff --git a/include/net/ip.h b/include/net/ip.h index 7baa3dd20fc1..db3a2eb144b3 100644 --- a/include/net/ip.h +++ b/include/net/ip.h @@ -57,7 +57,6 @@ struct inet_skb_parm { #define IPSKB_DOREDIRECT BIT(5) #define IPSKB_FRAG_PMTU BIT(6) #define IPSKB_L3SLAVE BIT(7) -#define IPSKB_NOPOLICY BIT(8) u16 frag_max_size; }; diff --git a/include/net/xfrm.h b/include/net/xfrm.h index da3d220670cf..f526a71e49c3 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1095,18 +1095,6 @@ static inline bool __xfrm_check_nopolicy(struct net *net, struct sk_buff *skb, return false; } -static inline bool __xfrm_check_dev_nopolicy(struct sk_buff *skb, - int dir, unsigned short family) -{ - if (dir != XFRM_POLICY_OUT && family == AF_INET) { - /* same dst may be used for traffic originating from - * devices with different policy settings. - */ - return IPCB(skb)->flags & IPSKB_NOPOLICY; - } - return skb_dst(skb) && (skb_dst(skb)->flags & DST_NOPOLICY); -} - static inline int __xfrm_policy_check2(struct sock *sk, int dir, struct sk_buff *skb, unsigned int family, int reverse) @@ -1118,7 +1106,7 @@ static inline int __xfrm_policy_check2(struct sock *sk, int dir, return __xfrm_policy_check(sk, ndir, skb, family); return __xfrm_check_nopolicy(net, skb, dir) || - __xfrm_check_dev_nopolicy(skb, dir, family) || + (skb_dst(skb) && (skb_dst(skb)->flags & DST_NOPOLICY)) || __xfrm_policy_check(sk, ndir, skb, family); } diff --git a/net/ipv4/route.c b/net/ipv4/route.c index aab8ac383d5d..9bd3cd2177f4 100644 --- a/net/ipv4/route.c +++ b/net/ipv4/route.c @@ -1765,7 +1765,6 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, struct in_device *in_dev = __in_dev_get_rcu(dev); unsigned int flags = RTCF_MULTICAST; struct rtable *rth; - bool no_policy; u32 itag = 0; int err; @@ -1776,12 +1775,8 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr, if (our) flags |= RTCF_LOCAL; - no_policy = IN_DEV_ORCONF(in_dev, NOPOLICY); - if (no_policy) - IPCB(skb)->flags |= IPSKB_NOPOLICY; - rth = rt_dst_alloc(dev_net(dev)->loopback_dev, flags, RTN_MULTICAST, - no_policy, false); + IN_DEV_ORCONF(in_dev, NOPOLICY), false); if (!rth) return -ENOBUFS; @@ -1840,7 +1835,7 @@ static int __mkroute_input(struct sk_buff *skb, struct rtable *rth; int err; struct in_device *out_dev; - bool do_cache, no_policy; + bool do_cache; u32 itag = 0; /* get a working reference to the output device */ @@ -1885,10 +1880,6 @@ static int __mkroute_input(struct sk_buff *skb, } } - no_policy = IN_DEV_ORCONF(in_dev, NOPOLICY); - if (no_policy) - IPCB(skb)->flags |= IPSKB_NOPOLICY; - fnhe = find_exception(nhc, daddr); if (do_cache) { if (fnhe) @@ -1901,7 +1892,8 @@ static int __mkroute_input(struct sk_buff *skb, } } - rth = rt_dst_alloc(out_dev->dev, 0, res->type, no_policy, + rth = rt_dst_alloc(out_dev->dev, 0, res->type, + IN_DEV_ORCONF(in_dev, NOPOLICY), IN_DEV_ORCONF(out_dev, NOXFRM)); if (!rth) { err = -ENOBUFS; @@ -2153,7 +2145,6 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr, struct rtable *rth; struct flowi4 fl4; bool do_cache = true; - bool no_policy; /* IP on this device is disabled. */ @@ -2271,10 +2262,6 @@ brd_input: RT_CACHE_STAT_INC(in_brd); local_input: - no_policy = IN_DEV_ORCONF(in_dev, NOPOLICY); - if (no_policy) - IPCB(skb)->flags |= IPSKB_NOPOLICY; - do_cache &= res->fi && !itag; if (do_cache) { struct fib_nh_common *nhc = FIB_RES_NHC(*res); @@ -2289,7 +2276,7 @@ local_input: rth = rt_dst_alloc(ip_rt_get_dev(net, res), flags | RTCF_LOCAL, res->type, - no_policy, false); + IN_DEV_ORCONF(in_dev, NOPOLICY), false); if (!rth) goto e_nobufs;