mirror of
https://github.com/followmsi/android_kernel_google_msm.git
synced 2024-11-06 23:17:41 +00:00
ipv4: Pass struct flowi4 directly to rt_fill_info
This is partly a backport of d6c0a4f609
(ipv4: Kill 'rt_src' from 'struct rtable').
skb->sk can be null, and in fact it is when creating the buffer
in inet_rtm_getroute. There is no other way of accessing the flow,
so pass it directly.
Fixes invalid memory address when running 'ip route get $IPADDR'
Bug: https://gitlab.com/LineageOS/issues/android/issues/492
Change-Id: I7b9e5499614b96360c9c8420907e82e145bb97f3
This commit is contained in:
parent
49e6015b83
commit
3446b466b6
1 changed files with 13 additions and 13 deletions
|
@ -2985,14 +2985,13 @@ struct rtable *ip_route_output_flow(struct net *net, struct flowi4 *flp4,
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL_GPL(ip_route_output_flow);
|
EXPORT_SYMBOL_GPL(ip_route_output_flow);
|
||||||
|
|
||||||
static int rt_fill_info(struct net *net,
|
static int rt_fill_info(struct net *net, struct flowi4 *fl4,
|
||||||
struct sk_buff *skb, u32 pid, u32 seq, int event,
|
struct sk_buff *skb, u32 pid, u32 seq, int event,
|
||||||
int nowait, unsigned int flags)
|
int nowait, unsigned int flags)
|
||||||
{
|
{
|
||||||
struct rtable *rt = skb_rtable(skb);
|
struct rtable *rt = skb_rtable(skb);
|
||||||
struct rtmsg *r;
|
struct rtmsg *r;
|
||||||
struct nlmsghdr *nlh;
|
struct nlmsghdr *nlh;
|
||||||
struct flowi4 *fl4 = &(inet_sk(skb->sk))->cork.fl.u.ip4;
|
|
||||||
unsigned long expires = 0;
|
unsigned long expires = 0;
|
||||||
const struct inet_peer *peer = rt->peer;
|
const struct inet_peer *peer = rt->peer;
|
||||||
u32 id = 0, ts = 0, tsage = 0, error;
|
u32 id = 0, ts = 0, tsage = 0, error;
|
||||||
|
@ -3106,6 +3105,7 @@ static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void
|
||||||
struct rtmsg *rtm;
|
struct rtmsg *rtm;
|
||||||
struct nlattr *tb[RTA_MAX+1];
|
struct nlattr *tb[RTA_MAX+1];
|
||||||
struct rtable *rt = NULL;
|
struct rtable *rt = NULL;
|
||||||
|
struct flowi4 fl4;
|
||||||
__be32 dst = 0;
|
__be32 dst = 0;
|
||||||
__be32 src = 0;
|
__be32 src = 0;
|
||||||
u32 iif;
|
u32 iif;
|
||||||
|
@ -3145,6 +3145,14 @@ static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void
|
||||||
else
|
else
|
||||||
uid = (iif ? INVALID_UID : current_uid());
|
uid = (iif ? INVALID_UID : current_uid());
|
||||||
|
|
||||||
|
memset(&fl4, 0, sizeof(fl4));
|
||||||
|
fl4.daddr = dst;
|
||||||
|
fl4.saddr = src;
|
||||||
|
fl4.flowi4_tos = rtm->rtm_tos;
|
||||||
|
fl4.flowi4_oif = tb[RTA_OIF] ? nla_get_u32(tb[RTA_OIF]) : 0;
|
||||||
|
fl4.flowi4_mark = mark;
|
||||||
|
fl4.flowi4_uid = uid;
|
||||||
|
|
||||||
if (iif) {
|
if (iif) {
|
||||||
struct net_device *dev;
|
struct net_device *dev;
|
||||||
|
|
||||||
|
@ -3165,14 +3173,6 @@ static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void
|
||||||
if (err == 0 && rt->dst.error)
|
if (err == 0 && rt->dst.error)
|
||||||
err = -rt->dst.error;
|
err = -rt->dst.error;
|
||||||
} else {
|
} else {
|
||||||
struct flowi4 fl4 = {
|
|
||||||
.daddr = dst,
|
|
||||||
.saddr = src,
|
|
||||||
.flowi4_tos = rtm->rtm_tos,
|
|
||||||
.flowi4_oif = tb[RTA_OIF] ? nla_get_u32(tb[RTA_OIF]) : 0,
|
|
||||||
.flowi4_mark = mark,
|
|
||||||
.flowi4_uid = uid,
|
|
||||||
};
|
|
||||||
rt = ip_route_output_key(net, &fl4);
|
rt = ip_route_output_key(net, &fl4);
|
||||||
|
|
||||||
err = 0;
|
err = 0;
|
||||||
|
@ -3187,7 +3187,7 @@ static int inet_rtm_getroute(struct sk_buff *in_skb, struct nlmsghdr* nlh, void
|
||||||
if (rtm->rtm_flags & RTM_F_NOTIFY)
|
if (rtm->rtm_flags & RTM_F_NOTIFY)
|
||||||
rt->rt_flags |= RTCF_NOTIFY;
|
rt->rt_flags |= RTCF_NOTIFY;
|
||||||
|
|
||||||
err = rt_fill_info(net, skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq,
|
err = rt_fill_info(net, &fl4, skb, NETLINK_CB(in_skb).pid, nlh->nlmsg_seq,
|
||||||
RTM_NEWROUTE, 0, 0);
|
RTM_NEWROUTE, 0, 0);
|
||||||
if (err <= 0)
|
if (err <= 0)
|
||||||
goto errout_free;
|
goto errout_free;
|
||||||
|
@ -3225,8 +3225,8 @@ int ip_rt_dump(struct sk_buff *skb, struct netlink_callback *cb)
|
||||||
if (rt_is_expired(rt))
|
if (rt_is_expired(rt))
|
||||||
continue;
|
continue;
|
||||||
skb_dst_set_noref(skb, &rt->dst);
|
skb_dst_set_noref(skb, &rt->dst);
|
||||||
if (rt_fill_info(net, skb, NETLINK_CB(cb->skb).pid,
|
if (rt_fill_info(net, &(inet_sk(skb->sk))->cork.fl.u.ip4, skb,
|
||||||
cb->nlh->nlmsg_seq, RTM_NEWROUTE,
|
NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq, RTM_NEWROUTE,
|
||||||
1, NLM_F_MULTI) <= 0) {
|
1, NLM_F_MULTI) <= 0) {
|
||||||
skb_dst_drop(skb);
|
skb_dst_drop(skb);
|
||||||
rcu_read_unlock_bh();
|
rcu_read_unlock_bh();
|
||||||
|
|
Loading…
Reference in a new issue