xiaomi-sm8450/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "xfrm: fix "disable_policy" flag use when arriving from different devices"

Browse Source 
This reverts commit 47f04f95ed which is
e6175a2ed1f18bf2f649625bf725e07adcfa6a28 commit upstream.

It breaks the Android kernel ABI and if this really needs to be added to
Android, it must come back in a format in the future that does not break
the abi.

Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
Change-Id: Ibb0fcc031d2bf71f137d3c760d84858436acc801
This commit is contained in:
Greg Kroah-Hartman
2022-06-24 10:01:39 +02:00
parent 9dcde7a741
commit ece9c2a70f
3 changed files with 6 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
include/net/ip.h
View File

@@ -57,7 +57,6 @@ struct inet_skb_parm {
#define IPSKB_DOREDIRECT BIT(5) #define IPSKB_DOREDIRECT BIT(5)
#define IPSKB_FRAG_PMTU BIT(6) #define IPSKB_FRAG_PMTU BIT(6)
#define IPSKB_L3SLAVE BIT(7) #define IPSKB_L3SLAVE BIT(7)
#define IPSKB_NOPOLICY BIT(8)
u16 frag_max_size; u16 frag_max_size;
}; };

14
include/net/xfrm.h
View File

@@ -1095,18 +1095,6 @@ static inline bool __xfrm_check_nopolicy(struct net *net, struct sk_buff *skb,
return false; return false;
} }
static inline bool __xfrm_check_dev_nopolicy(struct sk_buff *skb,
int dir, unsigned short family)
{
if (dir != XFRM_POLICY_OUT && family == AF_INET) {
/* same dst may be used for traffic originating from
* devices with different policy settings.
*/
return IPCB(skb)->flags & IPSKB_NOPOLICY;
}
return skb_dst(skb) && (skb_dst(skb)->flags & DST_NOPOLICY);
}
static inline int __xfrm_policy_check2(struct sock *sk, int dir, static inline int __xfrm_policy_check2(struct sock *sk, int dir,
struct sk_buff *skb, struct sk_buff *skb,
unsigned int family, int reverse) unsigned int family, int reverse)
@@ -1118,7 +1106,7 @@ static inline int __xfrm_policy_check2(struct sock *sk, int dir,
return __xfrm_policy_check(sk, ndir, skb, family); return __xfrm_policy_check(sk, ndir, skb, family);
return __xfrm_check_nopolicy(net, skb, dir) || return __xfrm_check_nopolicy(net, skb, dir) ||
__xfrm_check_dev_nopolicy(skb, dir, family) || (skb_dst(skb) && (skb_dst(skb)->flags & DST_NOPOLICY)) ||
__xfrm_policy_check(sk, ndir, skb, family); __xfrm_policy_check(sk, ndir, skb, family);
} }

23
net/ipv4/route.c
View File

@@ -1765,7 +1765,6 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
struct in_device *in_dev = __in_dev_get_rcu(dev); struct in_device *in_dev = __in_dev_get_rcu(dev);
unsigned int flags = RTCF_MULTICAST; unsigned int flags = RTCF_MULTICAST;
struct rtable *rth; struct rtable *rth;
bool no_policy;
u32 itag = 0; u32 itag = 0;
int err; int err;
@@ -1776,12 +1775,8 @@ static int ip_route_input_mc(struct sk_buff *skb, __be32 daddr, __be32 saddr,
if (our) if (our)
flags |= RTCF_LOCAL; flags |= RTCF_LOCAL;
no_policy = IN_DEV_ORCONF(in_dev, NOPOLICY);
if (no_policy)
IPCB(skb)->flags |= IPSKB_NOPOLICY;
rth = rt_dst_alloc(dev_net(dev)->loopback_dev, flags, RTN_MULTICAST, rth = rt_dst_alloc(dev_net(dev)->loopback_dev, flags, RTN_MULTICAST,
no_policy, false); IN_DEV_ORCONF(in_dev, NOPOLICY), false);
if (!rth) if (!rth)
return -ENOBUFS; return -ENOBUFS;
@@ -1840,7 +1835,7 @@ static int __mkroute_input(struct sk_buff *skb,
struct rtable *rth; struct rtable *rth;
int err; int err;
struct in_device *out_dev; struct in_device *out_dev;
bool do_cache, no_policy; bool do_cache;
u32 itag = 0; u32 itag = 0;
/* get a working reference to the output device */ /* get a working reference to the output device */
@@ -1885,10 +1880,6 @@ static int __mkroute_input(struct sk_buff *skb,
} }
} }
no_policy = IN_DEV_ORCONF(in_dev, NOPOLICY);
if (no_policy)
IPCB(skb)->flags |= IPSKB_NOPOLICY;
fnhe = find_exception(nhc, daddr); fnhe = find_exception(nhc, daddr);
if (do_cache) { if (do_cache) {
if (fnhe) if (fnhe)
@@ -1901,7 +1892,8 @@ static int __mkroute_input(struct sk_buff *skb,
} }
} }
rth = rt_dst_alloc(out_dev->dev, 0, res->type, no_policy, rth = rt_dst_alloc(out_dev->dev, 0, res->type,
IN_DEV_ORCONF(in_dev, NOPOLICY),
IN_DEV_ORCONF(out_dev, NOXFRM)); IN_DEV_ORCONF(out_dev, NOXFRM));
if (!rth) { if (!rth) {
err = -ENOBUFS; err = -ENOBUFS;
@@ -2153,7 +2145,6 @@ static int ip_route_input_slow(struct sk_buff *skb, __be32 daddr, __be32 saddr,
struct rtable *rth; struct rtable *rth;
struct flowi4 fl4; struct flowi4 fl4;
bool do_cache = true; bool do_cache = true;
bool no_policy;
/* IP on this device is disabled. */ /* IP on this device is disabled. */
@@ -2271,10 +2262,6 @@ brd_input:
RT_CACHE_STAT_INC(in_brd); RT_CACHE_STAT_INC(in_brd);
local_input: local_input:
no_policy = IN_DEV_ORCONF(in_dev, NOPOLICY);
if (no_policy)
IPCB(skb)->flags |= IPSKB_NOPOLICY;
do_cache &= res->fi && !itag; do_cache &= res->fi && !itag;
if (do_cache) { if (do_cache) {
struct fib_nh_common *nhc = FIB_RES_NHC(*res); struct fib_nh_common *nhc = FIB_RES_NHC(*res);
@@ -2289,7 +2276,7 @@ local_input:
rth = rt_dst_alloc(ip_rt_get_dev(net, res), rth = rt_dst_alloc(ip_rt_get_dev(net, res),
flags | RTCF_LOCAL, res->type, flags | RTCF_LOCAL, res->type,
no_policy, false); IN_DEV_ORCONF(in_dev, NOPOLICY), false);
if (!rth) if (!rth)
goto e_nobufs; goto e_nobufs;