On Mon, Aug 05, 2024 at 02:53:40PM +0200, Nicolas Dichtel wrote:
Commit 252442f2ae317d109ef0b4b39ce0608c09563042 upstream.
By default, an address assigned to the output interface is selected when the source address is not specified. This is problematic when a route, configured in a vrf, uses an interface from another vrf (aka route leak). The original vrf does not own the selected source address.
Let's add a check against the output interface and call the appropriate function to select the source address.
There was a conflict during the backport in the function ip6_dst_lookup_tail(). The upstream commit fa17a6d8a5bd ("ipv6: lockless IPV6_ADDR_PREFERENCES implementation") added a READ_ONCE() on inet6_sk(sk)->srcprefs.
CC: stable@vger.kernel.org Fixes: 0d240e7811c4 ("net: vrf: Implement get_saddr for IPv6") Signed-off-by: Nicolas Dichtel nicolas.dichtel@6wind.com Link: https://patch.msgid.link/20240710081521.3809742-3-nicolas.dichtel@6wind.com Signed-off-by: Jakub Kicinski kuba@kernel.org Signed-off-by: Nicolas Dichtel nicolas.dichtel@6wind.com
include/net/ip6_route.h | 22 +++++++++++++++------- net/ipv6/ip6_output.c | 1 + net/ipv6/route.c | 2 +- 3 files changed, 17 insertions(+), 8 deletions(-)
Now queued up, thanks.
greg k-h