Commit 969a2019 authored by Eric Dumazet's avatar Eric Dumazet Committed by Jakub Kicinski
Browse files

ipv6: inet6_csk_xmit() and inet6_csk_update_pmtu() use inet->cork.fl.u.ip6 



Convert inet6_csk_route_socket() to use np->final instead of an
automatic variable to get rid of a stack canary.

Convert inet6_csk_xmit() and inet6_csk_update_pmtu() to use
inet->cork.fl.u.ip6 instead of @fl6 automatic variable.

Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Reviewed-by: default avatarKuniyuki Iwashima <kuniyu@google.com>
Link: https://patch.msgid.link/20260206173426.1638518-5-edumazet@google.com


Signed-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parent 4e6c91cf

net/ipv6/inet6_connection_sock.c

+11 −9
Original line number Diff line number Diff line
@@ -60,7 +60,7 @@ static struct dst_entry *inet6_csk_route_socket(struct sock *sk, 
{

	struct inet_sock *inet = inet_sk(sk);

	struct ipv6_pinfo *np = inet6_sk(sk);

	struct in6_addr *final_p, final;

	struct in6_addr *final_p;

	struct dst_entry *dst;



	memset(fl6, 0, sizeof(*fl6));
@@ -77,7 +77,7 @@ static struct dst_entry *inet6_csk_route_socket(struct sock *sk, 
	security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));



	rcu_read_lock();

	final_p = fl6_update_dst(fl6, rcu_dereference(np->opt), &final);

	final_p = fl6_update_dst(fl6, rcu_dereference(np->opt), &np->final);

	rcu_read_unlock();



	dst = __sk_dst_check(sk, np->dst_cookie);
@@ -92,12 +92,12 @@ static struct dst_entry *inet6_csk_route_socket(struct sock *sk, 


int inet6_csk_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl_unused)

{

	struct flowi6 *fl6 = &inet_sk(sk)->cork.fl.u.ip6;

	struct ipv6_pinfo *np = inet6_sk(sk);

	struct flowi6 fl6;

	struct dst_entry *dst;

	int res;



	dst = inet6_csk_route_socket(sk, &fl6);

	dst = inet6_csk_route_socket(sk, fl6);

	if (IS_ERR(dst)) {

		WRITE_ONCE(sk->sk_err_soft, -PTR_ERR(dst));

		sk->sk_route_caps = 0;
@@ -109,9 +109,9 @@ int inet6_csk_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl_unused 
	skb_dst_set_noref(skb, dst);



	/* Restore final destination back after routing done */

	fl6.daddr = sk->sk_v6_daddr;

	fl6->daddr = sk->sk_v6_daddr;



	res = ip6_xmit(sk, skb, &fl6, sk->sk_mark, rcu_dereference(np->opt),

	res = ip6_xmit(sk, skb, fl6, sk->sk_mark, rcu_dereference(np->opt),

		       np->tclass, READ_ONCE(sk->sk_priority));

	rcu_read_unlock();

	return res;
@@ -120,13 +120,15 @@ EXPORT_SYMBOL_GPL(inet6_csk_xmit); 


struct dst_entry *inet6_csk_update_pmtu(struct sock *sk, u32 mtu)

{

	struct flowi6 fl6;

	struct dst_entry *dst = inet6_csk_route_socket(sk, &fl6);

	struct flowi6 *fl6 = &inet_sk(sk)->cork.fl.u.ip6;

	struct dst_entry *dst;



	dst = inet6_csk_route_socket(sk, fl6);



	if (IS_ERR(dst))

		return NULL;

	dst->ops->update_pmtu(dst, sk, NULL, mtu, true);



	dst = inet6_csk_route_socket(sk, &fl6);

	dst = inet6_csk_route_socket(sk, fl6);

	return IS_ERR(dst) ? NULL : dst;

}