From a4be51e26a8c8208f1a6b1142b1bc7f0db4376c6 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Tue, 27 Jun 2023 10:08:27 +0000 Subject: [PATCH] Revert "net: Find dst with sk's xfrm policy not ctl_sk" This reverts commit 788791990d74d3d2140c0f72df0b9218d3984dd8 which is commit e22aa14866684f77b4f6b6cae98539e520ddb731 upstream. It breaks the Android kernel abi, so revert it for now. If it is needed in the future it can be brought back in an ABI-safe way. Bug: 161946584 Change-Id: Ibbbc25dce5304664307a4d06420c24aa6d6ff708 Signed-off-by: Greg Kroah-Hartman --- include/net/xfrm.h | 2 -- net/ipv4/ip_output.c | 2 +- net/ipv4/tcp_ipv4.c | 2 -- net/ipv6/tcp_ipv6.c | 5 +---- 4 files changed, 2 insertions(+), 9 deletions(-) diff --git a/include/net/xfrm.h b/include/net/xfrm.h index 93b785edf813..5c022fc018a4 100644 --- a/include/net/xfrm.h +++ b/include/net/xfrm.h @@ -1169,8 +1169,6 @@ int __xfrm_sk_clone_policy(struct sock *sk, const struct sock *osk); static inline int xfrm_sk_clone_policy(struct sock *sk, const struct sock *osk) { - if (!sk_fullsock(osk)) - return 0; sk->sk_policy[0] = NULL; sk->sk_policy[1] = NULL; if (unlikely(osk->sk_policy[0] || osk->sk_policy[1])) diff --git a/net/ipv4/ip_output.c b/net/ipv4/ip_output.c index 6fd04f2f8b40..1e07df282177 100644 --- a/net/ipv4/ip_output.c +++ b/net/ipv4/ip_output.c @@ -1723,7 +1723,7 @@ void ip_send_unicast_reply(struct sock *sk, struct sk_buff *skb, tcp_hdr(skb)->source, tcp_hdr(skb)->dest, arg->uid); security_skb_classify_flow(skb, flowi4_to_flowi_common(&fl4)); - rt = ip_route_output_flow(net, &fl4, sk); + rt = ip_route_output_key(net, &fl4); if (IS_ERR(rt)) return; diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 1995d46afb21..275ae42be99e 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -804,7 +804,6 @@ static void tcp_v4_send_reset(const struct sock *sk, struct sk_buff *skb) ctl_sk->sk_priority = (sk->sk_state == TCP_TIME_WAIT) ? inet_twsk(sk)->tw_priority : sk->sk_priority; transmit_time = tcp_transmit_time(sk); - xfrm_sk_clone_policy(ctl_sk, sk); } ip_send_unicast_reply(ctl_sk, skb, &TCP_SKB_CB(skb)->header.h4.opt, @@ -813,7 +812,6 @@ static void tcp_v4_send_reset(const struct sock *sk, struct sk_buff *skb) transmit_time); ctl_sk->sk_mark = 0; - xfrm_sk_free_policy(ctl_sk); sock_net_set(ctl_sk, &init_net); __TCP_INC_STATS(net, TCP_MIB_OUTSEGS); __TCP_INC_STATS(net, TCP_MIB_OUTRSTS); diff --git a/net/ipv6/tcp_ipv6.c b/net/ipv6/tcp_ipv6.c index fe29bc66aeac..2347740d3cc7 100644 --- a/net/ipv6/tcp_ipv6.c +++ b/net/ipv6/tcp_ipv6.c @@ -984,10 +984,7 @@ static void tcp_v6_send_response(const struct sock *sk, struct sk_buff *skb, u32 * Underlying function will use this to retrieve the network * namespace */ - if (sk && sk->sk_state != TCP_TIME_WAIT) - dst = ip6_dst_lookup_flow(net, sk, &fl6, NULL); /*sk's xfrm_policy can be referred*/ - else - dst = ip6_dst_lookup_flow(net, ctl_sk, &fl6, NULL); + dst = ip6_dst_lookup_flow(sock_net(ctl_sk), ctl_sk, &fl6, NULL); if (!IS_ERR(dst)) { skb_dst_set(buff, dst); ip6_xmit(ctl_sk, buff, &fl6, fl6.flowi6_mark, NULL,