From e7da2d7b4fe42b4a043071fd5fd723e7503b7982 Mon Sep 17 00:00:00 2001
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Sat, 16 May 2020 15:11:50 +0200
Subject: [PATCH] Drop "net: ipv6_stub: use ip6_dst_lookup_flow instead of
 ip6_dst_lookup"

---
 debian/changelog                              |   1 -
 ...e-ip6_dst_lookup_flow-instead-of-ip6.patch | 267 ------------------
 debian/patches/series                         |   1 -
 3 files changed, 269 deletions(-)
 delete mode 100644 debian/patches/bugfix/all/net-ipv6_stub-use-ip6_dst_lookup_flow-instead-of-ip6.patch

diff --git a/debian/changelog b/debian/changelog
index a7056bd5c..ff4fe3b31 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -38,7 +38,6 @@ linux (4.19.119-1) UNRELEASED; urgency=medium
     - virtio-blk: improve virtqueue error to BLK_STS
     - scsi: smartpqi: fix call trace in device discovery
     - PCI/ASPM: Allow re-enabling Clock PM
-    - net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
     - blktrace: Protect q->blk_trace with RCU
     - blktrace: fix dereference after null check
     - KVM: VMX: Zero out *all* general purpose registers after VM-Exit
diff --git a/debian/patches/bugfix/all/net-ipv6_stub-use-ip6_dst_lookup_flow-instead-of-ip6.patch b/debian/patches/bugfix/all/net-ipv6_stub-use-ip6_dst_lookup_flow-instead-of-ip6.patch
deleted file mode 100644
index 031a7eeac..000000000
--- a/debian/patches/bugfix/all/net-ipv6_stub-use-ip6_dst_lookup_flow-instead-of-ip6.patch
+++ /dev/null
@@ -1,267 +0,0 @@
-From: Sabrina Dubroca <sd@queasysnail.net>
-Date: Wed, 4 Dec 2019 15:35:53 +0100
-Subject: net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup
-Origin: https://git.kernel.org/linus/6c8991f41546c3c472503dff1ea9daaddf9331c2
-Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2020-1749
-
-ipv6_stub uses the ip6_dst_lookup function to allow other modules to
-perform IPv6 lookups. However, this function skips the XFRM layer
-entirely.
-
-All users of ipv6_stub->ip6_dst_lookup use ip_route_output_flow (via the
-ip_route_output_key and ip_route_output helpers) for their IPv4 lookups,
-which calls xfrm_lookup_route(). This patch fixes this inconsistent
-behavior by switching the stub to ip6_dst_lookup_flow, which also calls
-xfrm_lookup_route().
-
-This requires some changes in all the callers, as these two functions
-take different arguments and have different return types.
-
-Fixes: 5f81bd2e5d80 ("ipv6: export a stub for IPv6 symbols used by vxlan")
-Reported-by: Xiumei Mu <xmu@redhat.com>
-Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-[bwh: Backported to 4.19:
- - Drop change in lwt_bpf.c
- - Delete now-unused "ret" in mlx5e_route_lookup_ipv6()
- - Initialise "out_dev" in mlx5e_create_encap_header_ipv6() to avoid
-   introducing a spurious "may be used uninitialised" warning
- - Adjust filenames, context, indentation]
-Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
-Signed-off-by: Sasha Levin <sashal@kernel.org>
----
- drivers/infiniband/core/addr.c                  |  7 +++----
- drivers/infiniband/sw/rxe/rxe_net.c             |  8 +++++---
- drivers/net/ethernet/mellanox/mlx5/core/en_tc.c | 11 +++++------
- drivers/net/geneve.c                            |  4 +++-
- drivers/net/vxlan.c                             |  8 +++-----
- include/net/addrconf.h                          |  6 ++++--
- net/ipv6/addrconf_core.c                        | 11 ++++++-----
- net/ipv6/af_inet6.c                             |  2 +-
- net/mpls/af_mpls.c                              |  7 +++----
- net/tipc/udp_media.c                            |  9 ++++++---
- 10 files changed, 39 insertions(+), 34 deletions(-)
-
-diff --git a/drivers/infiniband/core/addr.c b/drivers/infiniband/core/addr.c
-index 6e96a2fb97dc4..df8f5ceea2dd4 100644
---- a/drivers/infiniband/core/addr.c
-+++ b/drivers/infiniband/core/addr.c
-@@ -408,16 +408,15 @@ static int addr6_resolve(struct sockaddr_in6 *src_in,
- 	struct flowi6 fl6;
- 	struct dst_entry *dst;
- 	struct rt6_info *rt;
--	int ret;
- 
- 	memset(&fl6, 0, sizeof fl6);
- 	fl6.daddr = dst_in->sin6_addr;
- 	fl6.saddr = src_in->sin6_addr;
- 	fl6.flowi6_oif = addr->bound_dev_if;
- 
--	ret = ipv6_stub->ipv6_dst_lookup(addr->net, NULL, &dst, &fl6);
--	if (ret < 0)
--		return ret;
-+	dst = ipv6_stub->ipv6_dst_lookup_flow(addr->net, NULL, &fl6, NULL);
-+	if (IS_ERR(dst))
-+		return PTR_ERR(dst);
- 
- 	rt = (struct rt6_info *)dst;
- 	if (ipv6_addr_any(&src_in->sin6_addr)) {
-diff --git a/drivers/infiniband/sw/rxe/rxe_net.c b/drivers/infiniband/sw/rxe/rxe_net.c
-index 54add70c22b5c..7903bd5c639ea 100644
---- a/drivers/infiniband/sw/rxe/rxe_net.c
-+++ b/drivers/infiniband/sw/rxe/rxe_net.c
-@@ -154,10 +154,12 @@ static struct dst_entry *rxe_find_route6(struct net_device *ndev,
- 	memcpy(&fl6.daddr, daddr, sizeof(*daddr));
- 	fl6.flowi6_proto = IPPROTO_UDP;
- 
--	if (unlikely(ipv6_stub->ipv6_dst_lookup(sock_net(recv_sockets.sk6->sk),
--						recv_sockets.sk6->sk, &ndst, &fl6))) {
-+	ndst = ipv6_stub->ipv6_dst_lookup_flow(sock_net(recv_sockets.sk6->sk),
-+					       recv_sockets.sk6->sk, &fl6,
-+					       NULL);
-+	if (unlikely(IS_ERR(ndst))) {
- 		pr_err_ratelimited("no route to %pI6\n", daddr);
--		goto put;
-+		return NULL;
- 	}
- 
- 	if (unlikely(ndst->error)) {
-diff --git a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
-index c8928ce69185f..3050853774ee0 100644
---- a/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
-+++ b/drivers/net/ethernet/mellanox/mlx5/core/en_tc.c
-@@ -2217,12 +2217,11 @@ static int mlx5e_route_lookup_ipv6(struct mlx5e_priv *priv,
- #if IS_ENABLED(CONFIG_INET) && IS_ENABLED(CONFIG_IPV6)
- 	struct mlx5e_rep_priv *uplink_rpriv;
- 	struct mlx5_eswitch *esw = priv->mdev->priv.eswitch;
--	int ret;
- 
--	ret = ipv6_stub->ipv6_dst_lookup(dev_net(mirred_dev), NULL, &dst,
--					 fl6);
--	if (ret < 0)
--		return ret;
-+	dst = ipv6_stub->ipv6_dst_lookup_flow(dev_net(mirred_dev), NULL, fl6,
-+					      NULL);
-+	if (IS_ERR(dst))
-+		return PTR_ERR(dst);
- 
- 	if (!(*out_ttl))
- 		*out_ttl = ip6_dst_hoplimit(dst);
-@@ -2428,7 +2427,7 @@ static int mlx5e_create_encap_header_ipv6(struct mlx5e_priv *priv,
- 	int max_encap_size = MLX5_CAP_ESW(priv->mdev, max_encap_header_size);
- 	int ipv6_encap_size = ETH_HLEN + sizeof(struct ipv6hdr) + VXLAN_HLEN;
- 	struct ip_tunnel_key *tun_key = &e->tun_info.key;
--	struct net_device *out_dev;
-+	struct net_device *out_dev = NULL;
- 	struct neighbour *n = NULL;
- 	struct flowi6 fl6 = {};
- 	u8 nud_state, tos, ttl;
-diff --git a/drivers/net/geneve.c b/drivers/net/geneve.c
-index ff83408733d45..36444de701cd9 100644
---- a/drivers/net/geneve.c
-+++ b/drivers/net/geneve.c
-@@ -801,7 +801,9 @@ static struct dst_entry *geneve_get_v6_dst(struct sk_buff *skb,
- 		if (dst)
- 			return dst;
- 	}
--	if (ipv6_stub->ipv6_dst_lookup(geneve->net, gs6->sock->sk, &dst, fl6)) {
-+	dst = ipv6_stub->ipv6_dst_lookup_flow(geneve->net, gs6->sock->sk, fl6,
-+					      NULL);
-+	if (IS_ERR(dst)) {
- 		netdev_dbg(dev, "no route to %pI6\n", &fl6->daddr);
- 		return ERR_PTR(-ENETUNREACH);
- 	}
-diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c
-index 64751b089482b..7ee0bad184662 100644
---- a/drivers/net/vxlan.c
-+++ b/drivers/net/vxlan.c
-@@ -1963,7 +1963,6 @@ static struct dst_entry *vxlan6_get_route(struct vxlan_dev *vxlan,
- 	bool use_cache = ip_tunnel_dst_cache_usable(skb, info);
- 	struct dst_entry *ndst;
- 	struct flowi6 fl6;
--	int err;
- 
- 	if (!sock6)
- 		return ERR_PTR(-EIO);
-@@ -1986,10 +1985,9 @@ static struct dst_entry *vxlan6_get_route(struct vxlan_dev *vxlan,
- 	fl6.fl6_dport = dport;
- 	fl6.fl6_sport = sport;
- 
--	err = ipv6_stub->ipv6_dst_lookup(vxlan->net,
--					 sock6->sock->sk,
--					 &ndst, &fl6);
--	if (unlikely(err < 0)) {
-+	ndst = ipv6_stub->ipv6_dst_lookup_flow(vxlan->net, sock6->sock->sk,
-+					       &fl6, NULL);
-+	if (unlikely(IS_ERR(ndst))) {
- 		netdev_dbg(dev, "no route to %pI6\n", daddr);
- 		return ERR_PTR(-ENETUNREACH);
- 	}
-diff --git a/include/net/addrconf.h b/include/net/addrconf.h
-index 6def0351bcc33..c8d5bb8b36169 100644
---- a/include/net/addrconf.h
-+++ b/include/net/addrconf.h
-@@ -235,8 +235,10 @@ struct ipv6_stub {
- 				 const struct in6_addr *addr);
- 	int (*ipv6_sock_mc_drop)(struct sock *sk, int ifindex,
- 				 const struct in6_addr *addr);
--	int (*ipv6_dst_lookup)(struct net *net, struct sock *sk,
--			       struct dst_entry **dst, struct flowi6 *fl6);
-+	struct dst_entry *(*ipv6_dst_lookup_flow)(struct net *net,
-+						  const struct sock *sk,
-+						  struct flowi6 *fl6,
-+						  const struct in6_addr *final_dst);
- 
- 	struct fib6_table *(*fib6_get_table)(struct net *net, u32 id);
- 	struct fib6_info *(*fib6_lookup)(struct net *net, int oif,
-diff --git a/net/ipv6/addrconf_core.c b/net/ipv6/addrconf_core.c
-index 5cd0029d930e2..66a1a0eb2ed05 100644
---- a/net/ipv6/addrconf_core.c
-+++ b/net/ipv6/addrconf_core.c
-@@ -127,11 +127,12 @@ int inet6addr_validator_notifier_call_chain(unsigned long val, void *v)
- }
- EXPORT_SYMBOL(inet6addr_validator_notifier_call_chain);
- 
--static int eafnosupport_ipv6_dst_lookup(struct net *net, struct sock *u1,
--					struct dst_entry **u2,
--					struct flowi6 *u3)
-+static struct dst_entry *eafnosupport_ipv6_dst_lookup_flow(struct net *net,
-+							   const struct sock *sk,
-+							   struct flowi6 *fl6,
-+							   const struct in6_addr *final_dst)
- {
--	return -EAFNOSUPPORT;
-+	return ERR_PTR(-EAFNOSUPPORT);
- }
- 
- static struct fib6_table *eafnosupport_fib6_get_table(struct net *net, u32 id)
-@@ -169,7 +170,7 @@ eafnosupport_ip6_mtu_from_fib6(struct fib6_info *f6i, struct in6_addr *daddr,
- }
- 
- const struct ipv6_stub *ipv6_stub __read_mostly = &(struct ipv6_stub) {
--	.ipv6_dst_lookup   = eafnosupport_ipv6_dst_lookup,
-+	.ipv6_dst_lookup_flow = eafnosupport_ipv6_dst_lookup_flow,
- 	.fib6_get_table    = eafnosupport_fib6_get_table,
- 	.fib6_table_lookup = eafnosupport_fib6_table_lookup,
- 	.fib6_lookup       = eafnosupport_fib6_lookup,
-diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
-index 5db88be8b6ecb..5c2351deedc8f 100644
---- a/net/ipv6/af_inet6.c
-+++ b/net/ipv6/af_inet6.c
-@@ -904,7 +904,7 @@ static struct pernet_operations inet6_net_ops = {
- static const struct ipv6_stub ipv6_stub_impl = {
- 	.ipv6_sock_mc_join = ipv6_sock_mc_join,
- 	.ipv6_sock_mc_drop = ipv6_sock_mc_drop,
--	.ipv6_dst_lookup   = ip6_dst_lookup,
-+	.ipv6_dst_lookup_flow = ip6_dst_lookup_flow,
- 	.fib6_get_table	   = fib6_get_table,
- 	.fib6_table_lookup = fib6_table_lookup,
- 	.fib6_lookup       = fib6_lookup,
-diff --git a/net/mpls/af_mpls.c b/net/mpls/af_mpls.c
-index d5a4db5b3fe7b..7623d9aec6364 100644
---- a/net/mpls/af_mpls.c
-+++ b/net/mpls/af_mpls.c
-@@ -618,16 +618,15 @@ static struct net_device *inet6_fib_lookup_dev(struct net *net,
- 	struct net_device *dev;
- 	struct dst_entry *dst;
- 	struct flowi6 fl6;
--	int err;
- 
- 	if (!ipv6_stub)
- 		return ERR_PTR(-EAFNOSUPPORT);
- 
- 	memset(&fl6, 0, sizeof(fl6));
- 	memcpy(&fl6.daddr, addr, sizeof(struct in6_addr));
--	err = ipv6_stub->ipv6_dst_lookup(net, NULL, &dst, &fl6);
--	if (err)
--		return ERR_PTR(err);
-+	dst = ipv6_stub->ipv6_dst_lookup_flow(net, NULL, &fl6, NULL);
-+	if (IS_ERR(dst))
-+		return ERR_CAST(dst);
- 
- 	dev = dst->dev;
- 	dev_hold(dev);
-diff --git a/net/tipc/udp_media.c b/net/tipc/udp_media.c
-index 382c84d9339d6..1d62354797061 100644
---- a/net/tipc/udp_media.c
-+++ b/net/tipc/udp_media.c
-@@ -189,10 +189,13 @@ static int tipc_udp_xmit(struct net *net, struct sk_buff *skb,
- 			.saddr = src->ipv6,
- 			.flowi6_proto = IPPROTO_UDP
- 		};
--		err = ipv6_stub->ipv6_dst_lookup(net, ub->ubsock->sk, &ndst,
--						 &fl6);
--		if (err)
-+		ndst = ipv6_stub->ipv6_dst_lookup_flow(net,
-+						       ub->ubsock->sk,
-+						       &fl6, NULL);
-+		if (IS_ERR(ndst)) {
-+			err = PTR_ERR(ndst);
- 			goto tx_error;
-+		}
- 		ttl = ip6_dst_hoplimit(ndst);
- 		err = udp_tunnel6_xmit_skb(ndst, ub->ubsock->sk, skb, NULL,
- 					   &src->ipv6, &dst->ipv6, 0, ttl, 0,
--- 
-2.20.1
-
diff --git a/debian/patches/series b/debian/patches/series
index b7e2c191b..7e611b923 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -298,7 +298,6 @@ features/arm/staging-vc04_services-Use-correct-cache-line-size.patch
 # Security fixes
 debian/i386-686-pae-pci-set-pci-nobios-by-default.patch
 debian/ntfs-mark-it-as-broken.patch
-bugfix/all/net-ipv6_stub-use-ip6_dst_lookup_flow-instead-of-ip6.patch
 bugfix/all/blktrace-protect-q-blk_trace-with-rcu.patch
 bugfix/all/blktrace-fix-dereference-after-null-check.patch
 bugfix/s390x/s390-mm-fix-page-table-upgrade-vs-2ndary-address-mod.patch