Skip to content

Commit 3df98d7

Browse files
committed
lsm,selinux: pass flowi_common instead of flowi to the LSM hooks
As pointed out by Herbert in a recent related patch, the LSM hooks do not have the necessary address family information to use the flowi struct safely. As none of the LSMs currently use any of the protocol specific flowi information, replace the flowi pointers with pointers to the address family independent flowi_common struct. Reported-by: Herbert Xu <[email protected]> Acked-by: James Morris <[email protected]> Signed-off-by: Paul Moore <[email protected]>
1 parent b2d99bc commit 3df98d7

33 files changed

+85
-66
lines changed

drivers/net/ethernet/chelsio/inline_crypto/chtls/chtls_cm.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1148,7 +1148,7 @@ static struct sock *chtls_recv_sock(struct sock *lsk,
11481148
fl6.daddr = ip6h->saddr;
11491149
fl6.fl6_dport = inet_rsk(oreq)->ir_rmt_port;
11501150
fl6.fl6_sport = htons(inet_rsk(oreq)->ir_num);
1151-
security_req_classify_flow(oreq, flowi6_to_flowi(&fl6));
1151+
security_req_classify_flow(oreq, flowi6_to_flowi_common(&fl6));
11521152
dst = ip6_dst_lookup_flow(sock_net(lsk), lsk, &fl6, NULL);
11531153
if (IS_ERR(dst))
11541154
goto free_sk;

drivers/net/wireguard/socket.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -49,7 +49,7 @@ static int send4(struct wg_device *wg, struct sk_buff *skb,
4949
rt = dst_cache_get_ip4(cache, &fl.saddr);
5050

5151
if (!rt) {
52-
security_sk_classify_flow(sock, flowi4_to_flowi(&fl));
52+
security_sk_classify_flow(sock, flowi4_to_flowi_common(&fl));
5353
if (unlikely(!inet_confirm_addr(sock_net(sock), NULL, 0,
5454
fl.saddr, RT_SCOPE_HOST))) {
5555
endpoint->src4.s_addr = 0;
@@ -129,7 +129,7 @@ static int send6(struct wg_device *wg, struct sk_buff *skb,
129129
dst = dst_cache_get_ip6(cache, &fl.saddr);
130130

131131
if (!dst) {
132-
security_sk_classify_flow(sock, flowi6_to_flowi(&fl));
132+
security_sk_classify_flow(sock, flowi6_to_flowi_common(&fl));
133133
if (unlikely(!ipv6_addr_any(&fl.saddr) &&
134134
!ipv6_chk_addr(sock_net(sock), &fl.saddr, NULL, 0))) {
135135
endpoint->src6 = fl.saddr = in6addr_any;

include/linux/lsm_hook_defs.h

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -311,7 +311,7 @@ LSM_HOOK(int, 0, secmark_relabel_packet, u32 secid)
311311
LSM_HOOK(void, LSM_RET_VOID, secmark_refcount_inc, void)
312312
LSM_HOOK(void, LSM_RET_VOID, secmark_refcount_dec, void)
313313
LSM_HOOK(void, LSM_RET_VOID, req_classify_flow, const struct request_sock *req,
314-
struct flowi *fl)
314+
struct flowi_common *flic)
315315
LSM_HOOK(int, 0, tun_dev_alloc_security, void **security)
316316
LSM_HOOK(void, LSM_RET_VOID, tun_dev_free_security, void *security)
317317
LSM_HOOK(int, 0, tun_dev_create, void)
@@ -351,7 +351,7 @@ LSM_HOOK(int, 0, xfrm_state_delete_security, struct xfrm_state *x)
351351
LSM_HOOK(int, 0, xfrm_policy_lookup, struct xfrm_sec_ctx *ctx, u32 fl_secid,
352352
u8 dir)
353353
LSM_HOOK(int, 1, xfrm_state_pol_flow_match, struct xfrm_state *x,
354-
struct xfrm_policy *xp, const struct flowi *fl)
354+
struct xfrm_policy *xp, const struct flowi_common *flic)
355355
LSM_HOOK(int, 0, xfrm_decode_session, struct sk_buff *skb, u32 *secid,
356356
int ckall)
357357
#endif /* CONFIG_SECURITY_NETWORK_XFRM */

include/linux/lsm_hooks.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1105,7 +1105,7 @@
11051105
* @xfrm_state_pol_flow_match:
11061106
* @x contains the state to match.
11071107
* @xp contains the policy to check for a match.
1108-
* @fl contains the flow to check for a match.
1108+
* @flic contains the flowi_common struct to check for a match.
11091109
* Return 1 if there is a match.
11101110
* @xfrm_decode_session:
11111111
* @skb points to skb to decode.

include/linux/security.h

Lines changed: 14 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -167,7 +167,7 @@ struct sk_buff;
167167
struct sock;
168168
struct sockaddr;
169169
struct socket;
170-
struct flowi;
170+
struct flowi_common;
171171
struct dst_entry;
172172
struct xfrm_selector;
173173
struct xfrm_policy;
@@ -1355,8 +1355,9 @@ int security_socket_getpeersec_dgram(struct socket *sock, struct sk_buff *skb, u
13551355
int security_sk_alloc(struct sock *sk, int family, gfp_t priority);
13561356
void security_sk_free(struct sock *sk);
13571357
void security_sk_clone(const struct sock *sk, struct sock *newsk);
1358-
void security_sk_classify_flow(struct sock *sk, struct flowi *fl);
1359-
void security_req_classify_flow(const struct request_sock *req, struct flowi *fl);
1358+
void security_sk_classify_flow(struct sock *sk, struct flowi_common *flic);
1359+
void security_req_classify_flow(const struct request_sock *req,
1360+
struct flowi_common *flic);
13601361
void security_sock_graft(struct sock*sk, struct socket *parent);
13611362
int security_inet_conn_request(struct sock *sk,
13621363
struct sk_buff *skb, struct request_sock *req);
@@ -1507,11 +1508,13 @@ static inline void security_sk_clone(const struct sock *sk, struct sock *newsk)
15071508
{
15081509
}
15091510

1510-
static inline void security_sk_classify_flow(struct sock *sk, struct flowi *fl)
1511+
static inline void security_sk_classify_flow(struct sock *sk,
1512+
struct flowi_common *flic)
15111513
{
15121514
}
15131515

1514-
static inline void security_req_classify_flow(const struct request_sock *req, struct flowi *fl)
1516+
static inline void security_req_classify_flow(const struct request_sock *req,
1517+
struct flowi_common *flic)
15151518
{
15161519
}
15171520

@@ -1638,9 +1641,9 @@ void security_xfrm_state_free(struct xfrm_state *x);
16381641
int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_secid, u8 dir);
16391642
int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
16401643
struct xfrm_policy *xp,
1641-
const struct flowi *fl);
1644+
const struct flowi_common *flic);
16421645
int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid);
1643-
void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl);
1646+
void security_skb_classify_flow(struct sk_buff *skb, struct flowi_common *flic);
16441647

16451648
#else /* CONFIG_SECURITY_NETWORK_XFRM */
16461649

@@ -1692,7 +1695,8 @@ static inline int security_xfrm_policy_lookup(struct xfrm_sec_ctx *ctx, u32 fl_s
16921695
}
16931696

16941697
static inline int security_xfrm_state_pol_flow_match(struct xfrm_state *x,
1695-
struct xfrm_policy *xp, const struct flowi *fl)
1698+
struct xfrm_policy *xp,
1699+
const struct flowi_common *flic)
16961700
{
16971701
return 1;
16981702
}
@@ -1702,7 +1706,8 @@ static inline int security_xfrm_decode_session(struct sk_buff *skb, u32 *secid)
17021706
return 0;
17031707
}
17041708

1705-
static inline void security_skb_classify_flow(struct sk_buff *skb, struct flowi *fl)
1709+
static inline void security_skb_classify_flow(struct sk_buff *skb,
1710+
struct flowi_common *flic)
17061711
{
17071712
}
17081713

include/net/flow.h

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -195,11 +195,21 @@ static inline struct flowi *flowi4_to_flowi(struct flowi4 *fl4)
195195
return container_of(fl4, struct flowi, u.ip4);
196196
}
197197

198+
static inline struct flowi_common *flowi4_to_flowi_common(struct flowi4 *fl4)
199+
{
200+
return &(flowi4_to_flowi(fl4)->u.__fl_common);
201+
}
202+
198203
static inline struct flowi *flowi6_to_flowi(struct flowi6 *fl6)
199204
{
200205
return container_of(fl6, struct flowi, u.ip6);
201206
}
202207

208+
static inline struct flowi_common *flowi6_to_flowi_common(struct flowi6 *fl6)
209+
{
210+
return &(flowi6_to_flowi(fl6)->u.__fl_common);
211+
}
212+
203213
static inline struct flowi *flowidn_to_flowi(struct flowidn *fldn)
204214
{
205215
return container_of(fldn, struct flowi, u.dn);

include/net/route.h

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -165,7 +165,7 @@ static inline struct rtable *ip_route_output_ports(struct net *net, struct flowi
165165
sk ? inet_sk_flowi_flags(sk) : 0,
166166
daddr, saddr, dport, sport, sock_net_uid(net, sk));
167167
if (sk)
168-
security_sk_classify_flow(sk, flowi4_to_flowi(fl4));
168+
security_sk_classify_flow(sk, flowi4_to_flowi_common(fl4));
169169
return ip_route_output_flow(net, fl4, sk);
170170
}
171171

@@ -322,7 +322,7 @@ static inline struct rtable *ip_route_connect(struct flowi4 *fl4,
322322
ip_rt_put(rt);
323323
flowi4_update_output(fl4, oif, tos, fl4->daddr, fl4->saddr);
324324
}
325-
security_sk_classify_flow(sk, flowi4_to_flowi(fl4));
325+
security_sk_classify_flow(sk, flowi4_to_flowi_common(fl4));
326326
return ip_route_output_flow(net, fl4, sk);
327327
}
328328

@@ -338,7 +338,7 @@ static inline struct rtable *ip_route_newports(struct flowi4 *fl4, struct rtable
338338
flowi4_update_output(fl4, sk->sk_bound_dev_if,
339339
RT_CONN_FLAGS(sk), fl4->daddr,
340340
fl4->saddr);
341-
security_sk_classify_flow(sk, flowi4_to_flowi(fl4));
341+
security_sk_classify_flow(sk, flowi4_to_flowi_common(fl4));
342342
return ip_route_output_flow(sock_net(sk), fl4, sk);
343343
}
344344
return rt;

net/dccp/ipv4.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -464,7 +464,7 @@ static struct dst_entry* dccp_v4_route_skb(struct net *net, struct sock *sk,
464464
.fl4_dport = dccp_hdr(skb)->dccph_sport,
465465
};
466466

467-
security_skb_classify_flow(skb, flowi4_to_flowi(&fl4));
467+
security_skb_classify_flow(skb, flowi4_to_flowi_common(&fl4));
468468
rt = ip_route_output_flow(net, &fl4, sk);
469469
if (IS_ERR(rt)) {
470470
IP_INC_STATS(net, IPSTATS_MIB_OUTNOROUTES);

net/dccp/ipv6.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -203,7 +203,7 @@ static int dccp_v6_send_response(const struct sock *sk, struct request_sock *req
203203
fl6.flowi6_oif = ireq->ir_iif;
204204
fl6.fl6_dport = ireq->ir_rmt_port;
205205
fl6.fl6_sport = htons(ireq->ir_num);
206-
security_req_classify_flow(req, flowi6_to_flowi(&fl6));
206+
security_req_classify_flow(req, flowi6_to_flowi_common(&fl6));
207207

208208

209209
rcu_read_lock();
@@ -279,7 +279,7 @@ static void dccp_v6_ctl_send_reset(const struct sock *sk, struct sk_buff *rxskb)
279279
fl6.flowi6_oif = inet6_iif(rxskb);
280280
fl6.fl6_dport = dccp_hdr(skb)->dccph_dport;
281281
fl6.fl6_sport = dccp_hdr(skb)->dccph_sport;
282-
security_skb_classify_flow(rxskb, flowi6_to_flowi(&fl6));
282+
security_skb_classify_flow(rxskb, flowi6_to_flowi_common(&fl6));
283283

284284
/* sk = NULL, but it is safe for now. RST socket required. */
285285
dst = ip6_dst_lookup_flow(sock_net(ctl_sk), ctl_sk, &fl6, NULL);
@@ -907,7 +907,7 @@ static int dccp_v6_connect(struct sock *sk, struct sockaddr *uaddr,
907907
fl6.flowi6_oif = sk->sk_bound_dev_if;
908908
fl6.fl6_dport = usin->sin6_port;
909909
fl6.fl6_sport = inet->inet_sport;
910-
security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
910+
security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6));
911911

912912
opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
913913
final_p = fl6_update_dst(&fl6, opt, &final);

net/ipv4/icmp.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -447,7 +447,7 @@ static void icmp_reply(struct icmp_bxm *icmp_param, struct sk_buff *skb)
447447
fl4.flowi4_tos = RT_TOS(ip_hdr(skb)->tos);
448448
fl4.flowi4_proto = IPPROTO_ICMP;
449449
fl4.flowi4_oif = l3mdev_master_ifindex(skb->dev);
450-
security_skb_classify_flow(skb, flowi4_to_flowi(&fl4));
450+
security_skb_classify_flow(skb, flowi4_to_flowi_common(&fl4));
451451
rt = ip_route_output_key(net, &fl4);
452452
if (IS_ERR(rt))
453453
goto out_unlock;
@@ -503,7 +503,7 @@ static struct rtable *icmp_route_lookup(struct net *net,
503503
route_lookup_dev = icmp_get_route_lookup_dev(skb_in);
504504
fl4->flowi4_oif = l3mdev_master_ifindex(route_lookup_dev);
505505

506-
security_skb_classify_flow(skb_in, flowi4_to_flowi(fl4));
506+
security_skb_classify_flow(skb_in, flowi4_to_flowi_common(fl4));
507507
rt = ip_route_output_key_hash(net, fl4, skb_in);
508508
if (IS_ERR(rt))
509509
return rt;

net/ipv4/inet_connection_sock.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -602,7 +602,7 @@ struct dst_entry *inet_csk_route_req(const struct sock *sk,
602602
(opt && opt->opt.srr) ? opt->opt.faddr : ireq->ir_rmt_addr,
603603
ireq->ir_loc_addr, ireq->ir_rmt_port,
604604
htons(ireq->ir_num), sk->sk_uid);
605-
security_req_classify_flow(req, flowi4_to_flowi(fl4));
605+
security_req_classify_flow(req, flowi4_to_flowi_common(fl4));
606606
rt = ip_route_output_flow(net, fl4, sk);
607607
if (IS_ERR(rt))
608608
goto no_route;
@@ -640,7 +640,7 @@ struct dst_entry *inet_csk_route_child_sock(const struct sock *sk,
640640
(opt && opt->opt.srr) ? opt->opt.faddr : ireq->ir_rmt_addr,
641641
ireq->ir_loc_addr, ireq->ir_rmt_port,
642642
htons(ireq->ir_num), sk->sk_uid);
643-
security_req_classify_flow(req, flowi4_to_flowi(fl4));
643+
security_req_classify_flow(req, flowi4_to_flowi_common(fl4));
644644
rt = ip_route_output_flow(net, fl4, sk);
645645
if (IS_ERR(rt))
646646
goto no_route;

net/ipv4/ip_output.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1700,7 +1700,7 @@ void ip_send_unicast_reply(struct sock *sk, struct sk_buff *skb,
17001700
daddr, saddr,
17011701
tcp_hdr(skb)->source, tcp_hdr(skb)->dest,
17021702
arg->uid);
1703-
security_skb_classify_flow(skb, flowi4_to_flowi(&fl4));
1703+
security_skb_classify_flow(skb, flowi4_to_flowi_common(&fl4));
17041704
rt = ip_route_output_key(net, &fl4);
17051705
if (IS_ERR(rt))
17061706
return;

net/ipv4/ping.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -778,7 +778,7 @@ static int ping_v4_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
778778
fl4.fl4_icmp_type = user_icmph.type;
779779
fl4.fl4_icmp_code = user_icmph.code;
780780

781-
security_sk_classify_flow(sk, flowi4_to_flowi(&fl4));
781+
security_sk_classify_flow(sk, flowi4_to_flowi_common(&fl4));
782782
rt = ip_route_output_flow(net, &fl4, sk);
783783
if (IS_ERR(rt)) {
784784
err = PTR_ERR(rt);

net/ipv4/raw.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -640,7 +640,7 @@ static int raw_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
640640
goto done;
641641
}
642642

643-
security_sk_classify_flow(sk, flowi4_to_flowi(&fl4));
643+
security_sk_classify_flow(sk, flowi4_to_flowi_common(&fl4));
644644
rt = ip_route_output_flow(net, &fl4, sk);
645645
if (IS_ERR(rt)) {
646646
err = PTR_ERR(rt);

net/ipv4/syncookies.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -418,7 +418,7 @@ struct sock *cookie_v4_check(struct sock *sk, struct sk_buff *skb)
418418
inet_sk_flowi_flags(sk),
419419
opt->srr ? opt->faddr : ireq->ir_rmt_addr,
420420
ireq->ir_loc_addr, th->source, th->dest, sk->sk_uid);
421-
security_req_classify_flow(req, flowi4_to_flowi(&fl4));
421+
security_req_classify_flow(req, flowi4_to_flowi_common(&fl4));
422422
rt = ip_route_output_key(sock_net(sk), &fl4);
423423
if (IS_ERR(rt)) {
424424
reqsk_free(req);

net/ipv4/udp.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1197,7 +1197,7 @@ int udp_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
11971197
faddr, saddr, dport, inet->inet_sport,
11981198
sk->sk_uid);
11991199

1200-
security_sk_classify_flow(sk, flowi4_to_flowi(fl4));
1200+
security_sk_classify_flow(sk, flowi4_to_flowi_common(fl4));
12011201
rt = ip_route_output_flow(net, fl4, sk);
12021202
if (IS_ERR(rt)) {
12031203
err = PTR_ERR(rt);

net/ipv6/af_inet6.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -819,7 +819,7 @@ int inet6_sk_rebuild_header(struct sock *sk)
819819
fl6.fl6_dport = inet->inet_dport;
820820
fl6.fl6_sport = inet->inet_sport;
821821
fl6.flowi6_uid = sk->sk_uid;
822-
security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
822+
security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6));
823823

824824
rcu_read_lock();
825825
final_p = fl6_update_dst(&fl6, rcu_dereference(np->opt),

net/ipv6/datagram.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ static void ip6_datagram_flow_key_init(struct flowi6 *fl6, struct sock *sk)
6060
if (!fl6->flowi6_oif && ipv6_addr_is_multicast(&fl6->daddr))
6161
fl6->flowi6_oif = np->mcast_oif;
6262

63-
security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
63+
security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
6464
}
6565

6666
int ip6_datagram_dst_update(struct sock *sk, bool fix_sk_saddr)

net/ipv6/icmp.c

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -567,7 +567,7 @@ void icmp6_send(struct sk_buff *skb, u8 type, u8 code, __u32 info,
567567
fl6.fl6_icmp_code = code;
568568
fl6.flowi6_uid = sock_net_uid(net, NULL);
569569
fl6.mp_hash = rt6_multipath_hash(net, &fl6, skb, NULL);
570-
security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
570+
security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
571571

572572
np = inet6_sk(sk);
573573

@@ -749,7 +749,7 @@ static void icmpv6_echo_reply(struct sk_buff *skb)
749749
fl6.fl6_icmp_type = ICMPV6_ECHO_REPLY;
750750
fl6.flowi6_mark = mark;
751751
fl6.flowi6_uid = sock_net_uid(net, NULL);
752-
security_skb_classify_flow(skb, flowi6_to_flowi(&fl6));
752+
security_skb_classify_flow(skb, flowi6_to_flowi_common(&fl6));
753753

754754
local_bh_disable();
755755
sk = icmpv6_xmit_lock(net);
@@ -1002,7 +1002,7 @@ void icmpv6_flow_init(struct sock *sk, struct flowi6 *fl6,
10021002
fl6->fl6_icmp_type = type;
10031003
fl6->fl6_icmp_code = 0;
10041004
fl6->flowi6_oif = oif;
1005-
security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
1005+
security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
10061006
}
10071007

10081008
static void __net_exit icmpv6_sk_exit(struct net *net)

net/ipv6/inet6_connection_sock.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ struct dst_entry *inet6_csk_route_req(const struct sock *sk,
4646
fl6->fl6_dport = ireq->ir_rmt_port;
4747
fl6->fl6_sport = htons(ireq->ir_num);
4848
fl6->flowi6_uid = sk->sk_uid;
49-
security_req_classify_flow(req, flowi6_to_flowi(fl6));
49+
security_req_classify_flow(req, flowi6_to_flowi_common(fl6));
5050

5151
dst = ip6_dst_lookup_flow(sock_net(sk), sk, fl6, final_p);
5252
if (IS_ERR(dst))
@@ -95,7 +95,7 @@ static struct dst_entry *inet6_csk_route_socket(struct sock *sk,
9595
fl6->fl6_sport = inet->inet_sport;
9696
fl6->fl6_dport = inet->inet_dport;
9797
fl6->flowi6_uid = sk->sk_uid;
98-
security_sk_classify_flow(sk, flowi6_to_flowi(fl6));
98+
security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
9999

100100
rcu_read_lock();
101101
final_p = fl6_update_dst(fl6, rcu_dereference(np->opt), &final);

net/ipv6/netfilter/nf_reject_ipv6.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -179,7 +179,7 @@ void nf_send_reset6(struct net *net, struct sk_buff *oldskb, int hook)
179179

180180
fl6.flowi6_oif = l3mdev_master_ifindex(skb_dst(oldskb)->dev);
181181
fl6.flowi6_mark = IP6_REPLY_MARK(net, oldskb->mark);
182-
security_skb_classify_flow(oldskb, flowi6_to_flowi(&fl6));
182+
security_skb_classify_flow(oldskb, flowi6_to_flowi_common(&fl6));
183183
dst = ip6_route_output(net, NULL, &fl6);
184184
if (dst->error) {
185185
dst_release(dst);

net/ipv6/ping.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -111,7 +111,7 @@ static int ping_v6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
111111
fl6.flowi6_uid = sk->sk_uid;
112112
fl6.fl6_icmp_type = user_icmph.icmp6_type;
113113
fl6.fl6_icmp_code = user_icmph.icmp6_code;
114-
security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
114+
security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6));
115115

116116
ipcm6_init_sk(&ipc6, np);
117117
ipc6.sockc.mark = sk->sk_mark;

net/ipv6/raw.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -915,7 +915,7 @@ static int rawv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
915915
fl6.flowi6_oif = np->mcast_oif;
916916
else if (!fl6.flowi6_oif)
917917
fl6.flowi6_oif = np->ucast_oif;
918-
security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
918+
security_sk_classify_flow(sk, flowi6_to_flowi_common(&fl6));
919919

920920
if (hdrincl)
921921
fl6.flowi6_flags |= FLOWI_FLAG_KNOWN_NH;

net/ipv6/syncookies.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -233,7 +233,7 @@ struct sock *cookie_v6_check(struct sock *sk, struct sk_buff *skb)
233233
fl6.fl6_dport = ireq->ir_rmt_port;
234234
fl6.fl6_sport = inet_sk(sk)->inet_sport;
235235
fl6.flowi6_uid = sk->sk_uid;
236-
security_req_classify_flow(req, flowi6_to_flowi(&fl6));
236+
security_req_classify_flow(req, flowi6_to_flowi_common(&fl6));
237237

238238
dst = ip6_dst_lookup_flow(sock_net(sk), sk, &fl6, final_p);
239239
if (IS_ERR(dst))

0 commit comments

Comments
 (0)