Skip to content

Commit 969a201

Browse files
edumazetkuba-moo
edumazet
authored and
kuba-moo
committed
ipv6: inet6_csk_xmit() and inet6_csk_update_pmtu() use inet->cork.fl.u.ip6
Convert inet6_csk_route_socket() to use np->final instead of an automatic variable to get rid of a stack canary. Convert inet6_csk_xmit() and inet6_csk_update_pmtu() to use inet->cork.fl.u.ip6 instead of @FL6 automatic variable. Signed-off-by: Eric Dumazet <edumazet@google.com> Reviewed-by: Kuniyuki Iwashima <kuniyu@google.com> Link: https://patch.msgid.link/20260206173426.1638518-5-edumazet@google.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
1 parent 4e6c91c commit 969a201

1 file changed

Lines changed: 11 additions & 9 deletions

File tree

net/ipv6/inet6_connection_sock.c

Lines changed: 11 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -60,7 +60,7 @@ static struct dst_entry *inet6_csk_route_socket(struct sock *sk,
6060
{
6161
struct inet_sock *inet = inet_sk(sk);
6262
struct ipv6_pinfo *np = inet6_sk(sk);
63-
struct in6_addr *final_p, final;
63+
struct in6_addr *final_p;
6464
struct dst_entry *dst;
6565

6666
memset(fl6, 0, sizeof(*fl6));
@@ -77,7 +77,7 @@ static struct dst_entry *inet6_csk_route_socket(struct sock *sk,
7777
security_sk_classify_flow(sk, flowi6_to_flowi_common(fl6));
7878

7979
rcu_read_lock();
80-
final_p = fl6_update_dst(fl6, rcu_dereference(np->opt), &final);
80+
final_p = fl6_update_dst(fl6, rcu_dereference(np->opt), &np->final);
8181
rcu_read_unlock();
8282

8383
dst = __sk_dst_check(sk, np->dst_cookie);
@@ -92,12 +92,12 @@ static struct dst_entry *inet6_csk_route_socket(struct sock *sk,
9292

9393
int inet6_csk_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl_unused)
9494
{
95+
struct flowi6 *fl6 = &inet_sk(sk)->cork.fl.u.ip6;
9596
struct ipv6_pinfo *np = inet6_sk(sk);
96-
struct flowi6 fl6;
9797
struct dst_entry *dst;
9898
int res;
9999

100-
dst = inet6_csk_route_socket(sk, &fl6);
100+
dst = inet6_csk_route_socket(sk, fl6);
101101
if (IS_ERR(dst)) {
102102
WRITE_ONCE(sk->sk_err_soft, -PTR_ERR(dst));
103103
sk->sk_route_caps = 0;
@@ -109,9 +109,9 @@ int inet6_csk_xmit(struct sock *sk, struct sk_buff *skb, struct flowi *fl_unused
109109
skb_dst_set_noref(skb, dst);
110110

111111
/* Restore final destination back after routing done */
112-
fl6.daddr = sk->sk_v6_daddr;
112+
fl6->daddr = sk->sk_v6_daddr;
113113

114-
res = ip6_xmit(sk, skb, &fl6, sk->sk_mark, rcu_dereference(np->opt),
114+
res = ip6_xmit(sk, skb, fl6, sk->sk_mark, rcu_dereference(np->opt),
115115
np->tclass, READ_ONCE(sk->sk_priority));
116116
rcu_read_unlock();
117117
return res;
@@ -120,13 +120,15 @@ EXPORT_SYMBOL_GPL(inet6_csk_xmit);
120120

121121
struct dst_entry *inet6_csk_update_pmtu(struct sock *sk, u32 mtu)
122122
{
123-
struct flowi6 fl6;
124-
struct dst_entry *dst = inet6_csk_route_socket(sk, &fl6);
123+
struct flowi6 *fl6 = &inet_sk(sk)->cork.fl.u.ip6;
124+
struct dst_entry *dst;
125+
126+
dst = inet6_csk_route_socket(sk, fl6);
125127

126128
if (IS_ERR(dst))
127129
return NULL;
128130
dst->ops->update_pmtu(dst, sk, NULL, mtu, true);
129131

130-
dst = inet6_csk_route_socket(sk, &fl6);
132+
dst = inet6_csk_route_socket(sk, fl6);
131133
return IS_ERR(dst) ? NULL : dst;
132134
}

0 commit comments

Comments
 (0)