From: David Ahern <dsah...@kernel.org>
Date: Mon, 6 Jul 2020 11:45:07 -0600
> Brian reported a crash in IPv6 code when using rpfilter with a setup
> running FRR and external nexthop objects. The root cause of the crash
> is fib6_select_path setting fib6_nh in the result to NULL because of
> an improper check for nexthop objects.
>
> More specifically, rpfilter invokes ip6_route_lookup with flowi6_oif
> set causing fib6_select_path to be called with have_oif_match set.
> fib6_select_path has early check on have_oif_match and jumps to the
> out label which presumes a builtin fib6_nh. This path is invalid for
> nexthop objects; for external nexthops fib6_select_path needs to just
> return if the fib6_nh has already been set in the result otherwise it
> returns after the call to nexthop_path_fib6_result. Update the check
> on have_oif_match to not bail on external nexthops.
>
> Update selftests for this problem.
>
> Fixes: f88d8ea67fbd ("ipv6: Plumb support for nexthop object in a fib6_info")
> Reported-by: Brian Rak <b...@choopa.com>
> Signed-off-by: David Ahern <dsah...@kernel.org>
> ---
> v2
> - for multipath nexthops path may already be set; do not want to
> overwrite that selection based on hash
Applied and queued up for -stable, thanks David.
