From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 2 Nov 2018 08:39:45 +0000 (+0100)
Subject: 4.9-stable patches
X-Git-Tag: v4.19.1~15
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9a86d0a5305ece07841dc9b90f302f98e06a5a3e;p=thirdparty%2Fkernel%2Fstable-queue.git

4.9-stable patches

added patches:
	bridge-do-not-add-port-to-router-list-when-receives-query-with-source-0.0.0.0.patch
	net-bridge-remove-ipv6-zero-address-check-in-mcast-queries.patch
---

diff --git a/queue-4.9/bridge-do-not-add-port-to-router-list-when-receives-query-with-source-0.0.0.0.patch b/queue-4.9/bridge-do-not-add-port-to-router-list-when-receives-query-with-source-0.0.0.0.patch
new file mode 100644
index 00000000000..9f8196dce3f
--- /dev/null
+++ b/queue-4.9/bridge-do-not-add-port-to-router-list-when-receives-query-with-source-0.0.0.0.patch
@@ -0,0 +1,57 @@
+From 5a2de63fd1a59c30c02526d427bc014b98adf508 Mon Sep 17 00:00:00 2001
+From: Hangbin Liu <liuhangbin@gmail.com>
+Date: Fri, 26 Oct 2018 10:28:43 +0800
+Subject: bridge: do not add port to router list when receives query with source 0.0.0.0
+
+From: Hangbin Liu <liuhangbin@gmail.com>
+
+commit 5a2de63fd1a59c30c02526d427bc014b98adf508 upstream.
+
+Based on RFC 4541, 2.1.1.  IGMP Forwarding Rules
+
+  The switch supporting IGMP snooping must maintain a list of
+  multicast routers and the ports on which they are attached.  This
+  list can be constructed in any combination of the following ways:
+
+  a) This list should be built by the snooping switch sending
+     Multicast Router Solicitation messages as described in IGMP
+     Multicast Router Discovery [MRDISC].  It may also snoop
+     Multicast Router Advertisement messages sent by and to other
+     nodes.
+
+  b) The arrival port for IGMP Queries (sent by multicast routers)
+     where the source address is not 0.0.0.0.
+
+We should not add the port to router list when receives query with source
+0.0.0.0.
+
+Reported-by: Ying Xu <yinxu@redhat.com>
+Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
+Acked-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
+Acked-by: Roopa Prabhu <roopa@cumulusnetworks.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bridge/br_multicast.c |   10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+--- a/net/bridge/br_multicast.c
++++ b/net/bridge/br_multicast.c
+@@ -1287,7 +1287,15 @@ static void br_multicast_query_received(
+ 		return;
+ 
+ 	br_multicast_update_query_timer(br, query, max_delay);
+-	br_multicast_mark_router(br, port);
++
++	/* Based on RFC4541, section 2.1.1 IGMP Forwarding Rules,
++	 * the arrival port for IGMP Queries where the source address
++	 * is 0.0.0.0 should not be added to router port list.
++	 */
++	if ((saddr->proto == htons(ETH_P_IP) && saddr->u.ip4) ||
++	    (saddr->proto == htons(ETH_P_IPV6) &&
++	     !ipv6_addr_any(&saddr->u.ip6)))
++		br_multicast_mark_router(br, port);
+ }
+ 
+ static int br_ip4_multicast_query(struct net_bridge *br,
diff --git a/queue-4.9/net-bridge-remove-ipv6-zero-address-check-in-mcast-queries.patch b/queue-4.9/net-bridge-remove-ipv6-zero-address-check-in-mcast-queries.patch
new file mode 100644
index 00000000000..5090df2d448
--- /dev/null
+++ b/queue-4.9/net-bridge-remove-ipv6-zero-address-check-in-mcast-queries.patch
@@ -0,0 +1,47 @@
+From 0fe5119e267f3e3d8ac206895f5922195ec55a8a Mon Sep 17 00:00:00 2001
+From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
+Date: Sat, 27 Oct 2018 12:07:47 +0300
+Subject: net: bridge: remove ipv6 zero address check in mcast queries
+
+From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
+
+commit 0fe5119e267f3e3d8ac206895f5922195ec55a8a upstream.
+
+Recently a check was added which prevents marking of routers with zero
+source address, but for IPv6 that cannot happen as the relevant RFCs
+actually forbid such packets:
+RFC 2710 (MLDv1):
+"To be valid, the Query message MUST
+ come from a link-local IPv6 Source Address, be at least 24 octets
+ long, and have a correct MLD checksum."
+
+Same goes for RFC 3810.
+
+And also it can be seen as a requirement in ipv6_mc_check_mld_query()
+which is used by the bridge to validate the message before processing
+it. Thus any queries with :: source address won't be processed anyway.
+So just remove the check for zero IPv6 source address from the query
+processing function.
+
+Fixes: 5a2de63fd1a5 ("bridge: do not add port to router list when receives query with source 0.0.0.0")
+Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Cc: Hangbin Liu <liuhangbin@gmail.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ net/bridge/br_multicast.c |    3 +--
+ 1 file changed, 1 insertion(+), 2 deletions(-)
+
+--- a/net/bridge/br_multicast.c
++++ b/net/bridge/br_multicast.c
+@@ -1293,8 +1293,7 @@ static void br_multicast_query_received(
+ 	 * is 0.0.0.0 should not be added to router port list.
+ 	 */
+ 	if ((saddr->proto == htons(ETH_P_IP) && saddr->u.ip4) ||
+-	    (saddr->proto == htons(ETH_P_IPV6) &&
+-	     !ipv6_addr_any(&saddr->u.ip6)))
++	    saddr->proto == htons(ETH_P_IPV6))
+ 		br_multicast_mark_router(br, port);
+ }
+ 
diff --git a/queue-4.9/series b/queue-4.9/series
index c0d30e1c742..a6a28e5df4b 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -133,3 +133,5 @@ fs-fat-fatent.c-add-cond_resched-to-fat_count_free_c.patch
 mtd-spi-nor-add-support-for-is25wp-series-chips.patch
 revert-netfilter-ipv6-nf_defrag-drop-skb-dst-before-.patch
 perf-tools-disable-parallelism-for-make-clean.patch
+bridge-do-not-add-port-to-router-list-when-receives-query-with-source-0.0.0.0.patch
+net-bridge-remove-ipv6-zero-address-check-in-mcast-queries.patch