From: Greg Kroah-Hartman Date: Mon, 14 Oct 2024 13:52:50 +0000 (+0200) Subject: 5.10-stable patches X-Git-Tag: v5.10.227~16 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c4a692b194d4a4a1d63846892b9e73c75469f95c;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: net-geneve-add-missing-netlink-policy-and-size-for-ifla_geneve_inner_proto_inherit.patch net-handle-l3mdev-in-ip_tunnel_init_flow.patch net-seg6-fix-seg6_lookup_any_nexthop-to-handle-vrfs-using-flowi_l3mdev.patch net-vrf-determine-the-dst-using-the-original-ifindex-for-multicast.patch netfilter-ip6t_rpfilter-fix-regression-with-vrf-interfaces.patch xfrm-pass-flowi_oif-or-l3mdev-as-oif-to-xfrm_dst_lookup.patch --- diff --git a/queue-5.10/net-geneve-add-missing-netlink-policy-and-size-for-ifla_geneve_inner_proto_inherit.patch b/queue-5.10/net-geneve-add-missing-netlink-policy-and-size-for-ifla_geneve_inner_proto_inherit.patch new file mode 100644 index 00000000000..735122bd370 --- /dev/null +++ b/queue-5.10/net-geneve-add-missing-netlink-policy-and-size-for-ifla_geneve_inner_proto_inherit.patch @@ -0,0 +1,47 @@ +From 36c2e31ad25bd087756b8db9584994d1d80c236b Mon Sep 17 00:00:00 2001 +From: Eyal Birger +Date: Tue, 22 Mar 2022 06:39:54 +0200 +Subject: net: geneve: add missing netlink policy and size for IFLA_GENEVE_INNER_PROTO_INHERIT + +From: Eyal Birger + +commit 36c2e31ad25bd087756b8db9584994d1d80c236b upstream. + +Add missing netlink attribute policy and size calculation. +Also enable strict validation from this new attribute onwards. + +Fixes: 435fe1c0c1f7 ("net: geneve: support IPv4/IPv6 as inner protocol") +Signed-off-by: Eyal Birger +Link: https://lore.kernel.org/r/20220322043954.3042468-1-eyal.birger@gmail.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/geneve.c | 3 +++ + 1 file changed, 3 insertions(+) + +--- a/drivers/net/geneve.c ++++ b/drivers/net/geneve.c +@@ -1277,6 +1277,7 @@ static void geneve_setup(struct net_devi + } + + static const struct nla_policy geneve_policy[IFLA_GENEVE_MAX + 1] = { ++ [IFLA_GENEVE_UNSPEC] = { .strict_start_type = IFLA_GENEVE_INNER_PROTO_INHERIT }, + [IFLA_GENEVE_ID] = { .type = NLA_U32 }, + [IFLA_GENEVE_REMOTE] = { .len = sizeof_field(struct iphdr, daddr) }, + [IFLA_GENEVE_REMOTE6] = { .len = sizeof(struct in6_addr) }, +@@ -1290,6 +1291,7 @@ static const struct nla_policy geneve_po + [IFLA_GENEVE_UDP_ZERO_CSUM6_RX] = { .type = NLA_U8 }, + [IFLA_GENEVE_TTL_INHERIT] = { .type = NLA_U8 }, + [IFLA_GENEVE_DF] = { .type = NLA_U8 }, ++ [IFLA_GENEVE_INNER_PROTO_INHERIT] = { .type = NLA_FLAG }, + }; + + static int geneve_validate(struct nlattr *tb[], struct nlattr *data[], +@@ -1795,6 +1797,7 @@ static size_t geneve_get_size(const stru + nla_total_size(sizeof(__u8)) + /* IFLA_GENEVE_UDP_ZERO_CSUM6_TX */ + nla_total_size(sizeof(__u8)) + /* IFLA_GENEVE_UDP_ZERO_CSUM6_RX */ + nla_total_size(sizeof(__u8)) + /* IFLA_GENEVE_TTL_INHERIT */ ++ nla_total_size(0) + /* IFLA_GENEVE_INNER_PROTO_INHERIT */ + 0; + } + diff --git a/queue-5.10/net-handle-l3mdev-in-ip_tunnel_init_flow.patch b/queue-5.10/net-handle-l3mdev-in-ip_tunnel_init_flow.patch new file mode 100644 index 00000000000..71c2848e4fc --- /dev/null +++ b/queue-5.10/net-handle-l3mdev-in-ip_tunnel_init_flow.patch @@ -0,0 +1,105 @@ +From db53cd3d88dc328dea2e968c9c8d3b4294a8a674 Mon Sep 17 00:00:00 2001 +From: David Ahern +Date: Wed, 13 Apr 2022 11:43:20 -0600 +Subject: net: Handle l3mdev in ip_tunnel_init_flow + +From: David Ahern + +commit db53cd3d88dc328dea2e968c9c8d3b4294a8a674 upstream. + +Ido reported that the commit referenced in the Fixes tag broke +a gre use case with dummy devices. Add a check to ip_tunnel_init_flow +to see if the oif is an l3mdev port and if so set the oif to 0 to +avoid the oif comparison in fib_lookup_good_nhc. + +Fixes: 40867d74c374 ("net: Add l3mdev index to flow struct and avoid oif reset for port devices") +Reported-by: Ido Schimmel +Signed-off-by: David Ahern +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/ethernet/mellanox/mlxsw/spectrum_span.c | 2 +- + include/net/ip_tunnels.h | 11 +++++++++-- + net/ipv4/ip_gre.c | 4 ++-- + net/ipv4/ip_tunnel.c | 9 +++++---- + 4 files changed, 17 insertions(+), 9 deletions(-) + +--- a/drivers/net/ethernet/mellanox/mlxsw/spectrum_span.c ++++ b/drivers/net/ethernet/mellanox/mlxsw/spectrum_span.c +@@ -422,7 +422,7 @@ mlxsw_sp_span_gretap4_route(const struct + + parms = mlxsw_sp_ipip_netdev_parms4(to_dev); + ip_tunnel_init_flow(&fl4, parms.iph.protocol, *daddrp, *saddrp, +- 0, 0, parms.link, tun->fwmark, 0); ++ 0, 0, dev_net(to_dev), parms.link, tun->fwmark, 0); + + rt = ip_route_output_key(tun->net, &fl4); + if (IS_ERR(rt)) +--- a/include/net/ip_tunnels.h ++++ b/include/net/ip_tunnels.h +@@ -240,11 +240,18 @@ static inline __be32 tunnel_id_to_key32( + static inline void ip_tunnel_init_flow(struct flowi4 *fl4, + int proto, + __be32 daddr, __be32 saddr, +- __be32 key, __u8 tos, int oif, ++ __be32 key, __u8 tos, ++ struct net *net, int oif, + __u32 mark, __u32 tun_inner_hash) + { + memset(fl4, 0, sizeof(*fl4)); +- fl4->flowi4_oif = oif; ++ ++ if (oif) { ++ fl4->flowi4_l3mdev = l3mdev_master_upper_ifindex_by_index_rcu(net, oif); ++ /* Legacy VRF/l3mdev use case */ ++ fl4->flowi4_oif = fl4->flowi4_l3mdev ? 0 : oif; ++ } ++ + fl4->daddr = daddr; + fl4->saddr = saddr; + fl4->flowi4_tos = tos; +--- a/net/ipv4/ip_gre.c ++++ b/net/ipv4/ip_gre.c +@@ -608,8 +608,8 @@ static int gre_fill_metadata_dst(struct + key = &info->key; + ip_tunnel_init_flow(&fl4, IPPROTO_GRE, key->u.ipv4.dst, key->u.ipv4.src, + tunnel_id_to_key32(key->tun_id), +- key->tos & ~INET_ECN_MASK, 0, skb->mark, +- skb_get_hash(skb)); ++ key->tos & ~INET_ECN_MASK, dev_net(dev), 0, ++ skb->mark, skb_get_hash(skb)); + rt = ip_route_output_key(dev_net(dev), &fl4); + if (IS_ERR(rt)) + return PTR_ERR(rt); +--- a/net/ipv4/ip_tunnel.c ++++ b/net/ipv4/ip_tunnel.c +@@ -294,8 +294,8 @@ static int ip_tunnel_bind_dev(struct net + + ip_tunnel_init_flow(&fl4, iph->protocol, iph->daddr, + iph->saddr, tunnel->parms.o_key, +- RT_TOS(iph->tos), tunnel->parms.link, +- tunnel->fwmark, 0); ++ RT_TOS(iph->tos), dev_net(dev), ++ tunnel->parms.link, tunnel->fwmark, 0); + rt = ip_route_output_key(tunnel->net, &fl4); + + if (!IS_ERR(rt)) { +@@ -597,7 +597,7 @@ void ip_md_tunnel_xmit(struct sk_buff *s + } + ip_tunnel_init_flow(&fl4, proto, key->u.ipv4.dst, key->u.ipv4.src, + tunnel_id_to_key32(key->tun_id), RT_TOS(tos), +- 0, skb->mark, skb_get_hash(skb)); ++ dev_net(dev), 0, skb->mark, skb_get_hash(skb)); + if (tunnel->encap.type != TUNNEL_ENCAP_NONE) + goto tx_error; + +@@ -753,7 +753,8 @@ void ip_tunnel_xmit(struct sk_buff *skb, + } + + ip_tunnel_init_flow(&fl4, protocol, dst, tnl_params->saddr, +- tunnel->parms.o_key, RT_TOS(tos), tunnel->parms.link, ++ tunnel->parms.o_key, RT_TOS(tos), ++ dev_net(dev), tunnel->parms.link, + tunnel->fwmark, skb_get_hash(skb)); + + if (ip_tunnel_encap(skb, tunnel, &protocol, &fl4) < 0) diff --git a/queue-5.10/net-seg6-fix-seg6_lookup_any_nexthop-to-handle-vrfs-using-flowi_l3mdev.patch b/queue-5.10/net-seg6-fix-seg6_lookup_any_nexthop-to-handle-vrfs-using-flowi_l3mdev.patch new file mode 100644 index 00000000000..c5cd88a2605 --- /dev/null +++ b/queue-5.10/net-seg6-fix-seg6_lookup_any_nexthop-to-handle-vrfs-using-flowi_l3mdev.patch @@ -0,0 +1,67 @@ +From a3bd2102e464202b58d57390a538d96f57ffc361 Mon Sep 17 00:00:00 2001 +From: Andrea Mayer +Date: Wed, 8 Jun 2022 11:19:17 +0200 +Subject: net: seg6: fix seg6_lookup_any_nexthop() to handle VRFs using flowi_l3mdev + +From: Andrea Mayer + +commit a3bd2102e464202b58d57390a538d96f57ffc361 upstream. + +Commit 40867d74c374 ("net: Add l3mdev index to flow struct and avoid oif +reset for port devices") adds a new entry (flowi_l3mdev) in the common +flow struct used for indicating the l3mdev index for later rule and +table matching. +The l3mdev_update_flow() has been adapted to properly set the +flowi_l3mdev based on the flowi_oif/flowi_iif. In fact, when a valid +flowi_iif is supplied to the l3mdev_update_flow(), this function can +update the flowi_l3mdev entry only if it has not yet been set (i.e., the +flowi_l3mdev entry is equal to 0). + +The SRv6 End.DT6 behavior in VRF mode leverages a VRF device in order to +force the routing lookup into the associated routing table. This routing +operation is performed by seg6_lookup_any_nextop() preparing a flowi6 +data structure used by ip6_route_input_lookup() which, in turn, +(indirectly) invokes l3mdev_update_flow(). + +However, seg6_lookup_any_nexthop() does not initialize the new +flowi_l3mdev entry which is filled with random garbage data. This +prevents l3mdev_update_flow() from properly updating the flowi_l3mdev +with the VRF index, and thus SRv6 End.DT6 (VRF mode)/DT46 behaviors are +broken. + +This patch correctly initializes the flowi6 instance allocated and used +by seg6_lookup_any_nexhtop(). Specifically, the entire flowi6 instance +is wiped out: in case new entries are added to flowi/flowi6 (as happened +with the flowi_l3mdev entry), we should no longer have incorrectly +initialized values. As a result of this operation, the value of +flowi_l3mdev is also set to 0. + +The proposed fix can be tested easily. Starting from the commit +referenced in the Fixes, selftests [1],[2] indicate that the SRv6 +End.DT6 (VRF mode)/DT46 behaviors no longer work correctly. By applying +this patch, those behaviors are back to work properly again. + +[1] - tools/testing/selftests/net/srv6_end_dt46_l3vpn_test.sh +[2] - tools/testing/selftests/net/srv6_end_dt6_l3vpn_test.sh + +Fixes: 40867d74c374 ("net: Add l3mdev index to flow struct and avoid oif reset for port devices") +Reported-by: Anton Makarov +Signed-off-by: Andrea Mayer +Reviewed-by: David Ahern +Link: https://lore.kernel.org/r/20220608091917.20345-1-andrea.mayer@uniroma2.it +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv6/seg6_local.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/ipv6/seg6_local.c ++++ b/net/ipv6/seg6_local.c +@@ -163,6 +163,7 @@ seg6_lookup_any_nexthop(struct sk_buff * + struct flowi6 fl6; + int dev_flags = 0; + ++ memset(&fl6, 0, sizeof(fl6)); + fl6.flowi6_iif = skb->dev->ifindex; + fl6.daddr = nhaddr ? *nhaddr : hdr->daddr; + fl6.saddr = hdr->saddr; diff --git a/queue-5.10/net-vrf-determine-the-dst-using-the-original-ifindex-for-multicast.patch b/queue-5.10/net-vrf-determine-the-dst-using-the-original-ifindex-for-multicast.patch new file mode 100644 index 00000000000..7e5eabd6e4b --- /dev/null +++ b/queue-5.10/net-vrf-determine-the-dst-using-the-original-ifindex-for-multicast.patch @@ -0,0 +1,61 @@ +From f2575c8f404911da83f25b688e12afcf4273e640 Mon Sep 17 00:00:00 2001 +From: Antoine Tenart +Date: Tue, 20 Dec 2022 18:18:25 +0100 +Subject: net: vrf: determine the dst using the original ifindex for multicast + +From: Antoine Tenart + +commit f2575c8f404911da83f25b688e12afcf4273e640 upstream. + +Multicast packets received on an interface bound to a VRF are marked as +belonging to the VRF and the skb device is updated to point to the VRF +device itself. This was fine even when a route was associated to a +device as when performing a fib table lookup 'oif' in fib6_table_lookup +(coming from 'skb->dev->ifindex' in ip6_route_input) was set to 0 when +FLOWI_FLAG_SKIP_NH_OIF was set. + +With commit 40867d74c374 ("net: Add l3mdev index to flow struct and +avoid oif reset for port devices") this is not longer true and multicast +traffic is not received on the original interface. + +Instead of adding back a similar check in fib6_table_lookup determine +the dst using the original ifindex for multicast VRF traffic. To make +things consistent across the function do the above for all strict +packets, which was the logic before commit 6f12fa775530 ("vrf: mark skb +for multicast or link-local as enslaved to VRF"). Note that reverting to +this behavior should be fine as the change was about marking packets +belonging to the VRF, not about their dst. + +Fixes: 40867d74c374 ("net: Add l3mdev index to flow struct and avoid oif reset for port devices") +Reported-by: Jianlin Shi +Signed-off-by: Antoine Tenart +Reviewed-by: David Ahern +Link: https://lore.kernel.org/r/20221220171825.1172237-1-atenart@kernel.org +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/vrf.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +--- a/drivers/net/vrf.c ++++ b/drivers/net/vrf.c +@@ -1336,8 +1336,8 @@ static struct sk_buff *vrf_ip6_rcv(struc + + /* loopback, multicast & non-ND link-local traffic; do not push through + * packet taps again. Reset pkt_type for upper layers to process skb. +- * For strict packets with a source LLA, determine the dst using the +- * original ifindex. ++ * For non-loopback strict packets, determine the dst using the original ++ * ifindex. + */ + if (skb->pkt_type == PACKET_LOOPBACK || (need_strict && !is_ndisc)) { + skb->dev = vrf_dev; +@@ -1346,7 +1346,7 @@ static struct sk_buff *vrf_ip6_rcv(struc + + if (skb->pkt_type == PACKET_LOOPBACK) + skb->pkt_type = PACKET_HOST; +- else if (ipv6_addr_type(&ipv6_hdr(skb)->saddr) & IPV6_ADDR_LINKLOCAL) ++ else + vrf_ip6_input_dst(skb, vrf_dev, orig_iif); + + goto out; diff --git a/queue-5.10/netfilter-ip6t_rpfilter-fix-regression-with-vrf-interfaces.patch b/queue-5.10/netfilter-ip6t_rpfilter-fix-regression-with-vrf-interfaces.patch new file mode 100644 index 00000000000..e603f4a19ea --- /dev/null +++ b/queue-5.10/netfilter-ip6t_rpfilter-fix-regression-with-vrf-interfaces.patch @@ -0,0 +1,34 @@ +From efb056e5f1f0036179b2f92c1c15f5ea7a891d70 Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Thu, 16 Feb 2023 17:05:36 +0100 +Subject: netfilter: ip6t_rpfilter: Fix regression with VRF interfaces + +From: Phil Sutter + +commit efb056e5f1f0036179b2f92c1c15f5ea7a891d70 upstream. + +When calling ip6_route_lookup() for the packet arriving on the VRF +interface, the result is always the real (slave) interface. Expect this +when validating the result. + +Fixes: acc641ab95b66 ("netfilter: rpfilter/fib: Populate flowic_l3mdev field") +Signed-off-by: Phil Sutter +Signed-off-by: Pablo Neira Ayuso +Signed-off-by: Greg Kroah-Hartman +--- + net/ipv6/netfilter/ip6t_rpfilter.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/net/ipv6/netfilter/ip6t_rpfilter.c ++++ b/net/ipv6/netfilter/ip6t_rpfilter.c +@@ -72,7 +72,9 @@ static bool rpfilter_lookup_reverse6(str + goto out; + } + +- if (rt->rt6i_idev->dev == dev || (flags & XT_RPFILTER_LOOSE)) ++ if (rt->rt6i_idev->dev == dev || ++ l3mdev_master_ifindex_rcu(rt->rt6i_idev->dev) == dev->ifindex || ++ (flags & XT_RPFILTER_LOOSE)) + ret = true; + out: + ip6_rt_put(rt); diff --git a/queue-5.10/series b/queue-5.10/series index d2beeb70856..bb08207f741 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -515,3 +515,9 @@ hid-intel-ish-hid-fix-uninitialized-variable-rv-in-ish_fw_xfer_direct_dma.patch net-fix-an-unsafe-loop-on-the-list.patch net-dsa-lan9303-ensure-chip-reset-and-wait-for-ready-status.patch nouveau-dmem-fix-vulnerability-in-migrate_to_ram-upon-copy-error.patch +net-geneve-add-missing-netlink-policy-and-size-for-ifla_geneve_inner_proto_inherit.patch +xfrm-pass-flowi_oif-or-l3mdev-as-oif-to-xfrm_dst_lookup.patch +net-handle-l3mdev-in-ip_tunnel_init_flow.patch +net-seg6-fix-seg6_lookup_any_nexthop-to-handle-vrfs-using-flowi_l3mdev.patch +net-vrf-determine-the-dst-using-the-original-ifindex-for-multicast.patch +netfilter-ip6t_rpfilter-fix-regression-with-vrf-interfaces.patch diff --git a/queue-5.10/xfrm-pass-flowi_oif-or-l3mdev-as-oif-to-xfrm_dst_lookup.patch b/queue-5.10/xfrm-pass-flowi_oif-or-l3mdev-as-oif-to-xfrm_dst_lookup.patch new file mode 100644 index 00000000000..1b88479fb70 --- /dev/null +++ b/queue-5.10/xfrm-pass-flowi_oif-or-l3mdev-as-oif-to-xfrm_dst_lookup.patch @@ -0,0 +1,42 @@ +From 748b82c23e25310fec54e1eff2cb63936f391b24 Mon Sep 17 00:00:00 2001 +From: David Ahern +Date: Fri, 1 Apr 2022 12:58:37 -0600 +Subject: xfrm: Pass flowi_oif or l3mdev as oif to xfrm_dst_lookup + +From: David Ahern + +commit 748b82c23e25310fec54e1eff2cb63936f391b24 upstream. + +The commit referenced in the Fixes tag no longer changes the +flow oif to the l3mdev ifindex. A xfrm use case was expecting +the flowi_oif to be the VRF if relevant and the change broke +that test. Update xfrm_bundle_create to pass oif if set and any +potential flowi_l3mdev if oif is not set. + +Fixes: 40867d74c374 ("net: Add l3mdev index to flow struct and avoid oif reset for port devices") +Reported-by: kernel test robot +Signed-off-by: David Ahern +Signed-off-by: Steffen Klassert +Signed-off-by: Greg Kroah-Hartman +--- + net/xfrm/xfrm_policy.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +--- a/net/xfrm/xfrm_policy.c ++++ b/net/xfrm/xfrm_policy.c +@@ -2595,12 +2595,14 @@ static struct dst_entry *xfrm_bundle_cre + + if (xfrm[i]->props.mode != XFRM_MODE_TRANSPORT) { + __u32 mark = 0; ++ int oif; + + if (xfrm[i]->props.smark.v || xfrm[i]->props.smark.m) + mark = xfrm_smark_get(fl->flowi_mark, xfrm[i]); + + family = xfrm[i]->props.family; +- dst = xfrm_dst_lookup(xfrm[i], tos, fl->flowi_oif, ++ oif = fl->flowi_oif ? : fl->flowi_l3mdev; ++ dst = xfrm_dst_lookup(xfrm[i], tos, oif, + &saddr, &daddr, family, mark); + err = PTR_ERR(dst); + if (IS_ERR(dst))