]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
Fixes for all trees
authorSasha Levin <sashal@kernel.org>
Sun, 21 Jun 2026 13:58:47 +0000 (09:58 -0400)
committerSasha Levin <sashal@kernel.org>
Sun, 21 Jun 2026 13:58:47 +0000 (09:58 -0400)
Signed-off-by: Sasha Levin <sashal@kernel.org>
queue-6.12/ip6_vti-set-netns_immutable-on-the-fallback-device.patch [new file with mode: 0644]
queue-6.12/series

diff --git a/queue-6.12/ip6_vti-set-netns_immutable-on-the-fallback-device.patch b/queue-6.12/ip6_vti-set-netns_immutable-on-the-fallback-device.patch
new file mode 100644 (file)
index 0000000..66754f4
--- /dev/null
@@ -0,0 +1,47 @@
+From c0b9bb9f56223311d67d8bb0135495c369cf8a7c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Mon, 8 Jun 2026 15:59:18 +0000
+Subject: ip6_vti: set netns_immutable on the fallback device.
+
+From: Eric Dumazet <edumazet@google.com>
+
+[ Upstream commit d289d5307762d1838aaece22c6b6fcad9e8865f9 ]
+
+john1988 and Noam Rathaus reported that vti6_init_net() does not set the
+netns_immutable flag on the per-netns fallback tunnel device (ip6_vti0).
+
+Other similar tunnel drivers (like ip6_tunnel, sit, ip6_gre, and ip_tunnel)
+correctly set this flag during their fallback device initialization to
+prevent them from being moved to another network namespace.
+
+Fixes: 61220ab34948 ("vti6: Enable namespace changing")
+Reported-by: Noam Rathaus <noamr@ssd-disclosure.com>
+Signed-off-by: Eric Dumazet <edumazet@google.com>
+Cc: Steffen Klassert <steffen.klassert@secunet.com>
+Reviewed-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
+Link: https://patch.msgid.link/20260608155918.787644-1-edumazet@google.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+[Salvatore Bonaccorso: Backport for version without 0c493da86374 ("net:
+rename netns_local to netns_immutable") in v6.15-rc1 and use
+netns_local.]
+Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/ipv6/ip6_vti.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c
+index 6fe696939d041e..e0e6e67a25e0a2 100644
+--- a/net/ipv6/ip6_vti.c
++++ b/net/ipv6/ip6_vti.c
+@@ -1159,6 +1159,7 @@ static int __net_init vti6_init_net(struct net *net)
+               goto err_alloc_dev;
+       dev_net_set(ip6n->fb_tnl_dev, net);
+       ip6n->fb_tnl_dev->rtnl_link_ops = &vti6_link_ops;
++      ip6n->fb_tnl_dev->netns_local = true;
+       err = vti6_fb_tnl_dev_init(ip6n->fb_tnl_dev);
+       if (err < 0)
+-- 
+2.53.0
+
index 56395f1fcc4c85c55984ae468717043be3cb2b03..49364e9f4e6f2036d05059e519f1cbd8362691ff 100644 (file)
@@ -18,3 +18,4 @@ eventpoll-move-epi_fget-up.patch
 eventpoll-fix-ep_remove-struct-eventpoll-struct-file.patch
 iio-light-bh1780-fix-pm-runtime-leak-on-error-path.patch
 net-drop-the-lock-in-skb_may_tx_timestamp.patch
+ip6_vti-set-netns_immutable-on-the-fallback-device.patch