From: Greg Kroah-Hartman Date: Wed, 21 Jan 2026 17:29:40 +0000 (+0100) Subject: 5.10-stable patches X-Git-Tag: v6.12.67~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=0dffbe2c4c81556869d1837754fa5f2d59388b7e;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: macvlan-fix-leaking-skb-in-source-mode-with-nodst-option.patch --- diff --git a/queue-5.10/macvlan-fix-leaking-skb-in-source-mode-with-nodst-option.patch b/queue-5.10/macvlan-fix-leaking-skb-in-source-mode-with-nodst-option.patch new file mode 100644 index 0000000000..40dec34f70 --- /dev/null +++ b/queue-5.10/macvlan-fix-leaking-skb-in-source-mode-with-nodst-option.patch @@ -0,0 +1,54 @@ +From e16b859872b87650bb55b12cca5a5fcdc49c1442 Mon Sep 17 00:00:00 2001 +From: Martin Willi +Date: Tue, 12 Apr 2022 11:34:57 +0200 +Subject: macvlan: Fix leaking skb in source mode with nodst option + +From: Martin Willi + +commit e16b859872b87650bb55b12cca5a5fcdc49c1442 upstream. + +The MACVLAN receive handler clones skbs to all matching source MACVLAN +interfaces, before it passes the packet along to match on destination +based MACVLANs. + +When using the MACVLAN nodst mode, passing the packet to destination based +MACVLANs is omitted and the handler returns with RX_HANDLER_CONSUMED. +However, the passed skb is not freed, leaking for any packet processed +with the nodst option. + +Properly free the skb when consuming packets to fix that leak. + +Fixes: 427f0c8c194b ("macvlan: Add nodst option to macvlan type source") +Signed-off-by: Martin Willi +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + drivers/net/macvlan.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +--- a/drivers/net/macvlan.c ++++ b/drivers/net/macvlan.c +@@ -464,8 +464,10 @@ static rx_handler_result_t macvlan_handl + return RX_HANDLER_CONSUMED; + *pskb = skb; + eth = eth_hdr(skb); +- if (macvlan_forward_source(skb, port, eth->h_source)) ++ if (macvlan_forward_source(skb, port, eth->h_source)) { ++ kfree_skb(skb); + return RX_HANDLER_CONSUMED; ++ } + src = macvlan_hash_lookup(port, eth->h_source); + if (src && src->mode != MACVLAN_MODE_VEPA && + src->mode != MACVLAN_MODE_BRIDGE) { +@@ -484,8 +486,10 @@ static rx_handler_result_t macvlan_handl + return RX_HANDLER_PASS; + } + +- if (macvlan_forward_source(skb, port, eth->h_source)) ++ if (macvlan_forward_source(skb, port, eth->h_source)) { ++ kfree_skb(skb); + return RX_HANDLER_CONSUMED; ++ } + if (macvlan_passthru(port)) + vlan = list_first_or_null_rcu(&port->vlans, + struct macvlan_dev, list); diff --git a/queue-5.10/series b/queue-5.10/series index ff94a310ac..0cec3ab450 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -41,3 +41,4 @@ dmaengine-ti-dma-crossbar-fix-device-leak-on-dra7x-route-allocation.patch dmaengine-ti-dma-crossbar-fix-device-leak-on-am335x-route-allocation.patch dmaengine-ti-k3-udma-fix-device-leak-on-udma-lookup.patch btrfs-fix-deadlock-in-wait_current_trans-due-to-ignored-transaction-type.patch +macvlan-fix-leaking-skb-in-source-mode-with-nodst-option.patch