From: Sasha Levin Date: Sun, 21 Jun 2026 13:58:47 +0000 (-0400) Subject: Fixes for all trees X-Git-Tag: v6.18.37~55 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=566f1832dcd22baa31f308410627f0d986763008;p=thirdparty%2Fkernel%2Fstable-queue.git Fixes for all trees Signed-off-by: Sasha Levin --- diff --git a/queue-6.12/ip6_vti-set-netns_immutable-on-the-fallback-device.patch b/queue-6.12/ip6_vti-set-netns_immutable-on-the-fallback-device.patch new file mode 100644 index 0000000000..66754f4a61 --- /dev/null +++ b/queue-6.12/ip6_vti-set-netns_immutable-on-the-fallback-device.patch @@ -0,0 +1,47 @@ +From c0b9bb9f56223311d67d8bb0135495c369cf8a7c Mon Sep 17 00:00:00 2001 +From: Sasha Levin +Date: Mon, 8 Jun 2026 15:59:18 +0000 +Subject: ip6_vti: set netns_immutable on the fallback device. + +From: Eric Dumazet + +[ Upstream commit d289d5307762d1838aaece22c6b6fcad9e8865f9 ] + +john1988 and Noam Rathaus reported that vti6_init_net() does not set the +netns_immutable flag on the per-netns fallback tunnel device (ip6_vti0). + +Other similar tunnel drivers (like ip6_tunnel, sit, ip6_gre, and ip_tunnel) +correctly set this flag during their fallback device initialization to +prevent them from being moved to another network namespace. + +Fixes: 61220ab34948 ("vti6: Enable namespace changing") +Reported-by: Noam Rathaus +Signed-off-by: Eric Dumazet +Cc: Steffen Klassert +Reviewed-by: Nicolas Dichtel +Link: https://patch.msgid.link/20260608155918.787644-1-edumazet@google.com +Signed-off-by: Jakub Kicinski +[Salvatore Bonaccorso: Backport for version without 0c493da86374 ("net: +rename netns_local to netns_immutable") in v6.15-rc1 and use +netns_local.] +Signed-off-by: Salvatore Bonaccorso +Signed-off-by: Sasha Levin +--- + net/ipv6/ip6_vti.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/net/ipv6/ip6_vti.c b/net/ipv6/ip6_vti.c +index 6fe696939d041e..e0e6e67a25e0a2 100644 +--- a/net/ipv6/ip6_vti.c ++++ b/net/ipv6/ip6_vti.c +@@ -1159,6 +1159,7 @@ static int __net_init vti6_init_net(struct net *net) + goto err_alloc_dev; + dev_net_set(ip6n->fb_tnl_dev, net); + ip6n->fb_tnl_dev->rtnl_link_ops = &vti6_link_ops; ++ ip6n->fb_tnl_dev->netns_local = true; + + err = vti6_fb_tnl_dev_init(ip6n->fb_tnl_dev); + if (err < 0) +-- +2.53.0 + diff --git a/queue-6.12/series b/queue-6.12/series index 56395f1fcc..49364e9f4e 100644 --- a/queue-6.12/series +++ b/queue-6.12/series @@ -18,3 +18,4 @@ eventpoll-move-epi_fget-up.patch eventpoll-fix-ep_remove-struct-eventpoll-struct-file.patch iio-light-bh1780-fix-pm-runtime-leak-on-error-path.patch net-drop-the-lock-in-skb_may_tx_timestamp.patch +ip6_vti-set-netns_immutable-on-the-fallback-device.patch