Google Git
Sign in
kernel / pub / scm / linux / kernel / git / pabeni / net / refs/tags/net-5.18-rc8
tag55f249656e135001cf7595c2a975e1a58d52639f
taggerPaolo Abeni <pabeni@redhat.com>Thu May 19 10:35:55 2022 +0200
objectfbb3abdf2223cd0dfc07de85fe5a43ba7f435bdf 
Networking fixes for 5.18-rc8, including fixes from can, xfrm and
netfilter subtrees.

Notably this reverts a recent TCP/DCCP netns-related change
to address a possible UaF.

Current release - regressions:
  - tcp: revert "tcp/dccp: get rid of inet_twsk_purge()"

  - xfrm: set dst dev to blackhole_netdev instead of loopback_dev in ifdown

Previous releases - regressions:
  - netfilter: flowtable: fix TCP flow teardown

  - can: revert "can: m_can: pci: use custom bit timings for Elkhart Lake"

  - xfrm: check encryption module availability consistency

  - eth: vmxnet3: fix possible use-after-free bugs in vmxnet3_rq_alloc_rx_buf()

  - eth: mlx5: initialize flow steering during driver probe

  - eth: ice: fix crash when writing timestamp on RX rings

Previous releases - always broken:
  - mptcp: fix checksum byte order

  - eth: lan966x: fix assignment of the MAC address

  - eth: mlx5: remove HW-GRO from reported features

  - eth: ftgmac100: disable hardware checksum on AST2600

Signed-off-by: Paolo Abeni <pabeni@redhat.com>
commitfbb3abdf2223cd0dfc07de85fe5a43ba7f435bdf[log] [tgz]
authorAndrew Lunn <andrew@lunn.ch>Wed May 18 02:58:40 2022 +0200
committerPaolo Abeni <pabeni@redhat.com>Thu May 19 09:20:44 2022 +0200
treecf9ec2953a16425127159d3a56bebbcc3e83e968
parentc2239294188fdbc3c58784a08d90edacd177bf9a [diff]
net: bridge: Clear offload_fwd_mark when passing frame up bridge interface.

It is possible to stack bridges on top of each other. Consider the
following which makes use of an Ethernet switch:

       br1
     /    \
    /      \
   /        \
 br0.11    wlan0
   |
   br0
 /  |  \
p1  p2  p3

br0 is offloaded to the switch. Above br0 is a vlan interface, for
vlan 11. This vlan interface is then a slave of br1. br1 also has a
wireless interface as a slave. This setup trunks wireless lan traffic
over the copper network inside a VLAN.

A frame received on p1 which is passed up to the bridge has the
skb->offload_fwd_mark flag set to true, indicating that the switch has
dealt with forwarding the frame out ports p2 and p3 as needed. This
flag instructs the software bridge it does not need to pass the frame
back down again. However, the flag is not getting reset when the frame
is passed upwards. As a result br1 sees the flag, wrongly interprets
it, and fails to forward the frame to wlan0.

When passing a frame upwards, clear the flag. This is the Rx
equivalent of br_switchdev_frame_unmark() in br_dev_xmit().

Fixes: f1c2eddf4cb6 ("bridge: switchdev: Use an helper to clear forward mark")
Signed-off-by: Andrew Lunn <andrew@lunn.ch>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Tested-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Link: https://lore.kernel.org/r/20220518005840.771575-1-andrew@lunn.ch
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
1 file changed
tree: cf9ec2953a16425127159d3a56bebbcc3e83e968
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. LICENSES/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .clang-format
  24. .cocciconfig
  25. .get_maintainer.ignore
  26. .gitattributes
  27. .gitignore
  28. .mailmap
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. README