diff --git a/backport-Revert-bpf-replace-snprintf-with-asprintf-when-dealing-with-long-buffers.patch b/backport-Revert-bpf-replace-snprintf-with-asprintf-when-dealing-with-long-buffers.patch new file mode 100644 index 0000000000000000000000000000000000000000..e07826b0f21f71c0b618119761a66f73189ca8f5 --- /dev/null +++ b/backport-Revert-bpf-replace-snprintf-with-asprintf-when-dealing-with-long-buffers.patch @@ -0,0 +1,337 @@ +From 358abfe004a30bf3ed353c7f5dbc6afaf4212ecf Mon Sep 17 00:00:00 2001 +From: Andrea Claudi +Date: Tue, 26 May 2020 18:04:10 +0200 +Subject: Revert "bpf: replace snprintf with asprintf when dealing with long + buffers" + +This reverts commit c0325b06382cb4f7ebfaf80c29c8800d74666fd9. +It introduces a segfault in bpf_make_custom_path() when custom pinning is used. + +This happens because asprintf allocates exactly the space needed to hold a +string in the buffer passed as its first argument, but if this buffer is later +used in strcat() or similar we have a buffer overrun. + +As the aim of commit c0325b06382c is simply to fix a compiler warning, it +seems safe and reasonable to revert it. + +Fixes: c0325b06382c ("bpf: replace snprintf with asprintf when dealing with long buffers") +Reported-by: Jamal Hadi Salim +Signed-off-by: Andrea Claudi +Signed-off-by: Stephen Hemminger +Conflict:NA +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=358abfe004a30bf3ed353c7f5dbc6afaf4212ecf +--- + lib/bpf.c | 155 ++++++++++++++++---------------------------------------------- + 1 file changed, 39 insertions(+), 116 deletions(-) + +diff --git a/lib/bpf.c b/lib/bpf.c +index 10cf9bf44..23cb0d96a 100644 +--- a/lib/bpf.c ++++ b/lib/bpf.c +@@ -406,21 +406,13 @@ static int bpf_derive_elf_map_from_fdinfo(int fd, struct bpf_elf_map *map, + struct bpf_map_ext *ext) + { + unsigned int val, owner_type = 0, owner_jited = 0; +- char *file = NULL; +- char buff[4096]; ++ char file[PATH_MAX], buff[4096]; + FILE *fp; +- int ret; + +- ret = asprintf(&file, "/proc/%d/fdinfo/%d", getpid(), fd); +- if (ret < 0) { +- fprintf(stderr, "asprintf failed: %s\n", strerror(errno)); +- free(file); +- return ret; +- } ++ snprintf(file, sizeof(file), "/proc/%d/fdinfo/%d", getpid(), fd); + memset(map, 0, sizeof(*map)); + + fp = fopen(file, "r"); +- free(file); + if (!fp) { + fprintf(stderr, "No procfs support?!\n"); + return -EIO; +@@ -608,9 +600,8 @@ int bpf_trace_pipe(void) + 0, + }; + int fd_in, fd_out = STDERR_FILENO; +- char *tpipe = NULL; ++ char tpipe[PATH_MAX]; + const char *mnt; +- int ret; + + mnt = bpf_find_mntpt("tracefs", TRACEFS_MAGIC, tracefs_mnt, + sizeof(tracefs_mnt), tracefs_known_mnts); +@@ -619,15 +610,9 @@ int bpf_trace_pipe(void) + return -1; + } + +- ret = asprintf(&tpipe, "%s/trace_pipe", mnt); +- if (ret < 0) { +- fprintf(stderr, "asprintf failed: %s\n", strerror(errno)); +- free(tpipe); +- return ret; +- } ++ snprintf(tpipe, sizeof(tpipe), "%s/trace_pipe", mnt); + + fd_in = open(tpipe, O_RDONLY); +- free(tpipe); + if (fd_in < 0) + return -1; + +@@ -648,50 +633,37 @@ int bpf_trace_pipe(void) + + static int bpf_gen_global(const char *bpf_sub_dir) + { +- char *bpf_glo_dir = NULL; ++ char bpf_glo_dir[PATH_MAX]; + int ret; + +- ret = asprintf(&bpf_glo_dir, "%s/%s/", bpf_sub_dir, BPF_DIR_GLOBALS); +- if (ret < 0) { +- fprintf(stderr, "asprintf failed: %s\n", strerror(errno)); +- goto out; +- } ++ snprintf(bpf_glo_dir, sizeof(bpf_glo_dir), "%s/%s/", ++ bpf_sub_dir, BPF_DIR_GLOBALS); + + ret = mkdir(bpf_glo_dir, S_IRWXU); + if (ret && errno != EEXIST) { + fprintf(stderr, "mkdir %s failed: %s\n", bpf_glo_dir, + strerror(errno)); +- goto out; ++ return ret; + } + +- ret = 0; +-out: +- free(bpf_glo_dir); +- return ret; ++ return 0; + } + + static int bpf_gen_master(const char *base, const char *name) + { +- char *bpf_sub_dir = NULL; ++ char bpf_sub_dir[PATH_MAX + NAME_MAX + 1]; + int ret; + +- ret = asprintf(&bpf_sub_dir, "%s%s/", base, name); +- if (ret < 0) { +- fprintf(stderr, "asprintf failed: %s\n", strerror(errno)); +- goto out; +- } ++ snprintf(bpf_sub_dir, sizeof(bpf_sub_dir), "%s%s/", base, name); + + ret = mkdir(bpf_sub_dir, S_IRWXU); + if (ret && errno != EEXIST) { + fprintf(stderr, "mkdir %s failed: %s\n", bpf_sub_dir, + strerror(errno)); +- goto out; ++ return ret; + } + +- ret = bpf_gen_global(bpf_sub_dir); +-out: +- free(bpf_sub_dir); +- return ret; ++ return bpf_gen_global(bpf_sub_dir); + } + + static int bpf_slave_via_bind_mnt(const char *full_name, +@@ -720,22 +692,13 @@ static int bpf_slave_via_bind_mnt(const char *full_name, + static int bpf_gen_slave(const char *base, const char *name, + const char *link) + { +- char *bpf_lnk_dir = NULL; +- char *bpf_sub_dir = NULL; ++ char bpf_lnk_dir[PATH_MAX + NAME_MAX + 1]; ++ char bpf_sub_dir[PATH_MAX + NAME_MAX]; + struct stat sb = {}; + int ret; + +- ret = asprintf(&bpf_lnk_dir, "%s%s/", base, link); +- if (ret < 0) { +- fprintf(stderr, "asprintf failed: %s\n", strerror(errno)); +- goto out; +- } +- +- ret = asprintf(&bpf_sub_dir, "%s%s", base, name); +- if (ret < 0) { +- fprintf(stderr, "asprintf failed: %s\n", strerror(errno)); +- goto out; +- } ++ snprintf(bpf_lnk_dir, sizeof(bpf_lnk_dir), "%s%s/", base, link); ++ snprintf(bpf_sub_dir, sizeof(bpf_sub_dir), "%s%s", base, name); + + ret = symlink(bpf_lnk_dir, bpf_sub_dir); + if (ret) { +@@ -743,30 +706,25 @@ static int bpf_gen_slave(const char *base, const char *name, + if (errno != EPERM) { + fprintf(stderr, "symlink %s failed: %s\n", + bpf_sub_dir, strerror(errno)); +- goto out; ++ return ret; + } + +- ret = bpf_slave_via_bind_mnt(bpf_sub_dir, bpf_lnk_dir); +- goto out; ++ return bpf_slave_via_bind_mnt(bpf_sub_dir, ++ bpf_lnk_dir); + } + + ret = lstat(bpf_sub_dir, &sb); + if (ret) { + fprintf(stderr, "lstat %s failed: %s\n", + bpf_sub_dir, strerror(errno)); +- goto out; ++ return ret; + } + +- if ((sb.st_mode & S_IFMT) != S_IFLNK) { +- ret = bpf_gen_global(bpf_sub_dir); +- goto out; +- } ++ if ((sb.st_mode & S_IFMT) != S_IFLNK) ++ return bpf_gen_global(bpf_sub_dir); + } + +-out: +- free(bpf_lnk_dir); +- free(bpf_sub_dir); +- return ret; ++ return 0; + } + + static int bpf_gen_hierarchy(const char *base) +@@ -784,7 +742,7 @@ static int bpf_gen_hierarchy(const char *base) + static const char *bpf_get_work_dir(enum bpf_prog_type type) + { + static char bpf_tmp[PATH_MAX] = BPF_DIR_MNT; +- static char *bpf_wrk_dir; ++ static char bpf_wrk_dir[PATH_MAX]; + static const char *mnt; + static bool bpf_mnt_cached; + const char *mnt_env = getenv(BPF_ENV_MNT); +@@ -823,12 +781,7 @@ static const char *bpf_get_work_dir(enum bpf_prog_type type) + } + } + +- ret = asprintf(&bpf_wrk_dir, "%s/", mnt); +- if (ret < 0) { +- fprintf(stderr, "asprintf failed: %s\n", strerror(errno)); +- free(bpf_wrk_dir); +- goto out; +- } ++ snprintf(bpf_wrk_dir, sizeof(bpf_wrk_dir), "%s/", mnt); + + ret = bpf_gen_hierarchy(bpf_wrk_dir); + if (ret) { +@@ -1485,48 +1438,31 @@ static int bpf_probe_pinned(const char *name, const struct bpf_elf_ctx *ctx, + + static int bpf_make_obj_path(const struct bpf_elf_ctx *ctx) + { +- char *tmp = NULL; ++ char tmp[PATH_MAX]; + int ret; + +- ret = asprintf(&tmp, "%s/%s", bpf_get_work_dir(ctx->type), ctx->obj_uid); +- if (ret < 0) { +- fprintf(stderr, "asprintf failed: %s\n", strerror(errno)); +- goto out; +- } ++ snprintf(tmp, sizeof(tmp), "%s/%s", bpf_get_work_dir(ctx->type), ++ ctx->obj_uid); + + ret = mkdir(tmp, S_IRWXU); + if (ret && errno != EEXIST) { + fprintf(stderr, "mkdir %s failed: %s\n", tmp, strerror(errno)); +- goto out; ++ return ret; + } + +- ret = 0; +-out: +- free(tmp); +- return ret; ++ return 0; + } + + static int bpf_make_custom_path(const struct bpf_elf_ctx *ctx, + const char *todo) + { +- char *tmp = NULL; +- char *rem = NULL; +- char *sub; ++ char tmp[PATH_MAX], rem[PATH_MAX], *sub; + int ret; + +- ret = asprintf(&tmp, "%s/../", bpf_get_work_dir(ctx->type)); +- if (ret < 0) { +- fprintf(stderr, "asprintf failed: %s\n", strerror(errno)); +- goto out; +- } +- +- ret = asprintf(&rem, "%s/", todo); +- if (ret < 0) { +- fprintf(stderr, "asprintf failed: %s\n", strerror(errno)); +- goto out; +- } +- ++ snprintf(tmp, sizeof(tmp), "%s/../", bpf_get_work_dir(ctx->type)); ++ snprintf(rem, sizeof(rem), "%s/", todo); + sub = strtok(rem, "/"); ++ + while (sub) { + if (strlen(tmp) + strlen(sub) + 2 > PATH_MAX) + return -EINVAL; +@@ -1538,17 +1474,13 @@ static int bpf_make_custom_path(const struct bpf_elf_ctx *ctx, + if (ret && errno != EEXIST) { + fprintf(stderr, "mkdir %s failed: %s\n", tmp, + strerror(errno)); +- goto out; ++ return ret; + } + + sub = strtok(NULL, "/"); + } + +- ret = 0; +-out: +- free(rem); +- free(tmp); +- return ret; ++ return 0; + } + + static int bpf_place_pinned(int fd, const char *name, +@@ -2655,23 +2587,14 @@ struct bpf_jited_aux { + + static int bpf_derive_prog_from_fdinfo(int fd, struct bpf_prog_data *prog) + { +- char *file = NULL; +- char buff[4096]; ++ char file[PATH_MAX], buff[4096]; + unsigned int val; + FILE *fp; +- int ret; +- +- ret = asprintf(&file, "/proc/%d/fdinfo/%d", getpid(), fd); +- if (ret < 0) { +- fprintf(stderr, "asprintf failed: %s\n", strerror(errno)); +- free(file); +- return ret; +- } + ++ snprintf(file, sizeof(file), "/proc/%d/fdinfo/%d", getpid(), fd); + memset(prog, 0, sizeof(*prog)); + + fp = fopen(file, "r"); +- free(file); + if (!fp) { + fprintf(stderr, "No procfs support?!\n"); + return -EIO; +-- +cgit 1.2.3-korg + diff --git a/backport-addr-Fix-noprefixroute-and-autojoin-for-IPv4.patch b/backport-addr-Fix-noprefixroute-and-autojoin-for-IPv4.patch new file mode 100644 index 0000000000000000000000000000000000000000..87a6357bbc5a3f8db8d1ab20c3df82f3c8148620 --- /dev/null +++ b/backport-addr-Fix-noprefixroute-and-autojoin-for-IPv4.patch @@ -0,0 +1,43 @@ +From be1bea843234878a936fdf854e511053d528bf75 Mon Sep 17 00:00:00 2001 +From: Stephen Hemminger +Date: Tue, 6 Oct 2020 15:15:56 -0700 +Subject: addr: Fix noprefixroute and autojoin for IPv4 + +These were reported as IPv6-only and ignored: + + # ip address add 192.0.2.2/24 dev dummy5 noprefixroute + Warning: noprefixroute option can be set only for IPv6 addresses + # ip address add 224.1.1.10/24 dev dummy5 autojoin + Warning: autojoin option can be set only for IPv6 addresses + +This enables them back for IPv4. + +Fixes: 9d59c86e575b5 ("iproute2: ip addr: Organize flag properties structurally") +Signed-off-by: Adel Belhouane +Signed-off-by: Stephen Hemminger + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=be1bea843234878a936fdf854e511053d528bf75 + +--- + ip/ipaddress.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ip/ipaddress.c b/ip/ipaddress.c +index ccf67d1dd..2b4cb48a4 100644 +--- a/ip/ipaddress.c ++++ b/ip/ipaddress.c +@@ -1249,8 +1249,8 @@ static const struct ifa_flag_data_t { + { .name = "tentative", .mask = IFA_F_TENTATIVE, .readonly = true, .v6only = true}, + { .name = "permanent", .mask = IFA_F_PERMANENT, .readonly = true, .v6only = true}, + { .name = "mngtmpaddr", .mask = IFA_F_MANAGETEMPADDR, .readonly = false, .v6only = true}, +- { .name = "noprefixroute", .mask = IFA_F_NOPREFIXROUTE, .readonly = false, .v6only = true}, +- { .name = "autojoin", .mask = IFA_F_MCAUTOJOIN, .readonly = false, .v6only = true}, ++ { .name = "noprefixroute", .mask = IFA_F_NOPREFIXROUTE, .readonly = false, .v6only = false}, ++ { .name = "autojoin", .mask = IFA_F_MCAUTOJOIN, .readonly = false, .v6only = false}, + { .name = "stable-privacy", .mask = IFA_F_STABLE_PRIVACY, .readonly = true, .v6only = true}, + }; + +-- +cgit 1.2.3-korg + diff --git a/backport-bridge-Fix-memory-leak-when-doing-fdb-get.patch b/backport-bridge-Fix-memory-leak-when-doing-fdb-get.patch new file mode 100644 index 0000000000000000000000000000000000000000..051848b6c3ab0a2d0a31b7acc0a330156bb2acc0 --- /dev/null +++ b/backport-bridge-Fix-memory-leak-when-doing-fdb-get.patch @@ -0,0 +1,66 @@ +From 6db01afd60748afbba114be2773be338c5be28ff Mon Sep 17 00:00:00 2001 +From: Benjamin Poirier +Date: Mon, 11 Jul 2022 08:52:51 +0900 +Subject: [PATCH] bridge: Fix memory leak when doing 'fdb get' + +With the following command sequence: + +ip link add br0 up type bridge +ip link add dummy0 up address 02:00:00:00:00:01 master br0 type dummy +bridge fdb get 02:00:00:00:00:01 br br0 + +when running the last command under valgrind, it reports + +32,768 bytes in 1 blocks are definitely lost in loss record 2 of 2 + at 0x483F7B5: malloc (vg_replace_malloc.c:381) + by 0x11C1EC: rtnl_recvmsg (libnetlink.c:838) + by 0x11C4D1: __rtnl_talk_iov.constprop.0 (libnetlink.c:1040) + by 0x11D994: __rtnl_talk (libnetlink.c:1141) + by 0x11D994: rtnl_talk (libnetlink.c:1147) + by 0x10D336: fdb_get (fdb.c:652) + by 0x48907FC: (below main) (libc-start.c:332) + +Free the answer obtained from rtnl_talk(). + +Fixes: 4ed5ad7bd3c6 ("bridge: fdb get support") +Reported-by: Ido Schimmel +Reviewed-by: Ido Schimmel +Signed-off-by: Benjamin Poirier +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=6db01afd60 +--- + bridge/fdb.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) +diff --git a/bridge/fdb.c b/bridge/fdb.c +index 710dfc9..278fe27 100644 +--- a/bridge/fdb.c ++++ b/bridge/fdb.c +@@ -540,6 +540,7 @@ static int fdb_get(int argc, char **argv) + char *addr = NULL; + short vlan = -1; + char *endptr; ++ int ret; + + while (argc > 0) { + if ((strcmp(*argv, "brport") == 0) || strcmp(*argv, "dev") == 0) { +@@ -619,12 +620,14 @@ static int fdb_get(int argc, char **argv) + if (rtnl_talk(&rth, &req.n, &answer) < 0) + return -2; + ++ ret = 0; + if (print_fdb(answer, stdout) < 0) { + fprintf(stderr, "An error :-)\n"); +- return -1; ++ ret = -1; + } ++ free(answer); + +- return 0; ++ return ret; + } + + int do_fdb(int argc, char **argv) +-- +2.23.0 + diff --git a/backport-bridge-report-correct-version.patch b/backport-bridge-report-correct-version.patch new file mode 100644 index 0000000000000000000000000000000000000000..5fa891b0d7eaf4440a755db507c483ab395410bf --- /dev/null +++ b/backport-bridge-report-correct-version.patch @@ -0,0 +1,29 @@ +From 7a49ff9d7906858ec75b69e9ad05af2bfd9cab4d Mon Sep 17 00:00:00 2001 +From: Stephen Hemminger +Date: Sun, 15 Nov 2020 08:58:52 -0800 +Subject: bridge: report correct version + +Signed-off-by: Stephen Hemminger +Conflict: printf("bridge utility, 5.10.0\n"); +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=7a49ff9d7906858ec75b69e9ad05af2bfd9cab4d + +--- + bridge/bridge.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/bridge/bridge.c b/bridge/bridge.c +index 453d68973..1f1c907bb 100644 +--- a/bridge/bridge.c ++++ b/bridge/bridge.c +@@ -141,7 +141,7 @@ main(int argc, char **argv) + if (matches(opt, "-help") == 0) { + usage(); + } else if (matches(opt, "-Version") == 0) { +- printf("bridge utility, 0.0\n"); ++ printf("bridge utility, 5.10.0\n"); + exit(0); + } else if (matches(opt, "-stats") == 0 || + matches(opt, "-statistics") == 0) { +-- +cgit 1.2.3-korg + diff --git a/backport-bugfix-iproute2-lib-bpf-fix-bpffs-mount-when-sys-fs-bpf-exist.patch b/backport-bugfix-iproute2-lib-bpf-fix-bpffs-mount-when-sys-fs-bpf-exist.patch new file mode 100644 index 0000000000000000000000000000000000000000..26d0e6fec9576e71b9bc7b59bf006bbfe03cf9a6 --- /dev/null +++ b/backport-bugfix-iproute2-lib-bpf-fix-bpffs-mount-when-sys-fs-bpf-exist.patch @@ -0,0 +1,52 @@ +From cdedd335b6cbe7fff492b32ef00d928d8d389570 Mon Sep 17 00:00:00 2001 +From: Andrea Claudi +Date: Tue, 21 Sep 2021 11:33:24 +0200 +Subject: [PATCH] lib: bpf_legacy: fix bpffs mount when /sys/fs/bpf exists +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +bpf selftests using iproute2 fails with: + +$ ip link set dev veth0 xdp object ../bpf/xdp_dummy.o section xdp_dummy +Continuing without mounted eBPF fs. Too old kernel? +mkdir (null)/globals failed: No such file or directory +Unable to load program + +This happens when the /sys/fs/bpf directory exists. In this case, mkdir +in bpf_mnt_check_target() fails with errno == EEXIST, and the function +returns -1. Thus bpf_get_work_dir() does not call bpf_mnt_fs() and the +bpffs is not mounted. + +Fix this in bpf_mnt_check_target(), returning 0 when the mountpoint +exists. + +Fixes: d4fcdbbec9df ("lib/bpf: Fix and simplify bpf_mnt_check_target()") +Reported-by: Mingyu Shi +Reported-by: Jiri Benc +Suggested-by: Jiri Benc +Signed-off-by: Andrea Claudi +Reviewed-by: Toke Høiland-Jørgensen +Signed-off-by: Stephen Hemminger + +Conflicts: lib/bpf.c +--- + lib/bpf.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/lib/bpf.c b/lib/bpf.c +index 0062e83..014314b 100644 +--- a/lib/bpf.c ++++ b/lib/bpf.c +@@ -525,6 +525,8 @@ static int bpf_mnt_check_target(const char *target) + if (ret) { + ret = mkdir(target, S_IRWXU); + if (ret) { ++ if (errno == EEXIST) ++ return 0; + fprintf(stderr, "mkdir %s failed: %s\n", target, + strerror(errno)); + return ret; +-- +1.8.3.1 + diff --git a/backport-bugfix-iproute2-tc-f_flower-fix-port-range-parsing.patch b/backport-bugfix-iproute2-tc-f_flower-fix-port-range-parsing.patch new file mode 100644 index 0000000000000000000000000000000000000000..7e4e19769e38acbefbcb34efd8d3c4e704c4c1ec --- /dev/null +++ b/backport-bugfix-iproute2-tc-f_flower-fix-port-range-parsing.patch @@ -0,0 +1,36 @@ +From 9ce12b62181cfed8ddac855efb858f88ac036ce1 Mon Sep 17 00:00:00 2001 +From: Puneet Sharma +Date: Mon, 20 Sep 2021 11:00:01 -0400 +Subject: [PATCH] tc/f_flower: fix port range parsing + +Provided port range in tc rule are parsed incorrectly. +Even though range is passed as min-max. It throws an error. + +$ tc filter add dev eth0 ingress handle 100 priority 10000 protocol ipv4 flower ip_proto tcp dst_port 10368-61000 action pass +max value should be greater than min value +Illegal "dst_port" + +Fixes: 8930840e678b ("tc: flower: Classify packets based port ranges") +Signed-off-by: Puneet Sharma +Signed-off-by: Stephen Hemminger +Conflict: NA +--- + tc/f_flower.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 8f248db..e7f28c6 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -717,7 +717,7 @@ static int flower_parse_port(char *str, __u8 ip_proto, + if (min && max) { + __be16 min_port_type, max_port_type; + +- if (max <= min) { ++ if (ntohs(max) <= ntohs(min)) { + fprintf(stderr, "max value should be greater than min value\n"); + return -1; + } +-- +1.8.3.1 + diff --git a/backport-devlink-always-check-strslashrsplit-return-value.patch b/backport-devlink-always-check-strslashrsplit-return-value.patch new file mode 100644 index 0000000000000000000000000000000000000000..550e26994a4e84f498fd7c6674eae699185639e7 --- /dev/null +++ b/backport-devlink-always-check-strslashrsplit-return-value.patch @@ -0,0 +1,42 @@ +From 6b8fa2ea2d5024345277240acc2252c049e561b3 Mon Sep 17 00:00:00 2001 +From: Andrea Claudi +Date: Wed, 14 Apr 2021 00:48:37 +0200 +Subject: [PATCH] devlink: always check strslashrsplit() return value + +strslashrsplit() return value is not checked in __dl_argv_handle(), +despite the fact that it can return EINVAL. + +This commit fix it and make __dl_argv_handle() return error if +strslashrsplit() return an error code. + +Fixes: 2f85a9c53587 ("devlink: allow to parse both devlink and port handle in the same time") +Signed-off-by: Andrea Claudi +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=6b8fa2ea2d5024345277240acc2252c049e561b3 +--- + devlink/devlink.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/devlink/devlink.c b/devlink/devlink.c +index c6e85ff9..faa87b3d 100644 +--- a/devlink/devlink.c ++++ b/devlink/devlink.c +@@ -965,7 +965,13 @@ static int strtobool(const char *str, bool *p_val) + + static int __dl_argv_handle(char *str, char **p_bus_name, char **p_dev_name) + { +- strslashrsplit(str, p_bus_name, p_dev_name); ++ int err; ++ ++ err = strslashrsplit(str, p_bus_name, p_dev_name); ++ if (err) { ++ pr_err("Devlink identification (\"bus_name/dev_name\") \"%s\" is invalid\n", str); ++ return err; ++ } + return 0; + } + +-- +2.23.0 + diff --git a/backport-devlink-fix-devlink-health-dump-command-without-arg.patch b/backport-devlink-fix-devlink-health-dump-command-without-arg.patch new file mode 100644 index 0000000000000000000000000000000000000000..adc9b8ec57e96fe3d3a0f887d50699746729e925 --- /dev/null +++ b/backport-devlink-fix-devlink-health-dump-command-without-arg.patch @@ -0,0 +1,66 @@ +From e81fd551a1a0ffa7983d25f5e756a5c5b6cb4a9a Mon Sep 17 00:00:00 2001 +From: Jiri Pirko +Date: Tue, 19 Apr 2022 19:15:11 +0200 +Subject: [PATCH] devlink: fix "devlink health dump" command without arg + +Fix bug when user calls "devlink health dump" without "show" or "clear": +$ devlink health dump +Command "(null)" not found + +Put the dump command into a separate helper as it is usual in the rest +of the code. Also, treat no cmd as "show", as it is common for other +devlink objects. + +Fixes: 041e6e651a8e ("devlink: Add devlink health dump show command") +Signed-off-by: Jiri Pirko +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=e81fd551a1 +--- + devlink/devlink.c | 25 ++++++++++++++++++------- + 1 file changed, 18 insertions(+), 7 deletions(-) +diff --git a/devlink/devlink.c b/devlink/devlink.c +index 3abbff6..db74539 100644 +--- a/devlink/devlink.c ++++ b/devlink/devlink.c +@@ -6862,6 +6862,23 @@ static void cmd_health_help(void) + pr_err(" devlink health set DEV reporter REPORTER_NAME { grace_period | auto_recover } { msec | boolean }\n"); + } + ++static int cmd_health_dump(struct dl *dl) ++{ ++ if (dl_argv_match(dl, "help")) { ++ cmd_health_help(); ++ return 0; ++ } else if (dl_argv_match(dl, "show") || ++ dl_argv_match(dl, "list") || dl_no_arg(dl)) { ++ dl_arg_inc(dl); ++ return cmd_health_dump_show(dl); ++ } else if (dl_argv_match(dl, "clear")) { ++ dl_arg_inc(dl); ++ return cmd_health_dump_clear(dl); ++ } ++ pr_err("Command \"%s\" not found\n", dl_argv(dl)); ++ return -ENOENT; ++} ++ + static int cmd_health(struct dl *dl) + { + if (dl_argv_match(dl, "help")) { +@@ -6879,13 +6896,7 @@ static int cmd_health(struct dl *dl) + return cmd_health_diagnose(dl); + } else if (dl_argv_match(dl, "dump")) { + dl_arg_inc(dl); +- if (dl_argv_match(dl, "show")) { +- dl_arg_inc(dl); +- return cmd_health_dump_show(dl); +- } else if (dl_argv_match(dl, "clear")) { +- dl_arg_inc(dl); +- return cmd_health_dump_clear(dl); +- } ++ return cmd_health_dump(dl); + } else if (dl_argv_match(dl, "set")) { + dl_arg_inc(dl); + return cmd_health_set_params(dl); +-- +2.23.0 diff --git a/backport-devlink-fix-infinite-loop-on-flash-update-for-drivers-without-status.patch b/backport-devlink-fix-infinite-loop-on-flash-update-for-drivers-without-status.patch new file mode 100644 index 0000000000000000000000000000000000000000..278fad7d48d78880e452bf934e2545b5a73c02cf --- /dev/null +++ b/backport-devlink-fix-infinite-loop-on-flash-update-for-drivers-without-status.patch @@ -0,0 +1,92 @@ +From 954a0077c83b7981271809391ac0712d24a48314 Mon Sep 17 00:00:00 2001 +From: Jacob Keller +Date: Thu, 5 Aug 2021 16:44:59 -0700 +Subject: devlink: fix infinite loop on flash update for drivers without status + +When processing device flash update, cmd_dev_flash function waits until +the flash process has completed. This requires the following two +conditions to both be true: + +a) we've received an exit status from the child process +b) we've received the DEVLINK_CMD_FLASH_UPDATE_END *or* + we haven't received any status notifications from the driver. + +The original devlink flash status monitoring code in 9b13cddfe268 +("devlink: implement flash status monitoring") was written assuming that +a driver will either send no status updates, or it will send at least +one DEVLINK_CMD_FLASH_UPDATE_STATUS before DEVLINK_CMD_FLASH_UPDATE_END. + +Newer versions of the kernel since commit 52cc5f3a166a ("devlink: move flash +end and begin to core devlink") in v5.10 moved handling of the +DEVLINK_CMD_FLASH_UPDATE_END into the core stack, and will send this +regardless of whether or not the driver sends any of its own status +notifications. + +The handling of DEVLINK_CMD_FLASH_UPDATE_END in cmd_dev_flash_status_cb +has an additional condition that it must not be the first message. +Otherwise, it falls back to treating it like +a DEVLINK_CMD_FLASH_UPDATE_STATUS. + +This is wrong because it can lead to an infinite loop if a driver does +not send any status updates. + +In this case, the kernel will send DEVLINK_CMD_FLASH_UPDATE_END without +any DEVLINK_CMD_FLASH_UPDATE_STATUS. The devlink application will see +that ctx->not_first is false, and will treat this like any other status +message. Thus, ctx->not_first will be set to 1. + +The loop condition to exit flash update will thus never be true, since +we will wait forever, because ctx->not_first is true, and +ctx->received_end is false. + +This leads to the application appearing to process the flash update, but +it will never exit. + +Fix this by simply always treating DEVLINK_CMD_FLASH_UPDATE_END the same +regardless of whether its the first message or not. + +This is obviously the correct thing to do: once we've received the +DEVLINK_CMD_FLASH_UPDATE_END the flash update must be finished. For new +kernels this is always true, because we send this message in the core +stack after the driver flash update routine finishes. + +For older kernels, some drivers may not have sent any +DEVLINK_CMD_FLASH_UPDATE_STATUS or DEVLINK_CMD_FLASH_UPDATE_END. This is +handled by the while loop conditional that exits if we get a return +value from the child process without having received any status +notifications. + +An argument could be made that we should exit immediately when we get +either the DEVLINK_CMD_FLASH_UPDATE_END or an exit code from the child +process. However, at a minimum it makes no sense to ever process +DEVLINK_CMD_FLASH_UPDATE_END as if it were a DEVLINK_CMD_FLASH_UPDATE_STATUS. + +This is easy to test as it is triggered by the selftests for the +netdevsim driver, which has a test case for both with and without status +notifications. + +Fixes: 9b13cddfe268 ("devlink: implement flash status monitoring") +Signed-off-by: Jacob Keller +Signed-off-by: Stephen Hemminger +Conflict:NA +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=954a0077c83b7981271809391ac0712d24a48314 +--- + devlink/devlink.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/devlink/devlink.c b/devlink/devlink.c +index b294fcd8f..9d3acc188 100644 +--- a/devlink/devlink.c ++++ b/devlink/devlink.c +@@ -3700,7 +3700,7 @@ static int cmd_dev_flash_status_cb(const struct nlmsghdr *nlh, void *data) + strcmp(dev_name, opts->dev_name)) + return MNL_CB_ERROR; + +- if (genl->cmd == DEVLINK_CMD_FLASH_UPDATE_END && ctx->not_first) { ++ if (genl->cmd == DEVLINK_CMD_FLASH_UPDATE_END) { + pr_out("\n"); + free(ctx->last_msg); + free(ctx->last_component); +-- +cgit 1.2.3-korg + diff --git a/backport-devlink-fix-memory-leak-in-cmd_dev_flash.patch b/backport-devlink-fix-memory-leak-in-cmd_dev_flash.patch new file mode 100644 index 0000000000000000000000000000000000000000..ee09401598b171f24c460a678caa80203bf3b713 --- /dev/null +++ b/backport-devlink-fix-memory-leak-in-cmd_dev_flash.patch @@ -0,0 +1,63 @@ +From ec1346acbe9e5f0fe16242fc61b85d81f84ee592 Mon Sep 17 00:00:00 2001 +From: Andrea Claudi +Date: Fri, 11 Dec 2020 19:53:02 +0100 +Subject: devlink: fix memory leak in cmd_dev_flash() + +nlg_ntf is dinamically allocated in mnlg_socket_open(), and is freed on +the out: return path. However, some error paths do not free it, +resulting in memory leak. + +This commit fix this using mnlg_socket_close(), and reporting the +correct error number when required. + +Fixes: 9b13cddfe268 ("devlink: implement flash status monitoring") +Signed-off-by: Andrea Claudi +Signed-off-by: Stephen Hemminger +Conflict:NA +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=ec1346acbe9e5f0fe16242fc61b85d81f84ee592 +--- + devlink/devlink.c | 13 ++++++++----- + 1 file changed, 8 insertions(+), 5 deletions(-) + +diff --git a/devlink/devlink.c b/devlink/devlink.c +index ca99732ef..43549965c 100644 +--- a/devlink/devlink.c ++++ b/devlink/devlink.c +@@ -3371,19 +3371,21 @@ static int cmd_dev_flash(struct dl *dl) + + err = _mnlg_socket_group_add(nlg_ntf, DEVLINK_GENL_MCGRP_CONFIG_NAME); + if (err) +- return err; ++ goto err_socket; + + err = pipe(pipe_fds); +- if (err == -1) +- return -errno; ++ if (err == -1) { ++ err = -errno; ++ goto err_socket; ++ } + pipe_r = pipe_fds[0]; + pipe_w = pipe_fds[1]; + + pid = fork(); + if (pid == -1) { +- close(pipe_r); + close(pipe_w); +- return -errno; ++ err = -errno; ++ goto out; + } else if (!pid) { + /* In child, just execute the flash and pass returned + * value through pipe once it is done. +@@ -3412,6 +3414,7 @@ static int cmd_dev_flash(struct dl *dl) + err = _mnlg_socket_recv_run(dl->nlg, NULL, NULL); + out: + close(pipe_r); ++err_socket: + mnlg_socket_close(nlg_ntf); + return err; + } +-- +cgit 1.2.3-korg + diff --git a/backport-ip-address-Fix-memory-leak-when-specifying-device.patch b/backport-ip-address-Fix-memory-leak-when-specifying-device.patch new file mode 100644 index 0000000000000000000000000000000000000000..5c5e87e64c5ec81e08e75b122a40725431245b3a --- /dev/null +++ b/backport-ip-address-Fix-memory-leak-when-specifying-device.patch @@ -0,0 +1,50 @@ +From 1d540336b026ed5bfe10eefac383db7f434d842f Mon Sep 17 00:00:00 2001 +From: Benjamin Poirier +Date: Mon, 11 Jul 2022 08:52:50 +0900 +Subject: [PATCH] ip address: Fix memory leak when specifying device + +Running a command like `ip addr show dev lo` under valgrind informs us that + +32,768 bytes in 1 blocks are definitely lost in loss record 4 of 4 + at 0x483577F: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) + by 0x16CBE2: rtnl_recvmsg (libnetlink.c:775) + by 0x16CF04: __rtnl_talk_iov (libnetlink.c:954) + by 0x16E257: __rtnl_talk (libnetlink.c:1059) + by 0x16E257: rtnl_talk (libnetlink.c:1065) + by 0x115CB1: ipaddr_link_get (ipaddress.c:1833) + by 0x11A0D1: ipaddr_list_flush_or_save (ipaddress.c:2030) + by 0x1152EB: do_cmd (ip.c:115) + by 0x114D6F: main (ip.c:321) + +After calling store_nlmsg(), the original buffer should be freed. That is +the pattern used elsewhere through the rtnl_dump_filter() call chain. + +Fixes: 884709785057 ("ip address: Set device index in dump request") +Reported-by: Binu Gopalakrishnapillai +Reviewed-by: Ido Schimmel +Signed-off-by: Benjamin Poirier +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=1d540336b0 +--- + ip/ipaddress.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/ip/ipaddress.c b/ip/ipaddress.c +index a288341c..59ef1e4b 100644 +--- a/ip/ipaddress.c ++++ b/ip/ipaddress.c +@@ -2030,8 +2030,10 @@ static int ipaddr_link_get(int index, struct nlmsg_chain *linfo) + + if (store_nlmsg(answer, linfo) < 0) { + fprintf(stderr, "Failed to process link information\n"); ++ free(answer); + return 1; + } ++ free(answer); + + return 0; + } +-- +2.23.0 + diff --git a/backport-ip-drop-2-char-command-assumption.patch b/backport-ip-drop-2-char-command-assumption.patch new file mode 100644 index 0000000000000000000000000000000000000000..63f342ccdea45bdb05036388338336b4012c188f --- /dev/null +++ b/backport-ip-drop-2-char-command-assumption.patch @@ -0,0 +1,82 @@ +From e705b19d489f769228902e100b4f375c03becfbb Mon Sep 17 00:00:00 2001 +From: Tony Ambardar +Date: Tue, 20 Apr 2021 01:26:36 -0700 +Subject: [PATCH] ip: drop 2-char command assumption + +The 'ip' utility hardcodes the assumption of being a 2-char command, where +any follow-on characters are passed as an argument: + + $ ./ip-full help + Object "-full" is unknown, try "ip help". + +This confusing behaviour isn't seen with 'tc' for example, and was added in +a 2005 commit without documentation. It was noticed during testing of 'ip' +variants built/packaged with different feature sets (e.g. w/o BPF support). + +Mitigate the problem by redoing the command without the 2-char assumption +if the follow-on characters fail to parse as a valid command. + +Fixes: 351efcde4e62 ("Update header files to 2.6.14") +Signed-off-by: Tony Ambardar +Signed-off-by: David Ahern +Conflict: batch function has refactor +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=e705b19d489f769228902e100b4f375c03becfbb + +--- + ip/ip.c | 17 +++++++++++------ + 1 file changed, 11 insertions(+), 6 deletions(-) + +diff --git a/ip/ip.c b/ip/ip.c +index 90392c2..90c04dc 100644 +--- a/ip/ip.c ++++ b/ip/ip.c +@@ -107,7 +107,7 @@ static const struct cmd { + { 0 } + }; + +-static int do_cmd(const char *argv0, int argc, char **argv) ++static int do_cmd(const char *argv0, int argc, char **argv, bool final) + { + const struct cmd *c; + +@@ -116,7 +116,8 @@ static int do_cmd(const char *argv0, int argc, char **argv) + return -(c->func(argc-1, argv+1)); + } + +- fprintf(stderr, "Object \"%s\" is unknown, try \"ip help\".\n", argv0); ++ if (final) ++ fprintf(stderr, "Object \"%s\" is unknown, try \"ip help\".\n", argv0); + return EXIT_FAILURE; + } + +@@ -154,7 +155,7 @@ static int batch(const char *name) + if (largc == 0) + continue; /* blank line */ + +- if (do_cmd(largv[0], largc, largv)) { ++ if (do_cmd(largv[0], largc, largv, true)) { + fprintf(stderr, "Command failed %s:%d\n", + name, cmdlineno); + ret = EXIT_FAILURE; +@@ -315,11 +316,15 @@ int main(int argc, char **argv) + + rtnl_set_strict_dump(&rth); + +- if (strlen(basename) > 2) +- return do_cmd(basename+2, argc, argv); ++ if (strlen(basename) > 2) { ++ int ret = do_cmd(basename+2, argc, argv, false); ++ if (ret != EXIT_FAILURE) ++ return ret; ++ } ++ + + if (argc > 1) +- return do_cmd(argv[1], argc-1, argv+1); ++ return do_cmd(argv[1], argc-1, argv+1, true); + + rtnl_close(&rth); + usage(); +-- +2.23.0 + diff --git a/backport-ip-neigh-Fix-memory-leak-when-doing-get.patch b/backport-ip-neigh-Fix-memory-leak-when-doing-get.patch new file mode 100644 index 0000000000000000000000000000000000000000..32a7ccbb88cf52ab79705603c14e90736e67dc42 --- /dev/null +++ b/backport-ip-neigh-Fix-memory-leak-when-doing-get.patch @@ -0,0 +1,54 @@ +From c5433c4b7a57d380f4cb351316f5ba5ebae9538e Mon Sep 17 00:00:00 2001 +From: Benjamin Poirier +Date: Mon, 11 Jul 2022 08:52:54 +0900 +Subject: [PATCH] ip neigh: Fix memory leak when doing 'get' + +With the following command sequence: + +ip link add dummy0 type dummy +ip neigh add 192.168.0.1 dev dummy0 +ip neigh get 192.168.0.1 dev dummy0 + +when running the last command under valgrind, it reports + +32,768 bytes in 1 blocks are definitely lost in loss record 2 of 2 + at 0x483F7B5: malloc (vg_replace_malloc.c:381) + by 0x17A0EC: rtnl_recvmsg (libnetlink.c:838) + by 0x17A3D1: __rtnl_talk_iov.constprop.0 (libnetlink.c:1040) + by 0x17B894: __rtnl_talk (libnetlink.c:1141) + by 0x17B894: rtnl_talk (libnetlink.c:1147) + by 0x12E49B: ipneigh_get (ipneigh.c:728) + by 0x1174CB: do_cmd (ip.c:136) + by 0x116F7C: main (ip.c:324) + +Free the answer obtained from rtnl_talk(). + +Fixes: 62842362370b ("ipneigh: neigh get support") +Suggested-by: Ido Schimmel +Reviewed-by: Ido Schimmel +Signed-off-by: Benjamin Poirier +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=c5433c4b7a +--- + ip/ipneigh.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/ip/ipneigh.c b/ip/ipneigh.c +index 7facc399..61b0a4a2 100644 +--- a/ip/ipneigh.c ++++ b/ip/ipneigh.c +@@ -731,8 +731,10 @@ static int ipneigh_get(int argc, char **argv) + ipneigh_reset_filter(0); + if (print_neigh(answer, stdout) < 0) { + fprintf(stderr, "An error :-)\n"); ++ free(answer); + return -1; + } ++ free(answer); + + return 0; + } +-- +2.23.0 + diff --git a/backport-ip-netns-fix-missing-netns-close-on-some-error-paths.patch b/backport-ip-netns-fix-missing-netns-close-on-some-error-paths.patch new file mode 100644 index 0000000000000000000000000000000000000000..67739136f75b356db9a06cd9b7ee3461b96067f8 --- /dev/null +++ b/backport-ip-netns-fix-missing-netns-close-on-some-error-paths.patch @@ -0,0 +1,138 @@ +From 38ef5bb7b4a7e8b191f4087c140a07a0779fa903 Mon Sep 17 00:00:00 2001 +From: Andrea Claudi +Date: Mon, 19 Apr 2021 15:37:25 +0200 +Subject: [PATCH] ip: netns: fix missing netns close on some error paths + +In functions netns_pids() and netns_identify_pid(), the netns file is +not closed on some error paths. + +Fix this using a conditional close and a single return point on both +functions. + +Fixes: 44b563269ea1 ("ip-nexthop: support flush by id") +Signed-off-by: Andrea Claudi +Signed-off-by: Stephen Hemminger +Conflict: The function reconstructs +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=38ef5bb7b4a7e8b191f4087c140a07a0779fa903 + +--- + ip/ipnetns.c | 40 ++++++++++++++++++++++++---------------- + 1 file changed, 24 insertions(+), 16 deletions(-) + +diff --git a/ip/ipnetns.c b/ip/ipnetns.c +index cf9a471..4b88810 100644 +--- a/ip/ipnetns.c ++++ b/ip/ipnetns.c +@@ -627,18 +627,18 @@ static int netns_pids(int argc, char **argv) + { + const char *name; + char net_path[PATH_MAX]; +- int netns; ++ int netns = -1, ret = -1; + struct stat netst; + DIR *dir; + struct dirent *entry; + + if (argc < 1) { + fprintf(stderr, "No netns name specified\n"); +- return -1; ++ goto out; + } + if (argc > 1) { + fprintf(stderr, "extra arguments specified\n"); +- return -1; ++ goto out; + } + + name = argv[0]; +@@ -647,17 +647,17 @@ static int netns_pids(int argc, char **argv) + if (netns < 0) { + fprintf(stderr, "Cannot open network namespace: %s\n", + strerror(errno)); +- return -1; ++ goto out; + } + if (fstat(netns, &netst) < 0) { + fprintf(stderr, "Stat of netns failed: %s\n", + strerror(errno)); +- return -1; ++ goto out; + } + dir = opendir(get_proc_string()); + if (!dir) { + fprintf(stderr, "Open of %s failed: %s\n", get_proc_string(), strerror(errno)); +- return -1; ++ goto out; + } + while ((entry = readdir(dir))) { + char pid_net_path[PATH_MAX]; +@@ -673,15 +673,18 @@ static int netns_pids(int argc, char **argv) + printf("%s\n", entry->d_name); + } + } ++ ret = 0; + closedir(dir); +- return 0; +- ++out: ++ if (netns >= 0) ++ close(netns); ++ return ret; + } + + int netns_identify_pid(const char *pidstr, char *name, int len) + { + char net_path[PATH_MAX]; +- int netns; ++ int netns = -1, ret = -1; + struct stat netst; + DIR *dir; + struct dirent *entry; +@@ -693,22 +696,24 @@ int netns_identify_pid(const char *pidstr, char *name, int len) + if (netns < 0) { + fprintf(stderr, "Cannot open network namespace: %s\n", + strerror(errno)); +- return -1; ++ goto out; + } + if (fstat(netns, &netst) < 0) { + fprintf(stderr, "Stat of netns failed: %s\n", + strerror(errno)); +- return -1; ++ goto out; + } + dir = opendir(NETNS_RUN_DIR); + if (!dir) { + /* Succeed treat a missing directory as an empty directory */ +- if (errno == ENOENT) +- return 0; ++ if (errno == ENOENT) { ++ ret = 0; ++ goto out; ++ } + + fprintf(stderr, "Failed to open directory %s:%s\n", + NETNS_RUN_DIR, strerror(errno)); +- return -1; ++ goto out; + } + + while ((entry = readdir(dir))) { +@@ -731,9 +736,12 @@ int netns_identify_pid(const char *pidstr, char *name, int len) + strlcpy(name, entry->d_name, len); + } + } ++ ret = 0; + closedir(dir); +- return 0; +- ++out: ++ if (netns >= 0) ++ close(netns); ++ return ret; + } + + static int netns_identify(int argc, char **argv) +-- +2.23.0 + diff --git a/backport-ipmonitor-Fix-recvmsg-with-ancillary-data.patch b/backport-ipmonitor-Fix-recvmsg-with-ancillary-data.patch new file mode 100644 index 0000000000000000000000000000000000000000..c74fe0bd96723518d2e66463bdd60cd3ed63d89e --- /dev/null +++ b/backport-ipmonitor-Fix-recvmsg-with-ancillary-data.patch @@ -0,0 +1,60 @@ +From f760bff328316244b510986cf0ed7ee1c3c689ef Mon Sep 17 00:00:00 2001 +From: Lahav Schlesinger +Date: Thu, 15 Jul 2021 17:38:56 +0300 +Subject: ipmonitor: Fix recvmsg with ancillary data + +A successful call to recvmsg() causes msg.msg_controllen to contain the length +of the received ancillary data. However, the current code in the 'ip' utility +doesn't reset this value after each recvmsg(). + +This means that if a call to recvmsg() doesn't have ancillary data, then +'msg.msg_controllen' will be set to 0, causing future recvmsg() which do +contain ancillary data to get MSG_CTRUNC set in msg.msg_flags. + +This fixes 'ip monitor' running with the all-nsid option - With this option the +kernel passes the nsid as ancillary data. If while 'ip monitor' is running an +even on the current netns is received, then no ancillary data will be sent, +causing 'msg.msg_controllen' to be set to 0, which causes 'ip monitor' to +indefinitely print "[nsid current]" instead of the real nsid. + +Fixes: 449b824ad196 ("ipmonitor: allows to monitor in several netns") +Cc: Nicolas Dichtel +Signed-off-by: Lahav Schlesinger +Acked-by: Nicolas Dichtel +Signed-off-by: Stephen Hemminger + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=f760bff328316244b510986cf0ed7ee1c3c689ef +--- + lib/libnetlink.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/lib/libnetlink.c b/lib/libnetlink.c +index 6836c21c9..7e977a676 100644 +--- a/lib/libnetlink.c ++++ b/lib/libnetlink.c +@@ -1175,16 +1175,16 @@ int rtnl_listen(struct rtnl_handle *rtnl, + char buf[16384]; + char cmsgbuf[BUFSIZ]; + +- if (rtnl->flags & RTNL_HANDLE_F_LISTEN_ALL_NSID) { +- msg.msg_control = &cmsgbuf; +- msg.msg_controllen = sizeof(cmsgbuf); +- } +- + iov.iov_base = buf; + while (1) { + struct rtnl_ctrl_data ctrl; + struct cmsghdr *cmsg; + ++ if (rtnl->flags & RTNL_HANDLE_F_LISTEN_ALL_NSID) { ++ msg.msg_control = &cmsgbuf; ++ msg.msg_controllen = sizeof(cmsgbuf); ++ } ++ + iov.iov_len = sizeof(buf); + status = recvmsg(rtnl->fd, &msg, 0); + +-- +cgit 1.2.3-korg + diff --git a/backport-iproute2-fix-MPLS-label-parsing.patch b/backport-iproute2-fix-MPLS-label-parsing.patch new file mode 100644 index 0000000000000000000000000000000000000000..bb1dede5e62c2ef6dc03bdb41fe26b01917d0cec --- /dev/null +++ b/backport-iproute2-fix-MPLS-label-parsing.patch @@ -0,0 +1,58 @@ +From 72cc0bafb9f8af217283f7757397242cb7ca8b2d Mon Sep 17 00:00:00 2001 +From: Guillaume Nault +Date: Wed, 11 Mar 2020 16:16:36 +0100 +Subject: iproute2: fix MPLS label parsing + +The initial value of "label" in parse_mpls() is 0xffffffff. Therefore +we should test for this value, and not 0, to detect if a label has been +provided. The "!label" test not only fails to detect a missing label +parameter, it also prevents the use of the IPv4 explicit NULL label, +which actually equals 0. + +Reproducer: + $ ip link add name dm0 type dummy + $ tc qdisc add dev dm0 ingress + + $ tc filter add dev dm0 parent ffff: matchall action mpls push + Error: act_mpls: Label is required for MPLS push. + We have an error talking to the kernel + --> Filter was pushed to the kernel, where it got rejected. + + $ tc filter add dev dm0 parent ffff: matchall action mpls push label 0 + Error: argument "label" is required + --> Label 0 was rejected by iproute2. + +Expected result: + $ tc filter add dev dm0 parent ffff: matchall action mpls push + Error: argument "label" is required + --> Filter was directly rejected by iproute2. + + $ tc filter add dev dm0 parent ffff: matchall action mpls push label 0 + --> Filter is accepted. + +Signed-off-by: Guillaume Nault +Signed-off-by: Stephen Hemminger + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=72cc0bafb9f8af217283f7757397242cb7ca8b2d + +--- + tc/m_mpls.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tc/m_mpls.c b/tc/m_mpls.c +index 6f3a39f43..50eba01cb 100644 +--- a/tc/m_mpls.c ++++ b/tc/m_mpls.c +@@ -156,7 +156,7 @@ static int parse_mpls(struct action_util *a, int *argc_p, char ***argv_p, + } + } + +- if (action == TCA_MPLS_ACT_PUSH && !label) ++ if (action == TCA_MPLS_ACT_PUSH && label == 0xffffffff) + missarg("label"); + + if (action == TCA_MPLS_ACT_PUSH && proto && +-- +cgit 1.2.3-korg + diff --git a/backport-iproute2-ip-addr-Organize-flag-properties-structurally.patch b/backport-iproute2-ip-addr-Organize-flag-properties-structurally.patch new file mode 100644 index 0000000000000000000000000000000000000000..dd3c26bcd84f0de03ec5db1f2b488237eb168db1 --- /dev/null +++ b/backport-iproute2-ip-addr-Organize-flag-properties-structurally.patch @@ -0,0 +1,194 @@ +From 9d59c86e575b5373d73f021f569ae520bc229ec5 Mon Sep 17 00:00:00 2001 +From: "Ian K. Coolidge" +Date: Wed, 27 May 2020 11:03:45 -0700 +Subject: iproute2: ip addr: Organize flag properties structurally + +This creates a nice systematic way to check that the various flags are +mutable from userspace and that the address family is valid. + +Mutability properties are preserved to avoid introducing any behavioral +change in this CL. However, previously, immutable flags were ignored and +fell through to this confusing error: + +Error: either "local" is duplicate, or "dadfailed" is a garbage. + +But now, they just warn more explicitly: + +Warning: dadfailed option is not mutable from userspace +Signed-off-by: David Ahern + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=9d59c86e575b5373d73f021f569ae520bc229ec5 + +--- + ip/ipaddress.c | 112 ++++++++++++++++++++++++++++----------------------------- + 1 file changed, 55 insertions(+), 57 deletions(-) + +diff --git a/ip/ipaddress.c b/ip/ipaddress.c +index 80d27ce27..403f70109 100644 +--- a/ip/ipaddress.c ++++ b/ip/ipaddress.c +@@ -1233,52 +1233,63 @@ static unsigned int get_ifa_flags(struct ifaddrmsg *ifa, + ifa->ifa_flags; + } + +-/* Mapping from argument to address flag mask */ +-static const struct { ++/* Mapping from argument to address flag mask and attributes */ ++static const struct ifa_flag_data_t { + const char *name; +- unsigned long value; +-} ifa_flag_names[] = { +- { "secondary", IFA_F_SECONDARY }, +- { "temporary", IFA_F_SECONDARY }, +- { "nodad", IFA_F_NODAD }, +- { "optimistic", IFA_F_OPTIMISTIC }, +- { "dadfailed", IFA_F_DADFAILED }, +- { "home", IFA_F_HOMEADDRESS }, +- { "deprecated", IFA_F_DEPRECATED }, +- { "tentative", IFA_F_TENTATIVE }, +- { "permanent", IFA_F_PERMANENT }, +- { "mngtmpaddr", IFA_F_MANAGETEMPADDR }, +- { "noprefixroute", IFA_F_NOPREFIXROUTE }, +- { "autojoin", IFA_F_MCAUTOJOIN }, +- { "stable-privacy", IFA_F_STABLE_PRIVACY }, ++ unsigned long mask; ++ bool readonly; ++ bool v6only; ++} ifa_flag_data[] = { ++ { .name = "secondary", .mask = IFA_F_SECONDARY, .readonly = true, .v6only = false}, ++ { .name = "temporary", .mask = IFA_F_SECONDARY, .readonly = true, .v6only = false}, ++ { .name = "nodad", .mask = IFA_F_NODAD, .readonly = false, .v6only = true}, ++ { .name = "optimistic", .mask = IFA_F_OPTIMISTIC, .readonly = true, .v6only = true}, ++ { .name = "dadfailed", .mask = IFA_F_DADFAILED, .readonly = true, .v6only = true}, ++ { .name = "home", .mask = IFA_F_HOMEADDRESS, .readonly = false, .v6only = true}, ++ { .name = "deprecated", .mask = IFA_F_DEPRECATED, .readonly = true, .v6only = true}, ++ { .name = "tentative", .mask = IFA_F_TENTATIVE, .readonly = true, .v6only = true}, ++ { .name = "permanent", .mask = IFA_F_PERMANENT, .readonly = true, .v6only = true}, ++ { .name = "mngtmpaddr", .mask = IFA_F_MANAGETEMPADDR, .readonly = false, .v6only = true}, ++ { .name = "noprefixroute", .mask = IFA_F_NOPREFIXROUTE, .readonly = false, .v6only = true}, ++ { .name = "autojoin", .mask = IFA_F_MCAUTOJOIN, .readonly = false, .v6only = true}, ++ { .name = "stable-privacy", .mask = IFA_F_STABLE_PRIVACY, .readonly = true, .v6only = true}, + }; + ++/* Returns a pointer to the data structure for a particular interface flag, or null if no flag could be found */ ++static const struct ifa_flag_data_t* lookup_flag_data_by_name(const char* flag_name) { ++ for (int i = 0; i < ARRAY_SIZE(ifa_flag_data); ++i) { ++ if (strcmp(flag_name, ifa_flag_data[i].name) == 0) ++ return &ifa_flag_data[i]; ++ } ++ return NULL; ++} ++ + static void print_ifa_flags(FILE *fp, const struct ifaddrmsg *ifa, + unsigned int flags) + { + unsigned int i; + +- for (i = 0; i < ARRAY_SIZE(ifa_flag_names); i++) { +- unsigned long mask = ifa_flag_names[i].value; ++ for (i = 0; i < ARRAY_SIZE(ifa_flag_data); i++) { ++ const struct ifa_flag_data_t* flag_data = &ifa_flag_data[i]; + +- if (mask == IFA_F_PERMANENT) { +- if (!(flags & mask)) ++ if (flag_data->mask == IFA_F_PERMANENT) { ++ if (!(flags & flag_data->mask)) + print_bool(PRINT_ANY, + "dynamic", "dynamic ", true); +- } else if (flags & mask) { +- if (mask == IFA_F_SECONDARY && ++ } else if (flags & flag_data->mask) { ++ if (flag_data->mask == IFA_F_SECONDARY && + ifa->ifa_family == AF_INET6) { + print_bool(PRINT_ANY, + "temporary", "temporary ", true); + } else { + print_string(PRINT_FP, NULL, +- "%s ", ifa_flag_names[i].name); ++ "%s ", flag_data->name); + print_bool(PRINT_JSON, +- ifa_flag_names[i].name, NULL, true); ++ flag_data->name, NULL, true); + } + } + +- flags &= ~mask; ++ flags &= ~flag_data->mask; + } + + if (flags) { +@@ -1297,7 +1308,6 @@ static void print_ifa_flags(FILE *fp, const struct ifaddrmsg *ifa, + static int get_filter(const char *arg) + { + bool inv = false; +- unsigned int i; + + if (arg[0] == '-') { + inv = true; +@@ -1313,18 +1323,16 @@ static int get_filter(const char *arg) + arg = "secondary"; + } + +- for (i = 0; i < ARRAY_SIZE(ifa_flag_names); i++) { +- if (strcmp(arg, ifa_flag_names[i].name)) +- continue; ++ const struct ifa_flag_data_t* flag_data = lookup_flag_data_by_name(arg); ++ if (flag_data == NULL) ++ return -1; + +- if (inv) +- filter.flags &= ~ifa_flag_names[i].value; +- else +- filter.flags |= ifa_flag_names[i].value; +- filter.flagmask |= ifa_flag_names[i].value; +- return 0; +- } +- return -1; ++ if (inv) ++ filter.flags &= ~flag_data->mask; ++ else ++ filter.flags |= flag_data->mask; ++ filter.flagmask |= flag_data->mask; ++ return 0; + } + + static int ifa_label_match_rta(int ifindex, const struct rtattr *rta) +@@ -2330,25 +2338,15 @@ static int ipaddr_modify(int cmd, int flags, int argc, char **argv) + preferred_lftp = *argv; + if (set_lifetime(&preferred_lft, *argv)) + invarg("preferred_lft value", *argv); +- } else if (strcmp(*argv, "home") == 0) { +- if (req.ifa.ifa_family == AF_INET6) +- ifa_flags |= IFA_F_HOMEADDRESS; +- else +- fprintf(stderr, "Warning: home option can be set only for IPv6 addresses\n"); +- } else if (strcmp(*argv, "nodad") == 0) { +- if (req.ifa.ifa_family == AF_INET6) +- ifa_flags |= IFA_F_NODAD; +- else +- fprintf(stderr, "Warning: nodad option can be set only for IPv6 addresses\n"); +- } else if (strcmp(*argv, "mngtmpaddr") == 0) { +- if (req.ifa.ifa_family == AF_INET6) +- ifa_flags |= IFA_F_MANAGETEMPADDR; +- else +- fprintf(stderr, "Warning: mngtmpaddr option can be set only for IPv6 addresses\n"); +- } else if (strcmp(*argv, "noprefixroute") == 0) { +- ifa_flags |= IFA_F_NOPREFIXROUTE; +- } else if (strcmp(*argv, "autojoin") == 0) { +- ifa_flags |= IFA_F_MCAUTOJOIN; ++ } else if (lookup_flag_data_by_name(*argv)) { ++ const struct ifa_flag_data_t* flag_data = lookup_flag_data_by_name(*argv); ++ if (flag_data->readonly) { ++ fprintf(stderr, "Warning: %s option is not mutable from userspace\n", flag_data->name); ++ } else if (flag_data->v6only && req.ifa.ifa_family != AF_INET6) { ++ fprintf(stderr, "Warning: %s option can be set only for IPv6 addresses\n", flag_data->name); ++ } else { ++ ifa_flags |= flag_data->mask; ++ } + } else { + if (strcmp(*argv, "local") == 0) + NEXT_ARG(); +-- +cgit 1.2.3-korg + diff --git a/backport-iproute2-ip-maddress-Check-multiaddr-length.patch b/backport-iproute2-ip-maddress-Check-multiaddr-length.patch new file mode 100644 index 0000000000000000000000000000000000000000..011c363e0ab99e730e1b469b1ccaf6e2434a7af8 --- /dev/null +++ b/backport-iproute2-ip-maddress-Check-multiaddr-length.patch @@ -0,0 +1,61 @@ +From 7e7a1d107b7f2bb729836de25c4983f9615a2aa1 Mon Sep 17 00:00:00 2001 +From: Sascha Hauer +Date: Mon, 17 Aug 2020 13:25:19 +0200 +Subject: iproute2: ip maddress: Check multiaddr length + +ip maddress add|del takes a MAC address as argument, so insist on +getting a length of ETH_ALEN bytes. This makes sure the passed argument +is actually a MAC address and especially not an IPv4 address which +was previously accepted and silently taken as a MAC address. + +While at it, do not print *argv in the error path as this has been +modified by ll_addr_a2n() and doesn't contain the full string anymore, +which can lead to misleading error messages. + +Also while at it, replace the hardcoded buffer size with the actual +buffer size using sizeof(). + +Signed-off-by: Sascha Hauer +Signed-off-by: Stephen Hemminger + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=7e7a1d107b7f2bb729836de25c4983f9615a2aa1 + +--- + ip/ipmaddr.c | 13 +++++++++---- + 1 file changed, 9 insertions(+), 4 deletions(-) + +diff --git a/ip/ipmaddr.c b/ip/ipmaddr.c +index 3400e055a..d41ac63a7 100644 +--- a/ip/ipmaddr.c ++++ b/ip/ipmaddr.c +@@ -291,7 +291,7 @@ static int multiaddr_modify(int cmd, int argc, char **argv) + { + struct ifreq ifr = {}; + int family; +- int fd; ++ int fd, len; + + if (cmd == RTM_NEWADDR) + cmd = SIOCADDMULTI; +@@ -313,9 +313,14 @@ static int multiaddr_modify(int cmd, int argc, char **argv) + usage(); + if (ifr.ifr_hwaddr.sa_data[0]) + duparg("address", *argv); +- if (ll_addr_a2n(ifr.ifr_hwaddr.sa_data, +- 14, *argv) < 0) { +- fprintf(stderr, "Error: \"%s\" is not a legal ll address.\n", *argv); ++ len = ll_addr_a2n(ifr.ifr_hwaddr.sa_data, ++ sizeof(ifr.ifr_hwaddr.sa_data), ++ *argv); ++ if (len < 0) ++ exit(1); ++ ++ if (len != ETH_ALEN) { ++ fprintf(stderr, "Error: Invalid address length %d - must be %d bytes\n", len, ETH_ALEN); + exit(1); + } + } +-- +cgit 1.2.3-korg + diff --git a/backport-l2tp-fix-typo-in-AF_INET6-checksum-JSON-print.patch b/backport-l2tp-fix-typo-in-AF_INET6-checksum-JSON-print.patch new file mode 100644 index 0000000000000000000000000000000000000000..1834cc60603f6b5a93c6e8f48679d6a3fecabf27 --- /dev/null +++ b/backport-l2tp-fix-typo-in-AF_INET6-checksum-JSON-print.patch @@ -0,0 +1,35 @@ +From 2bb37e90177cae1b92284a943123b0575505141f Mon Sep 17 00:00:00 2001 +From: Andrea Claudi +Date: Tue, 21 Jun 2022 18:53:08 +0200 +Subject: [PATCH] l2tp: fix typo in AF_INET6 checksum JSON print + +In print_tunnel json output, a typo makes it impossible to know the +value of udp6_csum_rx, printing instead udp6_csum_tx two times. + +Fixed getting rid of the typo. + +Fixes: 98453b65800f ("ip/l2tp: add JSON support") +Signed-off-by: Andrea Claudi +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=2bb37e9017 +--- + ip/ipl2tp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ip/ipl2tp.c b/ip/ipl2tp.c +index 56972358..f1d574de 100644 +--- a/ip/ipl2tp.c ++++ b/ip/ipl2tp.c +@@ -258,7 +258,7 @@ static void print_tunnel(const struct l2tp_data *data) + NULL, p->udp6_csum_tx); + + print_bool(PRINT_JSON, "checksum_rx", +- NULL, p->udp6_csum_tx); ++ NULL, p->udp6_csum_rx); + } else { + printf(" UDP checksum: %s%s%s%s\n", + p->udp6_csum_tx && p->udp6_csum_rx +-- +2.23.0 + diff --git a/backport-lib-bpf_legacy-fix-missing-socket-close-when-connect.patch b/backport-lib-bpf_legacy-fix-missing-socket-close-when-connect.patch new file mode 100644 index 0000000000000000000000000000000000000000..ef23e1a096058886f959933299ca9e38414a9db5 --- /dev/null +++ b/backport-lib-bpf_legacy-fix-missing-socket-close-when-connect.patch @@ -0,0 +1,103 @@ +From e1ad689545a0a2a798869cb95de7dbe4b138bdae Mon Sep 17 00:00:00 2001 +From: Andrea Claudi +Date: Mon, 19 Apr 2021 15:49:57 +0200 +Subject: [PATCH] lib: bpf_legacy: fix missing socket close when connect() + fails + +In functions bpf_{send,recv}_map_fds(), when connect fails after a +socket is successfully opened, we return with error missing a close on +the socket. + +Fix this closing the socket if opened and using a single return point +for both the functions. + +Fixes: 6256f8c9e45f ("tc, bpf: finalize eBPF support for cls and act front-end") +Signed-off-by: Andrea Claudi +Signed-off-by: Stephen Hemminger +Conflict: rename bpf_legacy.c +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=e1ad689545a0a2a798869cb95de7dbe4b138bdae + +--- + lib/bpf.c | 21 +++++++++++++-------- + 1 file changed, 13 insertions(+), 8 deletions(-) + +diff --git a/lib/bpf.c b/lib/bpf.c +index 23cb0d9..397803f 100644 +--- a/lib/bpf.c ++++ b/lib/bpf.c +@@ -3100,13 +3100,13 @@ int bpf_send_map_fds(const char *path, const char *obj) + .st = &ctx->stat, + .obj = obj, + }; +- int fd, ret; ++ int fd, ret = -1; + + fd = socket(AF_UNIX, SOCK_DGRAM, 0); + if (fd < 0) { + fprintf(stderr, "Cannot open socket: %s\n", + strerror(errno)); +- return -1; ++ goto out; + } + + strlcpy(addr.sun_path, path, sizeof(addr.sun_path)); +@@ -3115,7 +3115,7 @@ int bpf_send_map_fds(const char *path, const char *obj) + if (ret < 0) { + fprintf(stderr, "Cannot connect to %s: %s\n", + path, strerror(errno)); +- return -1; ++ goto out; + } + + ret = bpf_map_set_send(fd, &addr, sizeof(addr), &bpf_aux, +@@ -3125,7 +3125,9 @@ int bpf_send_map_fds(const char *path, const char *obj) + path, strerror(errno)); + + bpf_maps_teardown(ctx); +- close(fd); ++out: ++ if (fd >= 0) ++ close(fd); + return ret; + } + +@@ -3133,13 +3135,13 @@ int bpf_recv_map_fds(const char *path, int *fds, struct bpf_map_aux *aux, + unsigned int entries) + { + struct sockaddr_un addr = { .sun_family = AF_UNIX }; +- int fd, ret; ++ int fd, ret = -1; + + fd = socket(AF_UNIX, SOCK_DGRAM, 0); + if (fd < 0) { + fprintf(stderr, "Cannot open socket: %s\n", + strerror(errno)); +- return -1; ++ goto out; + } + + strlcpy(addr.sun_path, path, sizeof(addr.sun_path)); +@@ -3148,7 +3150,7 @@ int bpf_recv_map_fds(const char *path, int *fds, struct bpf_map_aux *aux, + if (ret < 0) { + fprintf(stderr, "Cannot bind to socket: %s\n", + strerror(errno)); +- return -1; ++ goto out; + } + + ret = bpf_map_set_recv(fd, fds, aux, entries); +@@ -3157,7 +3159,10 @@ int bpf_recv_map_fds(const char *path, int *fds, struct bpf_map_aux *aux, + path, strerror(errno)); + + unlink(addr.sun_path); +- close(fd); ++out: ++ if (fd >= 0) { ++ close(fd); ++ } + return ret; + } + #endif /* HAVE_ELF */ +-- +2.23.0 + diff --git a/backport-lib-fs-avoid-double-call-to-mkdir-on-make_path.patch b/backport-lib-fs-avoid-double-call-to-mkdir-on-make_path.patch new file mode 100644 index 0000000000000000000000000000000000000000..248b9257f009ef130f0442c7a0193d57616fa88d --- /dev/null +++ b/backport-lib-fs-avoid-double-call-to-mkdir-on-make_path.patch @@ -0,0 +1,37 @@ +From 1de363b1800c371037ff2b2a6c1004627e58f68e Mon Sep 17 00:00:00 2001 +From: Andrea Claudi +Date: Mon, 22 Feb 2021 19:14:31 +0100 +Subject: [PATCH] lib/fs: avoid double call to mkdir on make_path() + +make_path() function calls mkdir two times in a row. The first one it +stores mkdir return code, and then it calls it again to check for errno. + +This seems unnecessary, as we can use the return code from the first +call and check for errno if not 0. + +Fixes: ac3415f5c1b1d ("lib/fs: Fix and simplify make_path()") +Acked-by: Phil Sutter +Signed-off-by: Andrea Claudi +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=1de363b1800c371037ff2b2a6c1004627e58f68e +--- + lib/fs.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/fs.c b/lib/fs.c +index 4b90a704..2ae506ec 100644 +--- a/lib/fs.c ++++ b/lib/fs.c +@@ -253,7 +253,7 @@ int make_path(const char *path, mode_t mode) + *delim = '\0'; + + rc = mkdir(dir, mode); +- if (mkdir(dir, mode) != 0 && errno != EEXIST) { ++ if (rc && errno != EEXIST) { + fprintf(stderr, "mkdir failed for %s: %s\n", + dir, strerror(errno)); + goto out; +-- +2.23.0 + diff --git a/backport-libnetlink-fix-socket-leak-in-rtnl_open_byproto.patch b/backport-libnetlink-fix-socket-leak-in-rtnl_open_byproto.patch new file mode 100644 index 0000000000000000000000000000000000000000..002a09ce5f6d8ddc7740daa31d81e9f17aa12574 --- /dev/null +++ b/backport-libnetlink-fix-socket-leak-in-rtnl_open_byproto.patch @@ -0,0 +1,75 @@ +From f8beda6e00e57b8f875442351f91e5c01530ad8e Mon Sep 17 00:00:00 2001 +From: Maxim Petrov +Date: Tue, 8 Feb 2022 20:20:45 +0300 +Subject: [PATCH] libnetlink: fix socket leak in rtnl_open_byproto() + +rtnl_open_byproto() does not close the opened socket in case of +errors, and the socket is returned to the caller in the `fd` field of +the struct. However, none of the callers care about the socket, so +close it in the function immediately to avoid any potential resource +leaks. + +Signed-off-by: Maxim Petrov +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=f8beda6e00e +--- + lib/libnetlink.c | 15 +++++++++------ + 1 file changed, 9 insertions(+), 6 deletions(-) + +diff --git a/lib/libnetlink.c b/lib/libnetlink.c +index 7e977a67..6d1b1187 100644 +--- a/lib/libnetlink.c ++++ b/lib/libnetlink.c +@@ -210,13 +210,13 @@ int rtnl_open_byproto(struct rtnl_handle *rth, unsigned int subscriptions, + if (setsockopt(rth->fd, SOL_SOCKET, SO_SNDBUF, + &sndbuf, sizeof(sndbuf)) < 0) { + perror("SO_SNDBUF"); +- return -1; ++ goto err; + } + + if (setsockopt(rth->fd, SOL_SOCKET, SO_RCVBUF, + &rcvbuf, sizeof(rcvbuf)) < 0) { + perror("SO_RCVBUF"); +- return -1; ++ goto err; + } + + /* Older kernels may no support extended ACK reporting */ +@@ -230,25 +230,28 @@ int rtnl_open_byproto(struct rtnl_handle *rth, unsigned int subscriptions, + if (bind(rth->fd, (struct sockaddr *)&rth->local, + sizeof(rth->local)) < 0) { + perror("Cannot bind netlink socket"); +- return -1; ++ goto err; + } + addr_len = sizeof(rth->local); + if (getsockname(rth->fd, (struct sockaddr *)&rth->local, + &addr_len) < 0) { + perror("Cannot getsockname"); +- return -1; ++ goto err; + } + if (addr_len != sizeof(rth->local)) { + fprintf(stderr, "Wrong address length %d\n", addr_len); +- return -1; ++ goto err; + } + if (rth->local.nl_family != AF_NETLINK) { + fprintf(stderr, "Wrong address family %d\n", + rth->local.nl_family); +- return -1; ++ goto err; + } + rth->seq = time(NULL); + return 0; ++err: ++ rtnl_close(rth); ++ return -1; + } + + int rtnl_open(struct rtnl_handle *rth, unsigned int subscriptions) +-- +2.23.0 + diff --git a/backport-lnstat-fix-buffer-overflow-in-header-output.patch b/backport-lnstat-fix-buffer-overflow-in-header-output.patch new file mode 100644 index 0000000000000000000000000000000000000000..12a1c3d81831cebef9e5e5cf8020e2f739a384ee --- /dev/null +++ b/backport-lnstat-fix-buffer-overflow-in-header-output.patch @@ -0,0 +1,39 @@ +From be31c2648487596f23096278dacd86bf88305a14 Mon Sep 17 00:00:00 2001 +From: jiangheng" +Date: Wed, 17 Nov 2021 13:41:10 -0800 +Subject: lnstat: fix buffer overflow in header output + +Running lnstat will cause core dump from reading past end of array. + +Segmentation fault (core dumped) + +The maximum value of th.num_lines is HDR_LINES(10), h should not be equal to th.num_lines, array th.hdr may be out of bounds. + +Signed-off-by jiangheng +Signed-off-by: Stephen Hemminger + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=be31c2648487596f23096278dacd86bf88305a14 + +--- + misc/lnstat.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/misc/lnstat.c b/misc/lnstat.c +index 89cb0e7e2..98904d45e 100644 +--- a/misc/lnstat.c ++++ b/misc/lnstat.c +@@ -210,8 +210,9 @@ static struct table_hdr *build_hdr_string(struct lnstat_file *lnstat_files, + } + ofs += width+1; + } ++ + /* fill in spaces */ +- for (h = 1; h <= th.num_lines; h++) { ++ for (h = 1; h < th.num_lines; h++) { + for (i = 0; i < ofs; i++) { + if (th.hdr[h][i] == '\0') + th.hdr[h][i] = ' '; +-- +cgit 1.2.3-korg + diff --git a/backport-lnstat-fix-strdup-leak-in-w-argument-parsing.patch b/backport-lnstat-fix-strdup-leak-in-w-argument-parsing.patch new file mode 100644 index 0000000000000000000000000000000000000000..e0815a35fde5da33f15872bdceadfced9c5045e9 --- /dev/null +++ b/backport-lnstat-fix-strdup-leak-in-w-argument-parsing.patch @@ -0,0 +1,32 @@ +From cc143bda6bcec20d073f42162f06dde8998551d4 Mon Sep 17 00:00:00 2001 +From: Maxim Petrov +Date: Tue, 15 Feb 2022 23:53:47 +0300 +Subject: [PATCH] lnstat: fix strdup leak in -w argument parsing + +'tmp' string is used for safe tokenizing, but it is not required after +getting all the widths in -w option. As 'tmp' string is obtained by strdup +call, the caller has to deallocate it to avoid memory leak. + +Signed-off-by: Maxim Petrov +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=cc143bda6bc +--- + misc/lnstat.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/misc/lnstat.c b/misc/lnstat.c +index 98904d45..c3293a8e 100644 +--- a/misc/lnstat.c ++++ b/misc/lnstat.c +@@ -331,6 +331,7 @@ int main(int argc, char **argv) + for (i = 0; i < MAX_FIELDS; i++) + fp.params[i].print.width = len; + } ++ free(tmp); + break; + default: + usage(argv[0], 1); +-- +2.23.0 + diff --git a/backport-nexthop-fix-error-reporting-in-filter-dump.patch b/backport-nexthop-fix-error-reporting-in-filter-dump.patch new file mode 100644 index 0000000000000000000000000000000000000000..97742c31a5e408215579b8818592dff2a1221ca6 --- /dev/null +++ b/backport-nexthop-fix-error-reporting-in-filter-dump.patch @@ -0,0 +1,43 @@ +From d9b868436a6fce8986560178c6d1a78072e21861 Mon Sep 17 00:00:00 2001 +From: Andrea Claudi +Date: Tue, 10 Mar 2020 13:15:17 +0100 +Subject: nexthop: fix error reporting in filter dump + +nh_dump_filter is missing a return value check in two cases. +Fix this simply adding an assignment to the proper variable. + +Fixes: 63df8e8543b03 ("Add support for nexthop objects") +Signed-off-by: Andrea Claudi +Reviewed-by: David Ahern +Signed-off-by: Stephen Hemminger + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=d9b868436a6fce8986560178c6d1a78072e21861 + +--- + ip/ipnexthop.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ip/ipnexthop.c b/ip/ipnexthop.c +index 9f860c8ce..99f89630e 100644 +--- a/ip/ipnexthop.c ++++ b/ip/ipnexthop.c +@@ -59,13 +59,13 @@ static int nh_dump_filter(struct nlmsghdr *nlh, int reqlen) + } + + if (filter.groups) { +- addattr_l(nlh, reqlen, NHA_GROUPS, NULL, 0); ++ err = addattr_l(nlh, reqlen, NHA_GROUPS, NULL, 0); + if (err) + return err; + } + + if (filter.master) { +- addattr32(nlh, reqlen, NHA_MASTER, filter.master); ++ err = addattr32(nlh, reqlen, NHA_MASTER, filter.master); + if (err) + return err; + } +-- +cgit 1.2.3-korg + diff --git a/backport-nexthop-fix-memory-leak-in-add_nh_group_attr.patch b/backport-nexthop-fix-memory-leak-in-add_nh_group_attr.patch new file mode 100644 index 0000000000000000000000000000000000000000..f0330970177b489b4d702f75a4b43ccff4349c5f --- /dev/null +++ b/backport-nexthop-fix-memory-leak-in-add_nh_group_attr.patch @@ -0,0 +1,74 @@ +From 6a2c51da993ab9f8b385ee2bf13814f8e8000ce5 Mon Sep 17 00:00:00 2001 +From: Andrea Claudi +Date: Wed, 14 Apr 2021 00:50:45 +0200 +Subject: [PATCH] nexthop: fix memory leak in add_nh_group_attr() + +grps is dinamically allocated with a calloc, and not freed in a return +path in the for cycle. This commit fix it. + +While at it, make the function use a single return point. + +Fixes: 63df8e8543b0 ("Add support for nexthop objects") +Signed-off-by: Andrea Claudi +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=6a2c51da993ab9f8b385ee2bf13814f8e8000ce5 +--- + ip/ipnexthop.c | 14 +++++++++----- + 1 file changed, 9 insertions(+), 5 deletions(-) + +diff --git a/ip/ipnexthop.c b/ip/ipnexthop.c +index 20cde586..f0658a9c 100644 +--- a/ip/ipnexthop.c ++++ b/ip/ipnexthop.c +@@ -277,8 +277,9 @@ int print_nexthop(struct nlmsghdr *n, void *arg) + + static int add_nh_group_attr(struct nlmsghdr *n, int maxlen, char *argv) + { +- struct nexthop_grp *grps; ++ struct nexthop_grp *grps = NULL; + int count = 0, i; ++ int err = -1; + char *sep, *wsep; + + if (*argv != '\0') +@@ -292,11 +293,11 @@ static int add_nh_group_attr(struct nlmsghdr *n, int maxlen, char *argv) + } + + if (count == 0) +- return -1; ++ goto out; + + grps = calloc(count, sizeof(*grps)); + if (!grps) +- return -1; ++ goto out; + + for (i = 0; i < count; ++i) { + sep = strchr(argv, '/'); +@@ -308,7 +309,7 @@ static int add_nh_group_attr(struct nlmsghdr *n, int maxlen, char *argv) + *wsep = '\0'; + + if (get_unsigned(&grps[i].id, argv, 0)) +- return -1; ++ goto out; + if (wsep) { + unsigned int w; + +@@ -324,7 +325,12 @@ static int add_nh_group_attr(struct nlmsghdr *n, int maxlen, char *argv) + argv = sep + 1; + } + +- return addattr_l(n, maxlen, NHA_GROUP, grps, count * sizeof(*grps)); ++ err = addattr_l(n, maxlen, NHA_GROUP, grps, count * sizeof(*grps)); ++out: ++ if (grps != NULL) { ++ free(grps); ++ } ++ return err; + } + + static int ipnh_modify(int cmd, unsigned int flags, int argc, char **argv) +-- +2.23.0 + diff --git a/backport-nstat-print-useful-error-messages-in-abort-cases.patch b/backport-nstat-print-useful-error-messages-in-abort-cases.patch new file mode 100644 index 0000000000000000000000000000000000000000..3aa9cfc7679a3a4312fbc16784ab87c53d080e7f --- /dev/null +++ b/backport-nstat-print-useful-error-messages-in-abort-cases.patch @@ -0,0 +1,117 @@ +From 2c7056ac26412fe99443a283f0c1261cb81ccea2 Mon Sep 17 00:00:00 2001 +From: Andrea Claudi +Date: Mon, 17 Feb 2020 14:46:18 +0100 +Subject: nstat: print useful error messages in abort() cases +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +When nstat temporary file is corrupted or in some other corner cases, +nstat use abort() to stop its execution. This can puzzle some users, +wondering what is the reason for the crash. + +This commit replaces abort() with some meaningful error messages and exit() + +Reported-by: Renaud Métrich +Signed-off-by: Andrea Claudi +Signed-off-by: Stephen Hemminger + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=2c7056ac26412fe99443a283f0c1261cb81ccea2 + +--- + misc/nstat.c | 47 +++++++++++++++++++++++++++++++++-------------- + 1 file changed, 33 insertions(+), 14 deletions(-) + +diff --git a/misc/nstat.c b/misc/nstat.c +index 23113b223..425e75ef4 100644 +--- a/misc/nstat.c ++++ b/misc/nstat.c +@@ -142,14 +142,19 @@ static void load_good_table(FILE *fp) + } + /* idbuf is as big as buf, so this is safe */ + nr = sscanf(buf, "%s%llu%lg", idbuf, &val, &rate); +- if (nr < 2) +- abort(); ++ if (nr < 2) { ++ fprintf(stderr, "%s:%d: error parsing history file\n", ++ __FILE__, __LINE__); ++ exit(-2); ++ } + if (nr < 3) + rate = 0; + if (useless_number(idbuf)) + continue; +- if ((n = malloc(sizeof(*n))) == NULL) +- abort(); ++ if ((n = malloc(sizeof(*n))) == NULL) { ++ perror("nstat: malloc"); ++ exit(-1); ++ } + n->id = strdup(idbuf); + n->val = val; + n->rate = rate; +@@ -190,8 +195,11 @@ static void load_ugly_table(FILE *fp) + int count1, count2, skip = 0; + + p = strchr(buf, ':'); +- if (!p) +- abort(); ++ if (!p) { ++ fprintf(stderr, "%s:%d: error parsing history file\n", ++ __FILE__, __LINE__); ++ exit(-2); ++ } + count1 = count_spaces(buf); + *p = 0; + idbuf[0] = 0; +@@ -211,8 +219,10 @@ static void load_ugly_table(FILE *fp) + strncat(idbuf, p, sizeof(idbuf) - off - 1); + } + n = malloc(sizeof(*n)); +- if (!n) +- abort(); ++ if (!n) { ++ perror("nstat: malloc"); ++ exit(-1); ++ } + n->id = strdup(idbuf); + n->rate = 0; + n->next = db; +@@ -221,18 +231,27 @@ static void load_ugly_table(FILE *fp) + } + n = db; + nread = getline(&buf, &buflen, fp); +- if (nread == -1) +- abort(); ++ if (nread == -1) { ++ fprintf(stderr, "%s:%d: error parsing history file\n", ++ __FILE__, __LINE__); ++ exit(-2); ++ } + count2 = count_spaces(buf); + if (count2 > count1) + skip = count2 - count1; + do { + p = strrchr(buf, ' '); +- if (!p) +- abort(); ++ if (!p) { ++ fprintf(stderr, "%s:%d: error parsing history file\n", ++ __FILE__, __LINE__); ++ exit(-2); ++ } + *p = 0; +- if (sscanf(p+1, "%llu", &n->val) != 1) +- abort(); ++ if (sscanf(p+1, "%llu", &n->val) != 1) { ++ fprintf(stderr, "%s:%d: error parsing history file\n", ++ __FILE__, __LINE__); ++ exit(-2); ++ } + /* Trick to skip "dummy" trailing ICMP MIB in 2.4 */ + if (skip) + skip--; +-- +cgit 1.2.3-korg + diff --git a/backport-q_cake-Make-fwmark-uint-instead-of-int.patch b/backport-q_cake-Make-fwmark-uint-instead-of-int.patch new file mode 100644 index 0000000000000000000000000000000000000000..e8841a611213fa0d1d82be1fe4cc24c55d4c267b --- /dev/null +++ b/backport-q_cake-Make-fwmark-uint-instead-of-int.patch @@ -0,0 +1,72 @@ +From 6f883f168cf9e1f3be208a10d671a54d781e75a5 Mon Sep 17 00:00:00 2001 +From: Odin Ugedal +Date: Wed, 15 Apr 2020 16:39:34 +0200 +Subject: q_cake: Make fwmark uint instead of int +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This will help avoid overflow, since setting it to 0xffffffff would +result in -1 when converted to integer, resulting in being "-1", setting +the fwmark to 0x00. + +Signed-off-by: Odin Ugedal +Acked-by: Toke Høiland-Jørgensen +Signed-off-by: Stephen Hemminger + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=6f883f168cf9e1f3be208a10d671a54d781e75a5 + +--- + tc/q_cake.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/tc/q_cake.c b/tc/q_cake.c +index 3c78b1767..9ebb270c1 100644 +--- a/tc/q_cake.c ++++ b/tc/q_cake.c +@@ -97,6 +97,7 @@ static int cake_parse_opt(struct qdisc_util *qu, int argc, char **argv, + unsigned int interval = 0; + unsigned int diffserv = 0; + unsigned int memlimit = 0; ++ unsigned int fwmark = 0; + unsigned int target = 0; + __u64 bandwidth = 0; + int ack_filter = -1; +@@ -107,7 +108,6 @@ static int cake_parse_opt(struct qdisc_util *qu, int argc, char **argv, + int autorate = -1; + int ingress = -1; + int overhead = 0; +- int fwmark = -1; + int wash = -1; + int nat = -1; + int atm = -1; +@@ -335,15 +335,12 @@ static int cake_parse_opt(struct qdisc_util *qu, int argc, char **argv, + return -1; + } + } else if (strcmp(*argv, "fwmark") == 0) { +- unsigned int fwm; +- + NEXT_ARG(); +- if (get_u32(&fwm, *argv, 0)) { ++ if (get_u32(&fwmark, *argv, 0)) { + fprintf(stderr, + "Illegal value for \"fwmark\": \"%s\"\n", *argv); + return -1; + } +- fwmark = fwm; + } else if (strcmp(*argv, "help") == 0) { + explain(); + return -1; +@@ -388,7 +385,7 @@ static int cake_parse_opt(struct qdisc_util *qu, int argc, char **argv, + if (memlimit) + addattr_l(n, 1024, TCA_CAKE_MEMORY, &memlimit, + sizeof(memlimit)); +- if (fwmark != -1) ++ if (fwmark) + addattr_l(n, 1024, TCA_CAKE_FWMARK, &fwmark, + sizeof(fwmark)); + if (nat != -1) +-- +cgit 1.2.3-korg + diff --git a/backport-q_cake-allow-changing-to-diffserv3.patch b/backport-q_cake-allow-changing-to-diffserv3.patch new file mode 100644 index 0000000000000000000000000000000000000000..cdf6a6dcc62766b199f139c96efdaaf46a04f931 --- /dev/null +++ b/backport-q_cake-allow-changing-to-diffserv3.patch @@ -0,0 +1,50 @@ +From eb4206ecd0342ff92b1a85b7dae3d4fd1b5be1c6 Mon Sep 17 00:00:00 2001 +From: Kevin Bracey +Date: Thu, 6 Jan 2022 13:16:04 +0200 +Subject: [PATCH] q_cake: allow changing to diffserv3 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +A diffserv3 option (enum value 0) was never sent to the kernel, so it +was not possible to use "tc qdisc change" to select it. + +This also meant that were also relying on the kernel's default being +diffserv3 when adding. If the default were to change, we wouldn't have +been able to request diffserv3 explicitly. + +Signed-off-by: Kevin Bracey +Acked-by: Toke Høiland-Jørgensen +Signed-off-by: Stephen Hemminger +Conflict: remove fwmark variable declaration +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=eb4206ecd0342ff92b1a85b7dae3d4fd1b5be1c6 + +--- + tc/q_cake.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/tc/q_cake.c b/tc/q_cake.c +index c791428..cf630c8 100644 +--- a/tc/q_cake.c ++++ b/tc/q_cake.c +@@ -95,7 +95,7 @@ static int cake_parse_opt(struct qdisc_util *qu, int argc, char **argv, + bool overhead_override = false; + bool overhead_set = false; + unsigned int interval = 0; +- unsigned int diffserv = 0; ++ int diffserv = -1; + unsigned int memlimit = 0; + unsigned int fwmark = 0; + unsigned int target = 0; +@@ -357,7 +357,7 @@ static int cake_parse_opt(struct qdisc_util *qu, int argc, char **argv, + if (bandwidth || unlimited) + addattr_l(n, 1024, TCA_CAKE_BASE_RATE64, &bandwidth, + sizeof(bandwidth)); +- if (diffserv) ++ if (diffserv != -1) + addattr_l(n, 1024, TCA_CAKE_DIFFSERV_MODE, &diffserv, + sizeof(diffserv)); + if (atm != -1) +-- +2.23.0 + diff --git a/backport-rdma-stat-fix-return-code.patch b/backport-rdma-stat-fix-return-code.patch new file mode 100644 index 0000000000000000000000000000000000000000..534d4780bb9e148eda419126de0aa2c81756b2ca --- /dev/null +++ b/backport-rdma-stat-fix-return-code.patch @@ -0,0 +1,35 @@ +From c8216fabe8d9df3db38283cca1b6caeca033f9b9 Mon Sep 17 00:00:00 2001 +From: Andrea Claudi +Date: Sun, 18 Apr 2021 14:56:30 +0200 +Subject: [PATCH] rdma: stat: fix return code + +libmnl defines MNL_CB_OK as 1 and MNL_CB_ERROR as -1. rdma uses these +return codes, and stat_qp_show_parse_cb() should do the same. + +Fixes: 16ce4d23661a ("rdma: stat: initialize ret in stat_qp_show_parse_cb()") +Reported-by: Leon Romanovsky +Signed-off-by: Andrea Claudi +Acked-by: Leon Romanovsky +Signed-off-by: Stephen Hemminger +Conflict: ret value is random +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=c8216fabe8d9df3db38283cca1b6caeca033f9b9 +--- + rdma/stat.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/rdma/stat.c b/rdma/stat.c +index 3abedae7..8edf7bf1 100644 +--- a/rdma/stat.c ++++ b/rdma/stat.c +@@ -307,7 +307,7 @@ static int stat_qp_show_parse_cb(const struct nlmsghdr *nlh, void *data) + struct rd *rd = data; + const char *name; + uint32_t idx; +- int ret; ++ int ret = MNL_CB_OK; + + mnl_attr_parse(nlh, 0, rd_attr_cb, tb); + if (!tb[RDMA_NLDEV_ATTR_DEV_INDEX] || !tb[RDMA_NLDEV_ATTR_DEV_NAME] || +-- +2.23.0 + diff --git a/backport-tc-e_bpf-fix-memory-leak-in-parse_bpf.patch b/backport-tc-e_bpf-fix-memory-leak-in-parse_bpf.patch new file mode 100644 index 0000000000000000000000000000000000000000..7b54b4edf13da0de746f38c841c4b15c87bffbba --- /dev/null +++ b/backport-tc-e_bpf-fix-memory-leak-in-parse_bpf.patch @@ -0,0 +1,34 @@ +From 932fe3453f39503b5689912d7e0b01ac2b03e7a0 Mon Sep 17 00:00:00 2001 +From: Andrea Claudi +Date: Mon, 19 Apr 2021 15:36:57 +0200 +Subject: [PATCH] tc: e_bpf: fix memory leak in parse_bpf() + +envp_run is dinamically allocated with a malloc, and not freed in the +out: return path. This commit fix it. + +Signed-off-by: Andrea Claudi +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=932fe3453f39503b5689912d7e0b01ac2b03e7a0 +--- + tc/e_bpf.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/tc/e_bpf.c b/tc/e_bpf.c +index a48393b7..517ee5b3 100644 +--- a/tc/e_bpf.c ++++ b/tc/e_bpf.c +@@ -159,7 +159,9 @@ static int parse_bpf(struct exec_util *eu, int argc, char **argv) + + envp_run[env_num - 1] = NULL; + out: +- return execvpe(argv_run[0], argv_run, envp_run); ++ ret = execvpe(argv_run[0], argv_run, envp_run); ++ free(envp_run); ++ return ret; + + err_free_env: + for (--i; i >= env_old; i--) +-- +2.23.0 + diff --git a/backport-tc-em_u32-fix-offset-parsing.patch b/backport-tc-em_u32-fix-offset-parsing.patch new file mode 100644 index 0000000000000000000000000000000000000000..c66b2eb3ab9aab7dec86154743ad044e13750612 --- /dev/null +++ b/backport-tc-em_u32-fix-offset-parsing.patch @@ -0,0 +1,63 @@ +From b84fc3321c6adaf76f36cf7ef0e17389bdf31500 Mon Sep 17 00:00:00 2001 +From: Andrea Claudi +Date: Fri, 6 May 2022 22:11:46 +0200 +Subject: [PATCH] tc: em_u32: fix offset parsing + +tc u32 ematch offset parsing might fail even if nexthdr offset is +aligned to 4. The issue can be reproduced with the following script: + +tc qdisc del dev dummy0 root +tc qdisc add dev dummy0 root handle 1: htb r2q 1 default 1 +tc class add dev dummy0 parent 1:1 classid 1:108 htb quantum 1000000 \ + rate 1.00mbit ceil 10.00mbit burst 6k + +while true; do +if ! tc filter add dev dummy0 protocol all parent 1: prio 1 basic match \ + "meta(vlan mask 0xfff eq 1)" and "u32(u32 0x20011002 0xffffffff \ + at nexthdr+8)" flowid 1:108; then + exit 0 +fi +done + +which we expect to produce an endless loop. +With the current code, instead, this ends with: + +u32: invalid offset alignment, must be aligned to 4. +... meta(vlan mask 0xfff eq 1) and >>u32(u32 0x20011002 0xffffffff at nexthdr+8)<< ... +... u32(u32 0x20011002 0xffffffff at >>nexthdr+8<<)... +Usage: u32(ALIGN VALUE MASK at [ nexthdr+ ] OFFSET) +where: ALIGN := { u8 | u16 | u32 } + +Example: u32(u16 0x1122 0xffff at nexthdr+4) +Illegal "ematch" + +This is caused by memcpy copying into buf an unterminated string. + +Fix it using strncpy instead of memcpy. + +Fixes: commit 311b41454dc4 ("Add new extended match files.") +Reported-by: Alfred Yang +Signed-off-by: Andrea Claudi +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=b84fc3321c +--- + tc/em_u32.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tc/em_u32.c b/tc/em_u32.c +index bc284af4..ea2bf882 100644 +--- a/tc/em_u32.c ++++ b/tc/em_u32.c +@@ -84,7 +84,7 @@ static int u32_parse_eopt(struct nlmsghdr *n, struct tcf_ematch_hdr *hdr, + char buf[a->len - nh_len + 1]; + + offmask = -1; +- memcpy(buf, a->data + nh_len, a->len - nh_len); ++ strncpy(buf, a->data + nh_len, a->len - nh_len + 1); + offset = strtoul(buf, NULL, 0); + } else if (!bstrcmp(a, "nexthdr+")) { + a = bstr_next(a); +-- +2.23.0 + diff --git a/backport-tc-flower-Fix-buffer-overflow-on-large-labels.patch b/backport-tc-flower-Fix-buffer-overflow-on-large-labels.patch new file mode 100644 index 0000000000000000000000000000000000000000..9421a415729beb761d11c206cb256e9726c6be12 --- /dev/null +++ b/backport-tc-flower-Fix-buffer-overflow-on-large-labels.patch @@ -0,0 +1,38 @@ +From 73590d9573148804034a88ceb2f6b7ca1545561f Mon Sep 17 00:00:00 2001 +From: Paul Blakey +Date: Sun, 5 Dec 2021 15:20:25 +0200 +Subject: [PATCH] tc: flower: Fix buffer overflow on large labels + +Buffer is 64bytes, but label printing can take 66bytes printing +in hex, and will overflow when setting the string delimiter ('\0'). + +Fix that by increasing the print buffer size. + +Example of overflowing ct_label: +ct_label 11111111111111111111111111111111/11111111111111111111111111111111 + +Fixes: 2fffb1c03056 ("tc: flower: Add matching on conntrack info") +Signed-off-by: Paul Blakey +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=73590d9573148804034a88ceb2f6b7ca1545561f +--- + tc/f_flower.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tc/f_flower.c b/tc/f_flower.c +index 7f78195..6d70b92 100644 +--- a/tc/f_flower.c ++++ b/tc/f_flower.c +@@ -2195,7 +2195,7 @@ static void flower_print_ct_label(struct rtattr *attr, + const unsigned char *str; + bool print_mask = false; + int data_len, i; +- SPRINT_BUF(out); ++ char out[128]; + char *p; + + if (!attr) +-- +1.8.3.1 + diff --git a/backport-tc-m_action-check-cookie-hex-string-len.patch b/backport-tc-m_action-check-cookie-hex-string-len.patch new file mode 100644 index 0000000000000000000000000000000000000000..e883bbcf27ad472103405282a7459490e6d9e07a --- /dev/null +++ b/backport-tc-m_action-check-cookie-hex-string-len.patch @@ -0,0 +1,36 @@ +From 0149dabf2a1bad2f210ca2d987b29083247b7bd0 Mon Sep 17 00:00:00 2001 +From: Jiri Pirko +Date: Mon, 27 Apr 2020 08:10:55 +0200 +Subject: tc: m_action: check cookie hex string len + +Check the cookie hex string len is dividable by 2 as the valid hex +string always should be. + +Reported-by: Alex Kushnarov +Signed-off-by: Jiri Pirko +Signed-off-by: Stephen Hemminger + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=0149dabf2a1bad2f210ca2d987b29083247b7bd0 + +--- + tc/m_action.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/tc/m_action.c b/tc/m_action.c +index 108329db2..b41782de9 100644 +--- a/tc/m_action.c ++++ b/tc/m_action.c +@@ -291,7 +291,8 @@ done0: + invarg(cookie_err_m, *argv); + } + +- if (hex2mem(*argv, act_ck, slen / 2) < 0) ++ if (slen % 2 || ++ hex2mem(*argv, act_ck, slen / 2) < 0) + invarg("cookie must be a hex string\n", + *argv); + +-- +cgit 1.2.3-korg + diff --git a/backport-tc-m_estimator-Print-proper-value-for-estimator-interval-in-raw.patch b/backport-tc-m_estimator-Print-proper-value-for-estimator-interval-in-raw.patch new file mode 100644 index 0000000000000000000000000000000000000000..327772416609ea972d1feec5f76a77805249622d --- /dev/null +++ b/backport-tc-m_estimator-Print-proper-value-for-estimator-interval-in-raw.patch @@ -0,0 +1,46 @@ +From 66702fb9baf277b2eb6d44a7983d5333ca2a0a2c Mon Sep 17 00:00:00 2001 +From: Jamie Gloudon +Date: Fri, 17 Jul 2020 11:05:30 -0400 +Subject: tc/m_estimator: Print proper value for estimator interval in raw. + +While looking at the estimator code, I noticed an incorrect interval +number printed in raw for the handles. This patch fixes the formatting. + +Before patch: + +root@bytecenter.fr:~# tc -r filter add dev eth0 ingress estimator +250ms 999ms matchall action police avrate 12mbit conform-exceed drop +[estimator i=4294967294 e=2] + +After patch: + +root@bytecenter.fr:~# tc -r filter add dev eth0 ingress estimator +250ms 999ms matchall action police avrate 12mbit conform-exceed drop +[estimator i=-2 e=2] + +Signed-off-by: Jamie Gloudon +Signed-off-by: Stephen Hemminger + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=66702fb9baf277b2eb6d44a7983d5333ca2a0a2c + +--- + tc/m_estimator.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tc/m_estimator.c b/tc/m_estimator.c +index ef62e1bba..b5f4c860c 100644 +--- a/tc/m_estimator.c ++++ b/tc/m_estimator.c +@@ -57,7 +57,7 @@ int parse_estimator(int *p_argc, char ***p_argv, struct tc_estimator *est) + return -1; + } + if (show_raw) +- fprintf(stderr, "[estimator i=%u e=%u]\n", est->interval, est->ewma_log); ++ fprintf(stderr, "[estimator i=%hhd e=%u]\n", est->interval, est->ewma_log); + *p_argc = argc; + *p_argv = argv; + return 0; +-- +cgit 1.2.3-korg + diff --git a/backport-tc-u32-Fix-key-folding-in-sample-option.patch b/backport-tc-u32-Fix-key-folding-in-sample-option.patch new file mode 100644 index 0000000000000000000000000000000000000000..5de023e0774ddc933597fbf57e11b6d8a218f0ff --- /dev/null +++ b/backport-tc-u32-Fix-key-folding-in-sample-option.patch @@ -0,0 +1,58 @@ +From 9b7ea92b9e3feff2876f772ace01148b7406839c Mon Sep 17 00:00:00 2001 +From: Phil Sutter +Date: Wed, 4 Aug 2021 11:18:28 +0200 +Subject: tc: u32: Fix key folding in sample option + +In between Linux kernel 2.4 and 2.6, key folding for hash tables changed +in kernel space. When iproute2 dropped support for the older algorithm, +the wrong code was removed and kernel 2.4 folding method remained in +place. To get things functional for recent kernels again, restoring the +old code alone was not sufficient - additional byteorder fixes were +needed. + +While being at it, make use of ffs() and thereby align the code with how +kernel determines the shift width. + +Fixes: 267480f55383c ("Backout the 2.4 utsname hash patch.") +Signed-off-by: Phil Sutter +Signed-off-by: Stephen Hemminger + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=9b7ea92b9e3feff2876f772ace01148b7406839c + +--- + tc/f_u32.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/tc/f_u32.c b/tc/f_u32.c +index 2ed5254a4..a5747f671 100644 +--- a/tc/f_u32.c ++++ b/tc/f_u32.c +@@ -978,6 +978,13 @@ show_k: + goto show_k; + } + ++static __u32 u32_hash_fold(struct tc_u32_key *key) ++{ ++ __u8 fshift = key->mask ? ffs(ntohl(key->mask)) - 1 : 0; ++ ++ return ntohl(key->val & key->mask) >> fshift; ++} ++ + static int u32_parse_opt(struct filter_util *qu, char *handle, + int argc, char **argv, struct nlmsghdr *n) + { +@@ -1110,9 +1117,7 @@ static int u32_parse_opt(struct filter_util *qu, char *handle, + } + NEXT_ARG(); + } +- hash = sel2.sel.keys[0].val & sel2.sel.keys[0].mask; +- hash ^= hash >> 16; +- hash ^= hash >> 8; ++ hash = u32_hash_fold(&sel2.keys[0]); + htid = ((hash % divisor) << 12) | (htid & 0xFFF00000); + sample_ok = 1; + continue; +-- +cgit 1.2.3-korg + diff --git a/backport-tc_util-Fix-parsing-action-control-with-space-and-sl.patch b/backport-tc_util-Fix-parsing-action-control-with-space-and-sl.patch new file mode 100644 index 0000000000000000000000000000000000000000..1a939961b2c854920f62cfba132ba63ce5730b82 --- /dev/null +++ b/backport-tc_util-Fix-parsing-action-control-with-space-and-sl.patch @@ -0,0 +1,54 @@ +From 7f70eb2a8b2c451683c801b23b25f34071a8882f Mon Sep 17 00:00:00 2001 +From: Roi Dayan +Date: Thu, 3 Feb 2022 14:20:46 +0200 +Subject: [PATCH] tc_util: Fix parsing action control with space and slash + +For action police there is an conform-exceed action control +which can be for example "jump 2 / pipe". +The current parsing loop is doing one more iteration than necessary +and results in ok var being 3. + +Example filter: + +tc filter add dev enp8s0f0_0 ingress protocol ip prio 2 flower \ + verbose action police rate 100mbit burst 12m \ + conform-exceed jump 1 / pipe mirred egress redirect dev enp8s0f0_1 action drop + +Before this change the command will fail. +Trying to add another "pipe" before mirred as a workaround for the stopping the loop +in ok var 3 resulting in result2 not being saved and wrong filter. + +... conform-exceed jump 1 / pipe pipe mirred ... + +Example dump of the action part: +... action order 1: police 0x1 rate 100Mbit burst 12Mb mtu 2Kb action jump 1 overhead 0b ... + +Fix the behavior by removing redundant case 2 handling, either argc is over or breaking. + +Example dump of the action part with the fix: +... action order 1: police 0x1 rate 100Mbit burst 12Mb mtu 2Kb action jump 1/pipe overhead 0b ... + +Signed-off-by: Roi Dayan +Reviewed-by: Maor Dickman +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=7f70eb2a8b2 +--- + tc/tc_util.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/tc/tc_util.c b/tc/tc_util.c +index 48065897..b82dbd5d 100644 +--- a/tc/tc_util.c ++++ b/tc/tc_util.c +@@ -476,7 +476,6 @@ static int parse_action_control_slash_spaces(int *argc_p, char ***argv_p, + NEXT_ARG(); + /* fall-through */ + case 0: /* fall-through */ +- case 2: + ret = parse_action_control(&argc, &argv, + result_p, allow_num); + if (ret) +-- +2.23.0 + diff --git a/backport-tc_util-detect-overflow-in-get_size.patch b/backport-tc_util-detect-overflow-in-get_size.patch new file mode 100644 index 0000000000000000000000000000000000000000..f12fe7769ed5f4f9de6bbe20da2c765fbceb87b9 --- /dev/null +++ b/backport-tc_util-detect-overflow-in-get_size.patch @@ -0,0 +1,44 @@ +From e07c57e94e27d2f15bfb9de4db7ca3ab9d9368ed Mon Sep 17 00:00:00 2001 +From: Odin Ugedal +Date: Thu, 16 Apr 2020 16:08:14 +0200 +Subject: tc_util: detect overflow in get_size + +This detects overflow during parsing of value using get_size: + +eg. running: + +$ tc qdisc add dev lo root cake memlimit 11gb + +currently gives a memlimit of "3072Mb", while with this patch it errors +with 'illegal value for "memlimit": "11gb"', since memlinit is an +unsigned integer. + +Signed-off-by: Odin Ugedal +Signed-off-by: Stephen Hemminger + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=e07c57e94e27d2f15bfb9de4db7ca3ab9d9368ed + +--- + tc/tc_util.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/tc/tc_util.c b/tc/tc_util.c +index 5f13d729b..68938fb0c 100644 +--- a/tc/tc_util.c ++++ b/tc/tc_util.c +@@ -385,6 +385,11 @@ int get_size(unsigned int *size, const char *str) + } + + *size = sz; ++ ++ /* detect if an overflow happened */ ++ if (*size != floor(sz)) ++ return -1; ++ + return 0; + } + +-- +cgit 1.2.3-korg + diff --git a/backport-tipc-bail-out-if-algname-is-abnormally-long.patch b/backport-tipc-bail-out-if-algname-is-abnormally-long.patch new file mode 100644 index 0000000000000000000000000000000000000000..d1526d1354712bfad07b8514ec0a76fa665b0460 --- /dev/null +++ b/backport-tipc-bail-out-if-algname-is-abnormally-long.patch @@ -0,0 +1,49 @@ +From 93c267bfb49267fd94f68c3d014fc5909645de06 Mon Sep 17 00:00:00 2001 +From: Andrea Claudi +Date: Sat, 1 May 2021 18:32:29 +0200 +Subject: tipc: bail out if algname is abnormally long + +tipc segfaults when called with an abnormally long algname: + +$ tipc node set key 0x1234 algname supercalifragilistichespiralidososupercalifragilistichespiralidoso +*** buffer overflow detected ***: terminated + +Fix this returning an error if provided algname is longer than +TIPC_AEAD_ALG_NAME. + +Fixes: 24bee3bf9752 ("tipc: add new commands to set TIPC AEAD key") +Signed-off-by: Andrea Claudi +Signed-off-by: David Ahern + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=93c267bfb49267fd94f68c3d014fc5909645de06 + +--- + tipc/node.c | 9 +++++++-- + 1 file changed, 7 insertions(+), 2 deletions(-) + +diff --git a/tipc/node.c b/tipc/node.c +index ae75bfff7..bf592a074 100644 +--- a/tipc/node.c ++++ b/tipc/node.c +@@ -236,10 +236,15 @@ get_ops: + + /* Get algorithm name, default: "gcm(aes)" */ + opt_algname = get_opt(opts, "algname"); +- if (!opt_algname) ++ if (!opt_algname) { + strcpy(input.key.alg_name, "gcm(aes)"); +- else ++ } else { ++ if (strlen(opt_algname->val) > TIPC_AEAD_ALG_NAME) { ++ fprintf(stderr, "error, invalid algname\n"); ++ return -EINVAL; ++ } + strcpy(input.key.alg_name, opt_algname->val); ++ } + + /* Get node identity */ + opt_nodeid = get_opt(opts, "nodeid"); +-- +cgit 1.2.3-korg + diff --git a/backport-tipc-bail-out-if-key-is-abnormally-long.patch b/backport-tipc-bail-out-if-key-is-abnormally-long.patch new file mode 100644 index 0000000000000000000000000000000000000000..98331ffc9150bcced4651b722dc926bc200a7765 --- /dev/null +++ b/backport-tipc-bail-out-if-key-is-abnormally-long.patch @@ -0,0 +1,41 @@ +From 28ee49e5153b02698f100ad4e390fe700f7bcf32 Mon Sep 17 00:00:00 2001 +From: Andrea Claudi +Date: Sat, 1 May 2021 18:32:30 +0200 +Subject: tipc: bail out if key is abnormally long + +tipc segfaults when called with an abnormally long key: + +$ tipc node set key 0123456789abcdef0123456789abcdef0123456789abcdef +*** buffer overflow detected ***: terminated + +Fix this returning an error if key length is longer than +TIPC_AEAD_KEYLEN_MAX. + +Fixes: 24bee3bf9752 ("tipc: add new commands to set TIPC AEAD key") +Signed-off-by: Andrea Claudi +Signed-off-by: David Ahern + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=28ee49e5153b02698f100ad4e390fe700f7bcf32 + +--- + tipc/misc.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/tipc/misc.c b/tipc/misc.c +index 1daf3072a..909975d8b 100644 +--- a/tipc/misc.c ++++ b/tipc/misc.c +@@ -113,6 +113,9 @@ int str2key(char *str, struct tipc_aead_key *key) + } + } + ++ if (len > TIPC_AEAD_KEYLEN_MAX) ++ return -1; ++ + /* Obtain key: */ + if (!ishex) { + key->keylen = len; +-- +cgit 1.2.3-korg + diff --git a/backport-utils-Fix-BIT-to-support-up-to-64-bits-on-all-architectures.patch b/backport-utils-Fix-BIT-to-support-up-to-64-bits-on-all-architectures.patch new file mode 100644 index 0000000000000000000000000000000000000000..38a80e1ac15f8e65008232c00eeda58abe4529e2 --- /dev/null +++ b/backport-utils-Fix-BIT-to-support-up-to-64-bits-on-all-architectures.patch @@ -0,0 +1,45 @@ +From 4ac0383a598d4bddf13cbd8272f0ea7711614b79 Mon Sep 17 00:00:00 2001 +From: Ben Hutchings +Date: Tue, 29 Jun 2021 01:24:46 +0200 +Subject: utils: Fix BIT() to support up to 64 bits on all architectures + +devlink and vdpa use BIT() together with 64-bit flag fields. devlink +is already using bit numbers greater than 31 and so does not work +correctly on 32-bit architectures. + +Fix this by making BIT() use uint64_t instead of unsigned long. + +Signed-off-by: Ben Hutchings +Signed-off-by: Stephen Hemminger + +Conflict:NA +Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=4ac0383a598d4bddf13cbd8272f0ea7711614b79 + +--- + include/utils.h | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/include/utils.h b/include/utils.h +index 187444d52..70db9f609 100644 +--- a/include/utils.h ++++ b/include/utils.h +@@ -8,6 +8,7 @@ + #include + #include + #include ++#include + + #ifdef HAVE_LIBBSD + #include +@@ -264,7 +265,7 @@ void print_nlmsg_timestamp(FILE *fp, const struct nlmsghdr *n); + unsigned int print_name_and_link(const char *fmt, + const char *name, struct rtattr *tb[]); + +-#define BIT(nr) (1UL << (nr)) ++#define BIT(nr) (UINT64_C(1) << (nr)) + + #define ARRAY_SIZE(x) (sizeof(x) / sizeof((x)[0])) + +-- +cgit 1.2.3-korg + diff --git a/bugfix-iproute-support-assume-default-route.patch b/bugfix-iproute-support-assume-default-route.patch new file mode 100644 index 0000000000000000000000000000000000000000..8cee6295594ef0aeca3567d5875618479330f2c8 --- /dev/null +++ b/bugfix-iproute-support-assume-default-route.patch @@ -0,0 +1,25 @@ +From e2e13e8d97f88895af7a9ef5fd5c8e792e1ea7ea Mon Sep 17 00:00:00 2001 +From: Li Shang +Date: Wed, 4 Mar 2020 15:27:47 +0800 + +--- + ip/iproute.c | 3 --- + 1 file changed, 3 deletions(-) + +diff --git a/ip/iproute.c b/ip/iproute.c +index 32bb52d..12fcd7d 100644 +--- a/ip/iproute.c ++++ b/ip/iproute.c +@@ -1497,9 +1497,6 @@ static int iproute_modify(int cmd, unsigned int flags, int argc, char **argv) + argc--; argv++; + } + +- if (!dst_ok) +- usage(); +- + if (d) { + int idx = ll_name_to_index(d); + +-- +2.19.1 + diff --git a/bugfix-iproute2-cancel-some-test-cases.patch b/bugfix-iproute2-cancel-some-test-cases.patch new file mode 100644 index 0000000000000000000000000000000000000000..5c9788a355fb6e0b8e244db6c1bc2c21412b3604 --- /dev/null +++ b/bugfix-iproute2-cancel-some-test-cases.patch @@ -0,0 +1,164 @@ +From 6295c753ea657f99ebe2fa58b3185003727ed272 Mon Sep 17 00:00:00 2001 +From: rpm-build +Date: Sat, 27 May 2023 08:59:47 +0800 +Subject: [PATCH] cancel some test cases that failed due to host configure + +--- + Makefile | 6 ----- + testsuite/tests/ip/link/add_type_xfrm.t | 32 ----------------------- + testsuite/tests/ip/netns/set_nsid.t | 22 ---------------- + testsuite/tests/ip/netns/set_nsid_batch.t | 18 ------------- + testsuite/tests/tc/dsmark.t | 31 ---------------------- + 5 files changed, 109 deletions(-) + delete mode 100755 testsuite/tests/ip/link/add_type_xfrm.t + delete mode 100755 testsuite/tests/ip/netns/set_nsid.t + delete mode 100755 testsuite/tests/ip/netns/set_nsid_batch.t + delete mode 100755 testsuite/tests/tc/dsmark.t + +diff --git a/Makefile b/Makefile +index 0b79b1f..67b4a2c 100644 +--- a/Makefile ++++ b/Makefile +@@ -110,12 +110,6 @@ distclean: clobber + check: all + $(MAKE) -C testsuite + $(MAKE) -C testsuite alltests +- @if command -v man >/dev/null 2>&1; then \ +- echo "Checking manpages for syntax errors..."; \ +- $(MAKE) -C man check; \ +- else \ +- echo "man not installed, skipping checks for syntax errors."; \ +- fi + + cscope: + cscope -b -q -R -Iinclude -sip -slib -smisc -snetem -stc +diff --git a/testsuite/tests/ip/link/add_type_xfrm.t b/testsuite/tests/ip/link/add_type_xfrm.t +deleted file mode 100755 +index 78ce28e..0000000 +--- a/testsuite/tests/ip/link/add_type_xfrm.t ++++ /dev/null +@@ -1,32 +0,0 @@ +-#!/bin/sh +- +-. lib/generic.sh +- +-ts_log "[Testing Add XFRM Interface, With IF-ID]" +- +-PHYS_DEV="lo" +-NEW_DEV="$(rand_dev)" +-IF_ID="0xf" +- +-ts_ip "$0" "Add $NEW_DEV xfrm interface" link add dev $NEW_DEV type xfrm dev $PHYS_DEV if_id $IF_ID +- +-ts_ip "$0" "Show $NEW_DEV xfrm interface" -d link show dev $NEW_DEV +-test_on "$NEW_DEV" +-test_on "if_id $IF_ID" +- +-ts_ip "$0" "Del $NEW_DEV xfrm interface" link del dev $NEW_DEV +- +- +-ts_log "[Testing Add XFRM Interface, No IF-ID]" +- +-PHYS_DEV="lo" +-NEW_DEV="$(rand_dev)" +-IF_ID="0xf" +- +-ts_ip "$0" "Add $NEW_DEV xfrm interface" link add dev $NEW_DEV type xfrm dev $PHYS_DEV +- +-ts_ip "$0" "Show $NEW_DEV xfrm interface" -d link show dev $NEW_DEV +-test_on "$NEW_DEV" +-test_on_not "if_id $IF_ID" +- +-ts_ip "$0" "Del $NEW_DEV xfrm interface" link del dev $NEW_DEV +diff --git a/testsuite/tests/ip/netns/set_nsid.t b/testsuite/tests/ip/netns/set_nsid.t +deleted file mode 100755 +index 8f8c779..0000000 +--- a/testsuite/tests/ip/netns/set_nsid.t ++++ /dev/null +@@ -1,22 +0,0 @@ +-#!/bin/sh +- +-. lib/generic.sh +- +-ts_log "[Testing netns nsid]" +- +-NS=testnsid +-NSID=99 +- +-ts_ip "$0" "Add new netns $NS" netns add $NS +-ts_ip "$0" "Set $NS nsid to $NSID" netns set $NS $NSID +- +-ts_ip "$0" "List netns" netns list +-test_on "$NS \(id: $NSID\)" +- +-ts_ip "$0" "List netns without explicit list or show" netns +-test_on "$NS \(id: $NSID\)" +- +-ts_ip "$0" "List nsid" netns list-id +-test_on "$NSID \(iproute2 netns name: $NS\)" +- +-ts_ip "$0" "Delete netns $NS" netns del $NS +diff --git a/testsuite/tests/ip/netns/set_nsid_batch.t b/testsuite/tests/ip/netns/set_nsid_batch.t +deleted file mode 100755 +index 196fd4b..0000000 +--- a/testsuite/tests/ip/netns/set_nsid_batch.t ++++ /dev/null +@@ -1,18 +0,0 @@ +-#!/bin/sh +- +-. lib/generic.sh +- +-ts_log "[Testing netns nsid in batch mode]" +- +-NS=testnsid +-NSID=99 +-BATCHFILE=`mktemp` +- +-echo "netns add $NS" >> $BATCHFILE +-echo "netns set $NS $NSID" >> $BATCHFILE +-echo "netns list-id" >> $BATCHFILE +-ts_ip "$0" "Add ns, set nsid and list in batch mode" -b $BATCHFILE +-test_on "nsid $NSID \(iproute2 netns name: $NS\)" +-rm -f $BATCHFILE +- +-ts_ip "$0" "Delete netns $NS" netns del $NS +diff --git a/testsuite/tests/tc/dsmark.t b/testsuite/tests/tc/dsmark.t +deleted file mode 100755 +index 3f1d5ef..0000000 +--- a/testsuite/tests/tc/dsmark.t ++++ /dev/null +@@ -1,31 +0,0 @@ +-#!/bin/sh +-# vim: ft=sh +- +-. lib/generic.sh +- +-ts_qdisc_available "dsmark" +-if [ $? -eq 0 ]; then +- ts_log "dsmark: Unsupported by $TC, skipping" +- exit 127 +-fi +- +-ts_tc "dsmark" "dsmark root qdisc creation" \ +- qdisc add dev $DEV root handle 10:0 \ +- dsmark indices 64 default_index 1 set_tc_index +- +-ts_tc "dsmark" "dsmark class 1 creation" \ +- class change dev $DEV parent 10:0 classid 10:12 \ +- dsmark mask 0xff value 2 +- +-ts_tc "dsmark" "dsmark class 2 creation" \ +- class change dev $DEV parent 10:0 classid 10:13 \ +- dsmark mask 0xfc value 4 +- +-ts_tc "dsmark" "dsmark dump qdisc" \ +- qdisc list dev $DEV +- +-ts_tc "dsmark" "dsmark dump class" \ +- class list dev $DEV parent 10:0 +- +-ts_tc "dsmark" "generic qdisc tree deletion" \ +- qdisc del dev $DEV root +-- +2.27.0 + diff --git a/bugfix-iproute2-change-proc-to-ipnetnsproc-which-is-private.patch b/bugfix-iproute2-change-proc-to-ipnetnsproc-which-is-private.patch index bcd9ce7485d768a71fbb01b47af7c4ac2a7383c4..c3eab86dbec7d8eb5f5f7391650728e7ddd06932 100644 --- a/bugfix-iproute2-change-proc-to-ipnetnsproc-which-is-private.patch +++ b/bugfix-iproute2-change-proc-to-ipnetnsproc-which-is-private.patch @@ -16,9 +16,8 @@ Signed-off-by: Minhua Chen --- ip/ipnetns.c | 72 +++++++++++++++++++++++++++++++++++++++++++++++++++++------- 1 file changed, 64 insertions(+), 8 deletions(-) - diff --git a/ip/ipnetns.c b/ip/ipnetns.c -index fc58a04..fedc3db 100644 +index 83a9b99..2dde78a 100644 --- a/ip/ipnetns.c +++ b/ip/ipnetns.c @@ -24,6 +24,62 @@ @@ -84,7 +83,7 @@ index fc58a04..fedc3db 100644 static int usage(void) { fprintf(stderr, -@@ -589,10 +645,9 @@ static int netns_pids(int argc, char **argv) +@@ -598,10 +654,9 @@ static int netns_pids(int argc, char **argv) strerror(errno)); return -1; } @@ -97,7 +96,7 @@ index fc58a04..fedc3db 100644 return -1; } while ((entry = readdir(dir))) { -@@ -601,8 +656,7 @@ static int netns_pids(int argc, char **argv) +@@ -610,8 +665,7 @@ static int netns_pids(int argc, char **argv) if (!is_pid(entry->d_name)) continue; @@ -107,7 +106,7 @@ index fc58a04..fedc3db 100644 if (stat(pid_net_path, &st) != 0) continue; if ((st.st_dev == netst.st_dev) && -@@ -625,7 +679,7 @@ int netns_identify_pid(const char *pidstr, char *name, int len) +@@ -634,7 +688,7 @@ int netns_identify_pid(const char *pidstr, char *name, int len) name[0] = '\0'; @@ -116,20 +115,18 @@ index fc58a04..fedc3db 100644 netns = open(net_path, O_RDONLY); if (netns < 0) { fprintf(stderr, "Cannot open network namespace: %s\n", -@@ -856,9 +910,11 @@ static int netns_add(int argc, char **argv, bool create) +@@ -910,9 +964,9 @@ static int netns_add(int argc, char **argv, bool create) + goto out_delete; + } + +- strcpy(proc_path, "/proc/self/ns/net"); ++ snprintf(proc_path, sizeof(proc_path), "/%s/self/ns/net", get_proc_string()); + } else { +- snprintf(proc_path, sizeof(proc_path), "/proc/%d/ns/net", pid); ++ snprintf(proc_path, sizeof(proc_path), "/%s/%d/ns/net", get_proc_string(), pid); } /* Bind the netns last so I can watch for it */ -- if (mount(proc_path, netns_path, "none", MS_BIND, NULL) < 0) { -+ char pid_net_path[MAXPATHLEN]; -+ snprintf(pid_net_path, sizeof(pid_net_path), "%s/self/ns/net", get_proc_string()); -+ if (mount(pid_net_path, netns_path, "none", MS_BIND, NULL) < 0) { - fprintf(stderr, "Bind %s -> %s failed: %s\n", -- proc_path, netns_path, strerror(errno)); -+ pid_net_path, netns_path, strerror(errno)); - goto out_delete; - } - netns_restore(); -- 1.8.3.1 diff --git a/bugfix-routel-shift-bounds-error-due-multicast.patch b/bugfix-routel-shift-bounds-error-due-multicast.patch new file mode 100644 index 0000000000000000000000000000000000000000..b99a5b4d6dade0970a4ebde274c3d53406dbeff6 --- /dev/null +++ b/bugfix-routel-shift-bounds-error-due-multicast.patch @@ -0,0 +1,34 @@ +From 74d88fe354864b73504d75aac50606b0e2e155af Mon Sep 17 00:00:00 2001 +From: jiangjixiang +Date: Mon, 19 Feb 2024 11:46:26 +0800 +Subject: [PATCH] =?UTF-8?q?[BUG#212779]routel=E5=91=BD=E4=BB=A4=E6=8A=A5?= + =?UTF-8?q?=E2=80=9Dshift=E4=BD=8D=E7=A7=BB=E8=B6=8A=E7=95=8C=E2=80=9D?= +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + + 1.routel命令是一个脚本,以更友好的方式输出ip route命令得到的路由表; + 2.当前routel脚本不支持multicast路由,在有multicast路由的机器上会报错; + 3.修改routel脚本,添加对multicast的支持; + +Change-Id: Ib128c3a962c9f5b2b861ba8546d5f48258e60384 +--- + ip/routel | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ip/routel b/source/ip/routel +index 7056886..528e7b9 100755 +--- a/ip/routel ++++ b/ip/routel +@@ -25,7 +25,7 @@ ip route list table "$@" | + src="" + table="" + case $network in +- broadcast|local|unreachable) via=$network ++ broadcast|local|unreachable|multicast) via=$network + network=$1 + shift + ;; +-- +2.25.1 + diff --git a/feature-iproute-add-support-for-ipvlan-l2e-mode.patch b/feature-iproute-add-support-for-ipvlan-l2e-mode.patch new file mode 100644 index 0000000000000000000000000000000000000000..56a163654bc1ffa15a21e8410edae805479bc8cb --- /dev/null +++ b/feature-iproute-add-support-for-ipvlan-l2e-mode.patch @@ -0,0 +1,61 @@ +From 3ea7f5ac296ee5c19459c2bf00fecf98f552a1c5 Mon Sep 17 00:00:00 2001 +From: Feilong Lin +Date: Mon, 2 Mar 2020 20:52:06 +0800 + +--- + include/uapi/linux/if_link.h | 2 +- + ip/iplink_ipvlan.c | 10 +++++----- + 2 files changed, 6 insertions(+), 6 deletions(-) + +diff --git a/include/uapi/linux/if_link.h b/include/uapi/linux/if_link.h +index d36919f..e0556fb 100644 +--- a/include/uapi/linux/if_link.h ++++ b/include/uapi/linux/if_link.h +@@ -494,7 +494,7 @@ enum { + enum ipvlan_mode { + IPVLAN_MODE_L2 = 0, + IPVLAN_MODE_L3, +- IPVLAN_MODE_L3S, ++ IPVLAN_MODE_L2E, + IPVLAN_MODE_MAX + }; + +diff --git a/ip/iplink_ipvlan.c b/ip/iplink_ipvlan.c +index baae767..4c9d8e2 100644 +--- a/ip/iplink_ipvlan.c ++++ b/ip/iplink_ipvlan.c +@@ -23,7 +23,7 @@ static void print_explain(struct link_util *lu, FILE *f) + fprintf(f, + "Usage: ... %s [ mode MODE ] [ FLAGS ]\n" + "\n" +- "MODE: l3 | l3s | l2\n" ++ "MODE: l3 | l2e | l2\n" + "FLAGS: bridge | private | vepa\n" + "(first values are the defaults if nothing is specified).\n", + lu->id); +@@ -45,10 +45,10 @@ static int ipvlan_parse_opt(struct link_util *lu, int argc, char **argv, + mode = IPVLAN_MODE_L2; + else if (strcmp(*argv, "l3") == 0) + mode = IPVLAN_MODE_L3; +- else if (strcmp(*argv, "l3s") == 0) +- mode = IPVLAN_MODE_L3S; ++ else if (strcmp(*argv, "l2e") == 0) ++ mode = IPVLAN_MODE_L2E; + else { +- fprintf(stderr, "Error: argument of \"mode\" must be either \"l2\", \"l3\" or \"l3s\"\n"); ++ fprintf(stderr, "Error: argument of \"mode\" must be either \"l2\", \"l3\" or \"l2e\"\n"); + return -1; + } + addattr16(n, 1024, IFLA_IPVLAN_MODE, mode); +@@ -88,7 +88,7 @@ static void ipvlan_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + __u16 mode = rta_getattr_u16(tb[IFLA_IPVLAN_MODE]); + const char *mode_str = mode == IPVLAN_MODE_L2 ? "l2" : + mode == IPVLAN_MODE_L3 ? "l3" : +- mode == IPVLAN_MODE_L3S ? "l3s" : "unknown"; ++ mode == IPVLAN_MODE_L2E ? "l2e" : "unknown"; + + print_string(PRINT_ANY, "mode", " mode %s ", mode_str); + } +-- +2.19.1 + diff --git a/feature-iproute-limit-operation-ip-netns-del.patch b/feature-iproute-limit-operation-ip-netns-del.patch new file mode 100644 index 0000000000000000000000000000000000000000..4aab12d8a68537013a4cf8b94b5c9d9b579a7270 --- /dev/null +++ b/feature-iproute-limit-operation-ip-netns-del.patch @@ -0,0 +1,108 @@ +From 1513e8162aee3202b99f26fa6c734766b5658db9 Mon Sep 17 00:00:00 2001 +From: Ying Lv +Date: Mon, 2 Mar 2020 18:08:54 +0800 + +--- + ip/ip_common.h | 2 ++ + ip/ipaddress.c | 2 +- + ip/ipnetns.c | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++ + 3 files changed, 54 insertions(+), 1 deletion(-) + +diff --git a/ip/ip_common.h b/ip/ip_common.h +index 879287e..6d10e53 100644 +--- a/ip/ip_common.h ++++ b/ip/ip_common.h +@@ -90,6 +90,8 @@ int iplink_ifla_xstats(int argc, char **argv); + int ip_link_list(req_filter_fn_t filter_fn, struct nlmsg_chain *linfo); + void free_nlmsg_chain(struct nlmsg_chain *info); + ++int store_nlmsg(struct nlmsghdr *n, void *arg); ++ + static inline int rtm_get_table(struct rtmsg *r, struct rtattr **tb) + { + __u32 table = r->rtm_table; +diff --git a/ip/ipaddress.c b/ip/ipaddress.c +index bc8f5ba..cb38db3 100644 +--- a/ip/ipaddress.c ++++ b/ip/ipaddress.c +@@ -1519,7 +1519,7 @@ static int print_selected_addrinfo(struct ifinfomsg *ifi, + } + + +-static int store_nlmsg(struct nlmsghdr *n, void *arg) ++int store_nlmsg(struct nlmsghdr *n, void *arg) + { + struct nlmsg_chain *lchain = (struct nlmsg_chain *)arg; + struct nlmsg_list *h; +diff --git a/ip/ipnetns.c b/ip/ipnetns.c +index fedc3db..e36ca51 100644 +--- a/ip/ipnetns.c ++++ b/ip/ipnetns.c +@@ -754,6 +754,51 @@ static int netns_identify(int argc, char **argv) + return rc; + } + ++static int check_netns_numbers(char *name) { ++ char net_path[MAXPATHLEN]; ++ struct rtnl_handle rth = { .fd = -1 }; ++ struct nlmsg_chain linfo = { NULL, NULL}; ++ struct nlmsg_list *l; ++ int count = 0; ++ int netns; ++ ++ snprintf(net_path, sizeof(net_path), "%s/%s", NETNS_RUN_DIR, name); ++ netns = open(net_path, O_RDONLY | O_CLOEXEC); ++ if (netns < 0) { ++ fprintf(stderr, "Cannot open network namespace \"%s\": %s\n", ++ name, strerror(errno)); ++ exit(1); ++ } ++ ++ if (setns(netns, CLONE_NEWNET) < 0) { ++ fprintf(stderr, "seting the network namespace \"%s\" failed: %s\n", ++ name, strerror(errno)); ++ exit(1); ++ } ++ ++ if (rtnl_open(&rth, 0) < 0) ++ exit(1); ++ ++ if (rtnl_linkdump_req(&rth, AF_PACKET) < 0) { ++ fprintf(stderr, "Cannot send dump request"); ++ exit(1); ++ } ++ ++ if (rtnl_dump_filter(&rth, store_nlmsg, &linfo) < 0) { ++ fprintf(stderr, "Dump terminated\n"); ++ exit(1); ++ } ++ ++ for (l = linfo.head; l; l = l->next) { ++ count++; ++ } ++ free_nlmsg_chain(&linfo); ++ ++ rtnl_close(&rth); ++ close(netns); ++ return count; ++} ++ + static int on_netns_del(char *nsname, void *arg) + { + char netns_path[PATH_MAX]; +@@ -775,6 +820,12 @@ static int netns_delete(int argc, char **argv) + return -1; + } + ++ if (check_netns_numbers(argv[0]) > 1) { ++ fprintf(stderr, "Cannot delete network namespace, there are some NICs" ++ " in %s namespace\n", argv[0]); ++ return -1; ++ } ++ + if (do_all) + return netns_foreach(on_netns_del, NULL); + +-- +2.19.1 + diff --git a/feature-peer_notify_delay-renamed-to-peer_notif_delay.patch b/feature-peer_notify_delay-renamed-to-peer_notif_delay.patch new file mode 100644 index 0000000000000000000000000000000000000000..1f041d8974b144efdefaa567daac71435acc3639 --- /dev/null +++ b/feature-peer_notify_delay-renamed-to-peer_notif_delay.patch @@ -0,0 +1,61 @@ +From dff568963505f9f340a9da5151f1a022650e1498 Mon Sep 17 00:00:00 2001 +From: wangli +Date: Tue, 3 Mar 2020 18:55:29 +0800 +Subject: [PATCH] peer_notify_delay renamed to peer_notif_delay + +--- + ip/iplink_bond.c | 16 ++++++++-------- + 1 file changed, 8 insertions(+), 8 deletions(-) + +diff --git a/ip/iplink_bond.c b/ip/iplink_bond.c +index 585b6be..fb62c95 100644 +--- a/ip/iplink_bond.c ++++ b/ip/iplink_bond.c +@@ -120,7 +120,7 @@ static void print_explain(FILE *f) + "Usage: ... bond [ mode BONDMODE ] [ active_slave SLAVE_DEV ]\n" + " [ clear_active_slave ] [ miimon MIIMON ]\n" + " [ updelay UPDELAY ] [ downdelay DOWNDELAY ]\n" +- " [ peer_notify_delay DELAY ]\n" ++ " [ peer_notif_delay DELAY ]\n" + " [ use_carrier USE_CARRIER ]\n" + " [ arp_interval ARP_INTERVAL ]\n" + " [ arp_validate ARP_VALIDATE ]\n" +@@ -166,7 +166,7 @@ static int bond_parse_opt(struct link_util *lu, int argc, char **argv, + __u8 xmit_hash_policy, num_peer_notif, all_slaves_active; + __u8 lacp_rate, ad_select, tlb_dynamic_lb; + __u16 ad_user_port_key, ad_actor_sys_prio; +- __u32 miimon, updelay, downdelay, peer_notify_delay, arp_interval, arp_validate; ++ __u32 miimon, updelay, downdelay, peer_notif_delay, arp_interval, arp_validate; + __u32 arp_all_targets, resend_igmp, min_links, lp_interval; + __u32 packets_per_slave; + unsigned int ifindex; +@@ -201,11 +201,11 @@ static int bond_parse_opt(struct link_util *lu, int argc, char **argv, + if (get_u32(&downdelay, *argv, 0)) + invarg("invalid downdelay", *argv); + addattr32(n, 1024, IFLA_BOND_DOWNDELAY, downdelay); +- } else if (matches(*argv, "peer_notify_delay") == 0) { ++ } else if (matches(*argv, "peer_notif_delay") == 0) { + NEXT_ARG(); +- if (get_u32(&peer_notify_delay, *argv, 0)) +- invarg("invalid peer_notify_delay", *argv); +- addattr32(n, 1024, IFLA_BOND_PEER_NOTIF_DELAY, peer_notify_delay); ++ if (get_u32(&peer_notif_delay, *argv, 0)) ++ invarg("invalid peer_notif_delay", *argv); ++ addattr32(n, 1024, IFLA_BOND_PEER_NOTIF_DELAY, peer_notif_delay); + } else if (matches(*argv, "use_carrier") == 0) { + NEXT_ARG(); + if (get_u8(&use_carrier, *argv, 0)) +@@ -418,8 +418,8 @@ static void bond_print_opt(struct link_util *lu, FILE *f, struct rtattr *tb[]) + + if (tb[IFLA_BOND_PEER_NOTIF_DELAY]) + print_uint(PRINT_ANY, +- "peer_notify_delay", +- "peer_notify_delay %u ", ++ "peer_notif_delay", ++ "peer_notif_delay %u ", + rta_getattr_u32(tb[IFLA_BOND_PEER_NOTIF_DELAY])); + + if (tb[IFLA_BOND_USE_CARRIER]) +-- +2.19.1 + diff --git a/iproute.spec b/iproute.spec index ee1dabae2fe4e0401459f0510b5c7e1684d594fb..176dd8bb1af7c9ab32fbc900b53302868c943b32 100644 --- a/iproute.spec +++ b/iproute.spec @@ -1,16 +1,71 @@ +#needsrootforbuild Name: iproute -Version: 5.4.0 -Release: 2 +Version: 5.5.0 +Release: 18 Summary: Linux network configuration utilities License: GPLv2+ and Public Domain URL: https://kernel.org/pub/linux/utils/net/iproute2/ Source0: https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/iproute2-%{version}.tar.xz -Patch1: bugfix-iproute2-3.10.0-fix-maddr-show.patch +Patch1: bugfix-iproute2-3.10.0-fix-maddr-show.patch Patch2: bugfix-iproute2-change-proc-to-ipnetnsproc-which-is-private.patch -BuildRequires: gcc bison elfutils-libelf-devel flex iptables-devel libcap-devel -BuildRequires: libdb-devel libmnl-devel libselinux-devel pkgconfig git +Patch6000: backport-nexthop-fix-error-reporting-in-filter-dump.patch +Patch6001: backport-bridge-report-correct-version.patch +Patch6002: backport-q_cake-Make-fwmark-uint-instead-of-int.patch +Patch6003: backport-tc-m_action-check-cookie-hex-string-len.patch +Patch6004: backport-iproute2-fix-MPLS-label-parsing.patch +Patch6005: backport-tc_util-detect-overflow-in-get_size.patch +Patch6006: backport-Revert-bpf-replace-snprintf-with-asprintf-when-dealing-with-long-buffers.patch +Patch6007: backport-tc-m_estimator-Print-proper-value-for-estimator-interval-in-raw.patch +Patch6008: backport-iproute2-ip-maddress-Check-multiaddr-length.patch +Patch6009: backport-iproute2-ip-addr-Organize-flag-properties-structurally.patch +Patch6010: backport-addr-Fix-noprefixroute-and-autojoin-for-IPv4.patch +Patch6011: backport-devlink-fix-memory-leak-in-cmd_dev_flash.patch +Patch6012: backport-lib-fs-avoid-double-call-to-mkdir-on-make_path.patch +Patch6013: backport-devlink-always-check-strslashrsplit-return-value.patch +Patch6014: backport-nexthop-fix-memory-leak-in-add_nh_group_attr.patch +Patch6015: backport-rdma-stat-fix-return-code.patch +Patch6016: backport-ip-drop-2-char-command-assumption.patch +Patch6017: backport-ip-netns-fix-missing-netns-close-on-some-error-paths.patch +Patch6018: backport-lib-bpf_legacy-fix-missing-socket-close-when-connect.patch +Patch6019: backport-tc-e_bpf-fix-memory-leak-in-parse_bpf.patch +Patch6020: backport-tipc-bail-out-if-algname-is-abnormally-long.patch +Patch6021: backport-tipc-bail-out-if-key-is-abnormally-long.patch +Patch6022: backport-utils-Fix-BIT-to-support-up-to-64-bits-on-all-architectures.patch +Patch6023: backport-ipmonitor-Fix-recvmsg-with-ancillary-data.patch +Patch6024: backport-devlink-fix-infinite-loop-on-flash-update-for-drivers-without-status.patch +Patch6025: backport-tc-u32-Fix-key-folding-in-sample-option.patch + +Patch6026: backport-bugfix-iproute2-lib-bpf-fix-bpffs-mount-when-sys-fs-bpf-exist.patch +Patch6027: backport-bugfix-iproute2-tc-f_flower-fix-port-range-parsing.patch +Patch6028: backport-tc-flower-Fix-buffer-overflow-on-large-labels.patch +Patch6029: backport-lnstat-fix-buffer-overflow-in-header-output.patch +Patch6030: backport-q_cake-allow-changing-to-diffserv3.patch + +Patch9002: feature-iproute-limit-operation-ip-netns-del.patch +Patch9003: feature-iproute-add-support-for-ipvlan-l2e-mode.patch +Patch9004: feature-peer_notify_delay-renamed-to-peer_notif_delay.patch +Patch9005: bugfix-iproute-support-assume-default-route.patch +Patch9006: bugfix-iproute2-cancel-some-test-cases.patch + +Patch6031: backport-devlink-fix-devlink-health-dump-command-without-arg.patch +Patch6032: backport-l2tp-fix-typo-in-AF_INET6-checksum-JSON-print.patch +Patch6033: backport-tc-em_u32-fix-offset-parsing.patch +Patch6034: backport-bridge-Fix-memory-leak-when-doing-fdb-get.patch +Patch6035: backport-ip-address-Fix-memory-leak-when-specifying-device.patch +Patch6036: backport-ip-neigh-Fix-memory-leak-when-doing-get.patch +Patch6037: backport-tc_util-Fix-parsing-action-control-with-space-and-sl.patch +Patch6038: backport-lnstat-fix-strdup-leak-in-w-argument-parsing.patch +Patch6039: backport-libnetlink-fix-socket-leak-in-rtnl_open_byproto.patch + +Patch6040: backport-nstat-print-useful-error-messages-in-abort-cases.patch +Patch6041: bugfix-routel-shift-bounds-error-due-multicast.patch + + +BuildRequires: gcc bison elfutils-libelf-devel flex iptables-devel +BuildRequires: libmnl-devel libselinux-devel pkgconfig git make sudo +Requires: %{name}-help Provides: /sbin/ip iproute-tc tc Obsoletes: iproute-tc @@ -37,9 +92,18 @@ Header files for iprout2 %autosetup -n %{name}2-%{version} -p1 -S git %build +export LIBDIR='%{_libdir}' +export IPT_LIB_DIR='/%{_lib}/xtables' %configure %make_build +%check +make check +if test -n "$(find . -name *.err)"; then + echo "make check failed, please check" + exit 1 +fi + %install export CONFDIR='%{_sysconfdir}/iproute2' export SBINDIR='%{_sbindir}' @@ -73,6 +137,168 @@ install -m 0644 lib/libnetlink.a %{buildroot}%{_libdir}/libnetlink.a %{_mandir}/* %changelog +* Mon 19 Feb 2024 jiangjixiang - 5.5.0-18 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:Fix the issue of multicast causing shift out of bounds in the + routel command report. + +* Wed Dec 27 2023 liubo - 5.5.0-17 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:nexthop: fix error reporting in filter dump + bridge: report correct version + q_cake: Make fwmark uint instead of int + tc: m_action: check cookie hex string len + iproute2: fix MPLS label parsing + tc_util: detect overflow in get_size + Revert "bpf: replace snprintf with asprintf when dealing with long buffers" + tc/m_estimator: Print proper value for estimator interval in raw. + iproute2: ip maddress: Check multiaddr length + iproute2: ip addr: Organize flag properties structurally + addr: Fix noprefixroute and autojoin for IPv4 + devlink: fix memory leak in cmd_dev_flash() + tipc: bail out if algname is abnormally long + tipc: bail out if key is abnormally long + utils: Fix BIT() to support up to 64 bits on all architectures + ipmonitor: Fix recvmsg with ancillary data + devlink: fix infinite loop on flash update for drivers without status + tc: u32: Fix key folding in sample option + lnstat: fix buffer overflow in header output + nstat: print useful error messages in abort() cases + +* Thu Dec 14 2023 liubo - 5.5.0-16 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:libnetlink: fix socket leak in rtnl_open_byproto() + lnstat: fix strdup leak in -w argument parsing + tc_util: Fix parsing action control with space and slash + remove libcap dependency + +* Sat May 27 2023 gaoxingwang - 5.5.0-15 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:cancel some test cases that failed due to host configure + +* Mon Mar 20 2023 gaoxingwang - 5.5.0-14 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:enable make check + +* Thu Mar 02 2023 jiangheng - 5.5.0-13 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:fix ip netns attach failed + +* Fri Feb 17 2023 gaoxingwang - 5.5.0-12 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:add BuildRequire for make to fix build failure + +* Mon Oct 10 2022 jiangheng - 5.5.0-11 +- Type:bugfix +- Id:NA +- SUG:NA +- DESC:fix devlink health dump command without arg + tc: em_u32: fix offset parsing + l2tp: fix typo in AF_INET6 checksum JSON print + bridge: fix memory leak when doing fdb get + ip neigh: fix memory leak when doing 'get' + ip address: fix memory leak when specifying device + +* Tue Jan 25 2022 wuchangsheng - 5.5.0-10 +- Type:bugfix +- Id:NA +- SUG:NA +- DESC:tc flowerr Fix buffer overflow on large labels + q_cake allow changing to diffserv3 + +* Tue Nov 16 2021 jiangheng - 5.5.0-9 +- Type:bugfix +- Id:NA +- SUG:NA +- DESC:fix buffer overflow in lnstat command + +* Tue Nov 02 2021 jiangheng - 5.5.0-8 +- Type:bugfix +- Id:NA +- SUG:NA +- DESC:rename patches name + +* Fri Oct 29 2021 chengycehun - 5.5.0-7 +- Type:bugfix +- Id:NA +- SUG:NA +- DESC:lib/bpf:fix bpffs mount when /sys/fs/bpf exists + tc/f_flower:fix port range parsing + +* Sat Jun 26 2021 jiangheng - 5.5.0-6 +- Type:requirement +- Id:NA +- SUG:NA +- DESC:update patch + +* Fri Jan 15 2021 gaihuiying - 5.5.0-5 +- Type:requirement +- Id:NA +- SUG:NA +- DESC:remove libdb-devel dependency + +* Thu Dec 10 2020 zhouyihang - 5.5.0-4 +- Type:bugfix +- Id:NA +- SUG:NA +- DESC:modify fix of get_tc_lib err + +* Mon Nov 09 2020 quanhongfei - 5.5.0-3 +- Type:requirement +- Id:NA +- SUG:NA +- DESC:add iproute-help dependency for iproute + +* Fri Sep 25 2020 zhouyihang - 5.5.0-2 +- Type:bugfix +- Id:NA +- SUG:NA +- DESC:fix get_tc_lib err + +* Fri Apr 17 2020 liaichun - 5.5.0-1 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC:update to 5.5.0-1 + +* Sat Mar 21 2020 liaichun - 5.4.0-6 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC:fix some err information + +* Wed Mar 4 2020 liuzhikang - 5.4.0-5 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC:update patch + +* Wed Mar 4 2020 wangli - 5.4.0-4 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC:peer_notify_delay renamed to peer_notif_delay + +* Mon Mar 2 2020 liuzhikang - 5.4.0-3 +- Type:bugfix +- ID:NA +- SUG:restart +- DESC: update patch + * Mon Jan 20 2020 openEuler Buildteam - 5.4.0-2 - fix maddr show and change proc to ipnetnsproc diff --git a/iproute2-5.4.0.tar.xz b/iproute2-5.4.0.tar.xz deleted file mode 100644 index 806c2f30d577963b0a67b4d59af68d314948ad16..0000000000000000000000000000000000000000 Binary files a/iproute2-5.4.0.tar.xz and /dev/null differ diff --git a/iproute2-5.5.0.tar.xz b/iproute2-5.5.0.tar.xz new file mode 100644 index 0000000000000000000000000000000000000000..ae94554a229ca4294e392481b68356c120686e08 Binary files /dev/null and b/iproute2-5.5.0.tar.xz differ