Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v5.13.16 2021-09-03T08:23:08Z 2021-09-03T08:23:08Z Peter Collingbourne pcc@google.com 2021-08-26T19:46:01Z urn:sha1:f8132a4726df98345594d89666f99a33fec3d00a commit d0efb16294d145d157432feda83877ae9d7cdf37 upstream. A common implementation of isatty(3) involves calling a ioctl passing a dummy struct argument and checking whether the syscall failed -- bionic and glibc use TCGETS (passing a struct termios), and musl uses TIOCGWINSZ (passing a struct winsize). If the FD is a socket, we will copy sizeof(struct ifreq) bytes of data from the argument and return -EFAULT if that fails. The result is that the isatty implementations may return a non-POSIX-compliant value in errno in the case where part of the dummy struct argument is inaccessible, as both struct termios and struct winsize are smaller than struct ifreq (at least on arm64). Although there is usually enough stack space following the argument on the stack that this did not present a practical problem up to now, with MTE stack instrumentation it's more likely for the copy to fail, as the memory following the struct may have a different tag. Fix the problem by adding an early check for whether the ioctl is a valid socket ioctl, and return -ENOTTY if it isn't. Fixes: 44c02a2c3dc5 ("dev_ioctl(): move copyin/copyout to callers") Link: https://linux-review.googlesource.com/id/I869da6cf6daabc3e4b7b82ac979683ba05e27d4d Signed-off-by: Peter Collingbourne <pcc@google.com> Cc: <stable@vger.kernel.org> # 4.19 Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2021-04-07T21:43:28Z Andrei Vagin avagin@gmail.com 2021-04-07T06:40:51Z urn:sha1:0854fa82c96ca37a35e954b7079c0bfd795affb1 Here is only one place where we want to specify new_ifindex. In all other cases, callers pass 0 as new_ifindex. It looks reasonable to add a low-level function with new_ifindex and to convert dev_change_net_namespace to a static inline wrapper. Fixes: eeb85a14ee34 ("net: Allow to specify ifindex when device is moved to another namespace") Suggested-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Andrei Vagin <avagin@gmail.com> Acked-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2021-04-05T21:49:40Z Andrei Vagin avagin@gmail.com 2021-04-05T07:12:23Z urn:sha1:eeb85a14ee3494febb85ccfbee0772eda0823b13 Currently, we can specify ifindex on link creation. This change allows to specify ifindex when a device is moved to another network namespace. Even now, a device ifindex can be changed if there is another device with the same ifindex in the target namespace. So this change doesn't introduce completely new behavior, it adds more control to the process. CRIU users want to restore containers with pre-created network devices. A user will provide network devices and instructions where they have to be restored, then CRIU will restore network namespaces and move devices into them. The problem is that devices have to be restored with the same indexes that they have before C/R. Cc: Alexander Mikhalitsyn <alexander.mikhalitsyn@virtuozzo.com> Suggested-by: Christian Brauner <christian.brauner@ubuntu.com> Signed-off-by: Andrei Vagin <avagin@gmail.com> Reviewed-by: Christian Brauner <christian.brauner@ubuntu.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2021-03-25T22:31:22Z David S. Miller davem@davemloft.net 2021-03-25T22:31:22Z urn:sha1:efd13b71a3fa31413f8d15342e01d44b60b0a432 Signed-off-by: David S. Miller <davem@davemloft.net> 2021-03-24T19:48:39Z Felix Fietkau nbd@nbd.name 2021-03-24T01:30:48Z urn:sha1:26267bf9bb57d504c785d8659adc8e02b6629c95 The switch might have already added the VLAN tag through PVID hardware offload. Keep this extra VLAN in the flowtable but skip it on egress. Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2021-03-24T19:48:38Z Felix Fietkau nbd@nbd.name 2021-03-24T01:30:37Z urn:sha1:0994d492a1b78dff96671ccf6ad8294cc2bd909e Add .ndo_fill_forward_path for dsa slave port devices Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2021-03-24T19:48:38Z Felix Fietkau nbd@nbd.name 2021-03-24T01:30:36Z urn:sha1:f6efc675c9dd8d93f826b79ae7e33e03301db609 Pass on the PPPoE session ID, destination hardware address and the real device. Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2021-03-24T19:48:38Z Felix Fietkau nbd@nbd.name 2021-03-24T01:30:35Z urn:sha1:bcf2766b1377421b7c9259865b25c1b62a7fa686 Depending on the VLAN settings of the bridge and the port, the bridge can either add or remove a tag. When vlan filtering is enabled, the fdb lookup also needs to know the VLAN tag/proto for the destination address To provide this, keep track of the stack of VLAN tags for the path in the lookup context Signed-off-by: Felix Fietkau <nbd@nbd.name> Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2021-03-24T19:48:38Z Pablo Neira Ayuso pablo@netfilter.org 2021-03-24T01:30:34Z urn:sha1:ec9d16bab615ceda8ac22a7b4d2c7601bbe172cb Add .ndo_fill_forward_path for bridge devices. Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net> 2021-03-24T19:48:38Z Pablo Neira Ayuso pablo@netfilter.org 2021-03-24T01:30:33Z urn:sha1:e4417d6950b06fe6c520e937b337daff093220ff Add .ndo_fill_forward_path for vlan devices. For instance, assuming the following topology: IP forwarding / \ eth0.100 eth0 | eth0 . . . ethX ab:cd:ef:ab:cd:ef For packets going through IP forwarding to eth0.100 whose destination MAC address is ab:cd:ef:ab:cd:ef, dev_fill_forward_path() provides the following path: eth0.100 -> eth0 Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org> Signed-off-by: David S. Miller <davem@davemloft.net>