diff --git a/backport-bridge-Fix-memory-leak-when-doing-fdb-get.patch b/backport-bridge-Fix-memory-leak-when-doing-fdb-get.patch new file mode 100644 index 0000000..051848b --- /dev/null +++ b/backport-bridge-Fix-memory-leak-when-doing-fdb-get.patch @@ -0,0 +1,66 @@ +From 6db01afd60748afbba114be2773be338c5be28ff Mon Sep 17 00:00:00 2001 +From: Benjamin Poirier +Date: Mon, 11 Jul 2022 08:52:51 +0900 +Subject: [PATCH] bridge: Fix memory leak when doing 'fdb get' + +With the following command sequence: + +ip link add br0 up type bridge +ip link add dummy0 up address 02:00:00:00:00:01 master br0 type dummy +bridge fdb get 02:00:00:00:00:01 br br0 + +when running the last command under valgrind, it reports + +32,768 bytes in 1 blocks are definitely lost in loss record 2 of 2 + at 0x483F7B5: malloc (vg_replace_malloc.c:381) + by 0x11C1EC: rtnl_recvmsg (libnetlink.c:838) + by 0x11C4D1: __rtnl_talk_iov.constprop.0 (libnetlink.c:1040) + by 0x11D994: __rtnl_talk (libnetlink.c:1141) + by 0x11D994: rtnl_talk (libnetlink.c:1147) + by 0x10D336: fdb_get (fdb.c:652) + by 0x48907FC: (below main) (libc-start.c:332) + +Free the answer obtained from rtnl_talk(). + +Fixes: 4ed5ad7bd3c6 ("bridge: fdb get support") +Reported-by: Ido Schimmel +Reviewed-by: Ido Schimmel +Signed-off-by: Benjamin Poirier +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=6db01afd60 +--- + bridge/fdb.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) +diff --git a/bridge/fdb.c b/bridge/fdb.c +index 710dfc9..278fe27 100644 +--- a/bridge/fdb.c ++++ b/bridge/fdb.c +@@ -540,6 +540,7 @@ static int fdb_get(int argc, char **argv) + char *addr = NULL; + short vlan = -1; + char *endptr; ++ int ret; + + while (argc > 0) { + if ((strcmp(*argv, "brport") == 0) || strcmp(*argv, "dev") == 0) { +@@ -619,12 +620,14 @@ static int fdb_get(int argc, char **argv) + if (rtnl_talk(&rth, &req.n, &answer) < 0) + return -2; + ++ ret = 0; + if (print_fdb(answer, stdout) < 0) { + fprintf(stderr, "An error :-)\n"); +- return -1; ++ ret = -1; + } ++ free(answer); + +- return 0; ++ return ret; + } + + int do_fdb(int argc, char **argv) +-- +2.23.0 + diff --git a/backport-devlink-fix-devlink-health-dump-command-without-arg.patch b/backport-devlink-fix-devlink-health-dump-command-without-arg.patch new file mode 100644 index 0000000..adc9b8e --- /dev/null +++ b/backport-devlink-fix-devlink-health-dump-command-without-arg.patch @@ -0,0 +1,66 @@ +From e81fd551a1a0ffa7983d25f5e756a5c5b6cb4a9a Mon Sep 17 00:00:00 2001 +From: Jiri Pirko +Date: Tue, 19 Apr 2022 19:15:11 +0200 +Subject: [PATCH] devlink: fix "devlink health dump" command without arg + +Fix bug when user calls "devlink health dump" without "show" or "clear": +$ devlink health dump +Command "(null)" not found + +Put the dump command into a separate helper as it is usual in the rest +of the code. Also, treat no cmd as "show", as it is common for other +devlink objects. + +Fixes: 041e6e651a8e ("devlink: Add devlink health dump show command") +Signed-off-by: Jiri Pirko +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=e81fd551a1 +--- + devlink/devlink.c | 25 ++++++++++++++++++------- + 1 file changed, 18 insertions(+), 7 deletions(-) +diff --git a/devlink/devlink.c b/devlink/devlink.c +index 3abbff6..db74539 100644 +--- a/devlink/devlink.c ++++ b/devlink/devlink.c +@@ -6862,6 +6862,23 @@ static void cmd_health_help(void) + pr_err(" devlink health set DEV reporter REPORTER_NAME { grace_period | auto_recover } { msec | boolean }\n"); + } + ++static int cmd_health_dump(struct dl *dl) ++{ ++ if (dl_argv_match(dl, "help")) { ++ cmd_health_help(); ++ return 0; ++ } else if (dl_argv_match(dl, "show") || ++ dl_argv_match(dl, "list") || dl_no_arg(dl)) { ++ dl_arg_inc(dl); ++ return cmd_health_dump_show(dl); ++ } else if (dl_argv_match(dl, "clear")) { ++ dl_arg_inc(dl); ++ return cmd_health_dump_clear(dl); ++ } ++ pr_err("Command \"%s\" not found\n", dl_argv(dl)); ++ return -ENOENT; ++} ++ + static int cmd_health(struct dl *dl) + { + if (dl_argv_match(dl, "help")) { +@@ -6879,13 +6896,7 @@ static int cmd_health(struct dl *dl) + return cmd_health_diagnose(dl); + } else if (dl_argv_match(dl, "dump")) { + dl_arg_inc(dl); +- if (dl_argv_match(dl, "show")) { +- dl_arg_inc(dl); +- return cmd_health_dump_show(dl); +- } else if (dl_argv_match(dl, "clear")) { +- dl_arg_inc(dl); +- return cmd_health_dump_clear(dl); +- } ++ return cmd_health_dump(dl); + } else if (dl_argv_match(dl, "set")) { + dl_arg_inc(dl); + return cmd_health_set_params(dl); +-- +2.23.0 diff --git a/backport-ip-address-Fix-memory-leak-when-specifying-device.patch b/backport-ip-address-Fix-memory-leak-when-specifying-device.patch new file mode 100644 index 0000000..5c5e87e --- /dev/null +++ b/backport-ip-address-Fix-memory-leak-when-specifying-device.patch @@ -0,0 +1,50 @@ +From 1d540336b026ed5bfe10eefac383db7f434d842f Mon Sep 17 00:00:00 2001 +From: Benjamin Poirier +Date: Mon, 11 Jul 2022 08:52:50 +0900 +Subject: [PATCH] ip address: Fix memory leak when specifying device + +Running a command like `ip addr show dev lo` under valgrind informs us that + +32,768 bytes in 1 blocks are definitely lost in loss record 4 of 4 + at 0x483577F: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so) + by 0x16CBE2: rtnl_recvmsg (libnetlink.c:775) + by 0x16CF04: __rtnl_talk_iov (libnetlink.c:954) + by 0x16E257: __rtnl_talk (libnetlink.c:1059) + by 0x16E257: rtnl_talk (libnetlink.c:1065) + by 0x115CB1: ipaddr_link_get (ipaddress.c:1833) + by 0x11A0D1: ipaddr_list_flush_or_save (ipaddress.c:2030) + by 0x1152EB: do_cmd (ip.c:115) + by 0x114D6F: main (ip.c:321) + +After calling store_nlmsg(), the original buffer should be freed. That is +the pattern used elsewhere through the rtnl_dump_filter() call chain. + +Fixes: 884709785057 ("ip address: Set device index in dump request") +Reported-by: Binu Gopalakrishnapillai +Reviewed-by: Ido Schimmel +Signed-off-by: Benjamin Poirier +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=1d540336b0 +--- + ip/ipaddress.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/ip/ipaddress.c b/ip/ipaddress.c +index a288341c..59ef1e4b 100644 +--- a/ip/ipaddress.c ++++ b/ip/ipaddress.c +@@ -2030,8 +2030,10 @@ static int ipaddr_link_get(int index, struct nlmsg_chain *linfo) + + if (store_nlmsg(answer, linfo) < 0) { + fprintf(stderr, "Failed to process link information\n"); ++ free(answer); + return 1; + } ++ free(answer); + + return 0; + } +-- +2.23.0 + diff --git a/backport-ip-neigh-Fix-memory-leak-when-doing-get.patch b/backport-ip-neigh-Fix-memory-leak-when-doing-get.patch new file mode 100644 index 0000000..32a7ccb --- /dev/null +++ b/backport-ip-neigh-Fix-memory-leak-when-doing-get.patch @@ -0,0 +1,54 @@ +From c5433c4b7a57d380f4cb351316f5ba5ebae9538e Mon Sep 17 00:00:00 2001 +From: Benjamin Poirier +Date: Mon, 11 Jul 2022 08:52:54 +0900 +Subject: [PATCH] ip neigh: Fix memory leak when doing 'get' + +With the following command sequence: + +ip link add dummy0 type dummy +ip neigh add 192.168.0.1 dev dummy0 +ip neigh get 192.168.0.1 dev dummy0 + +when running the last command under valgrind, it reports + +32,768 bytes in 1 blocks are definitely lost in loss record 2 of 2 + at 0x483F7B5: malloc (vg_replace_malloc.c:381) + by 0x17A0EC: rtnl_recvmsg (libnetlink.c:838) + by 0x17A3D1: __rtnl_talk_iov.constprop.0 (libnetlink.c:1040) + by 0x17B894: __rtnl_talk (libnetlink.c:1141) + by 0x17B894: rtnl_talk (libnetlink.c:1147) + by 0x12E49B: ipneigh_get (ipneigh.c:728) + by 0x1174CB: do_cmd (ip.c:136) + by 0x116F7C: main (ip.c:324) + +Free the answer obtained from rtnl_talk(). + +Fixes: 62842362370b ("ipneigh: neigh get support") +Suggested-by: Ido Schimmel +Reviewed-by: Ido Schimmel +Signed-off-by: Benjamin Poirier +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=c5433c4b7a +--- + ip/ipneigh.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/ip/ipneigh.c b/ip/ipneigh.c +index 7facc399..61b0a4a2 100644 +--- a/ip/ipneigh.c ++++ b/ip/ipneigh.c +@@ -731,8 +731,10 @@ static int ipneigh_get(int argc, char **argv) + ipneigh_reset_filter(0); + if (print_neigh(answer, stdout) < 0) { + fprintf(stderr, "An error :-)\n"); ++ free(answer); + return -1; + } ++ free(answer); + + return 0; + } +-- +2.23.0 + diff --git a/backport-l2tp-fix-typo-in-AF_INET6-checksum-JSON-print.patch b/backport-l2tp-fix-typo-in-AF_INET6-checksum-JSON-print.patch new file mode 100644 index 0000000..1834cc6 --- /dev/null +++ b/backport-l2tp-fix-typo-in-AF_INET6-checksum-JSON-print.patch @@ -0,0 +1,35 @@ +From 2bb37e90177cae1b92284a943123b0575505141f Mon Sep 17 00:00:00 2001 +From: Andrea Claudi +Date: Tue, 21 Jun 2022 18:53:08 +0200 +Subject: [PATCH] l2tp: fix typo in AF_INET6 checksum JSON print + +In print_tunnel json output, a typo makes it impossible to know the +value of udp6_csum_rx, printing instead udp6_csum_tx two times. + +Fixed getting rid of the typo. + +Fixes: 98453b65800f ("ip/l2tp: add JSON support") +Signed-off-by: Andrea Claudi +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=2bb37e9017 +--- + ip/ipl2tp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ip/ipl2tp.c b/ip/ipl2tp.c +index 56972358..f1d574de 100644 +--- a/ip/ipl2tp.c ++++ b/ip/ipl2tp.c +@@ -258,7 +258,7 @@ static void print_tunnel(const struct l2tp_data *data) + NULL, p->udp6_csum_tx); + + print_bool(PRINT_JSON, "checksum_rx", +- NULL, p->udp6_csum_tx); ++ NULL, p->udp6_csum_rx); + } else { + printf(" UDP checksum: %s%s%s%s\n", + p->udp6_csum_tx && p->udp6_csum_rx +-- +2.23.0 + diff --git a/backport-tc-em_u32-fix-offset-parsing.patch b/backport-tc-em_u32-fix-offset-parsing.patch new file mode 100644 index 0000000..c66b2eb --- /dev/null +++ b/backport-tc-em_u32-fix-offset-parsing.patch @@ -0,0 +1,63 @@ +From b84fc3321c6adaf76f36cf7ef0e17389bdf31500 Mon Sep 17 00:00:00 2001 +From: Andrea Claudi +Date: Fri, 6 May 2022 22:11:46 +0200 +Subject: [PATCH] tc: em_u32: fix offset parsing + +tc u32 ematch offset parsing might fail even if nexthdr offset is +aligned to 4. The issue can be reproduced with the following script: + +tc qdisc del dev dummy0 root +tc qdisc add dev dummy0 root handle 1: htb r2q 1 default 1 +tc class add dev dummy0 parent 1:1 classid 1:108 htb quantum 1000000 \ + rate 1.00mbit ceil 10.00mbit burst 6k + +while true; do +if ! tc filter add dev dummy0 protocol all parent 1: prio 1 basic match \ + "meta(vlan mask 0xfff eq 1)" and "u32(u32 0x20011002 0xffffffff \ + at nexthdr+8)" flowid 1:108; then + exit 0 +fi +done + +which we expect to produce an endless loop. +With the current code, instead, this ends with: + +u32: invalid offset alignment, must be aligned to 4. +... meta(vlan mask 0xfff eq 1) and >>u32(u32 0x20011002 0xffffffff at nexthdr+8)<< ... +... u32(u32 0x20011002 0xffffffff at >>nexthdr+8<<)... +Usage: u32(ALIGN VALUE MASK at [ nexthdr+ ] OFFSET) +where: ALIGN := { u8 | u16 | u32 } + +Example: u32(u16 0x1122 0xffff at nexthdr+4) +Illegal "ematch" + +This is caused by memcpy copying into buf an unterminated string. + +Fix it using strncpy instead of memcpy. + +Fixes: commit 311b41454dc4 ("Add new extended match files.") +Reported-by: Alfred Yang +Signed-off-by: Andrea Claudi +Signed-off-by: Stephen Hemminger +Conflict: NA +Reference: https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=b84fc3321c +--- + tc/em_u32.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tc/em_u32.c b/tc/em_u32.c +index bc284af4..ea2bf882 100644 +--- a/tc/em_u32.c ++++ b/tc/em_u32.c +@@ -84,7 +84,7 @@ static int u32_parse_eopt(struct nlmsghdr *n, struct tcf_ematch_hdr *hdr, + char buf[a->len - nh_len + 1]; + + offmask = -1; +- memcpy(buf, a->data + nh_len, a->len - nh_len); ++ strncpy(buf, a->data + nh_len, a->len - nh_len + 1); + offset = strtoul(buf, NULL, 0); + } else if (!bstrcmp(a, "nexthdr+")) { + a = bstr_next(a); +-- +2.23.0 + diff --git a/iproute.spec b/iproute.spec index 497b702..0cca433 100644 --- a/iproute.spec +++ b/iproute.spec @@ -1,6 +1,6 @@ Name: iproute Version: 5.5.0 -Release: 10 +Release: 11 Summary: Linux network configuration utilities License: GPLv2+ and Public Domain URL: https://kernel.org/pub/linux/utils/net/iproute2/ @@ -27,6 +27,13 @@ Patch9004: feature-peer_notify_delay-renamed-to-peer_notif_delay.patch Patch9005: bugfix-iproute-support-assume-default-route.patch Patch9006: huawei-lnstat-fix-buffer-overflow-in-lnstat-command.patch +Patch6000: backport-devlink-fix-devlink-health-dump-command-without-arg.patch +Patch6001: backport-l2tp-fix-typo-in-AF_INET6-checksum-JSON-print.patch +Patch6002: backport-tc-em_u32-fix-offset-parsing.patch +Patch6003: backport-bridge-Fix-memory-leak-when-doing-fdb-get.patch +Patch6004: backport-ip-address-Fix-memory-leak-when-specifying-device.patch +Patch6005: backport-ip-neigh-Fix-memory-leak-when-doing-get.patch + BuildRequires: gcc bison elfutils-libelf-devel flex iptables-devel libcap-devel BuildRequires: libmnl-devel libselinux-devel pkgconfig git Requires: %{name}-help @@ -94,6 +101,17 @@ install -m 0644 lib/libnetlink.a %{buildroot}%{_libdir}/libnetlink.a %{_mandir}/* %changelog +* Mon Oct 10 2022 jiangheng - 5.5.0-11 +- Type:bugfix +- Id:NA +- SUG:NA +- DESC:fix devlink health dump command without arg + tc: em_u32: fix offset parsing + l2tp: fix typo in AF_INET6 checksum JSON print + bridge: fix memory leak when doing fdb get + ip neigh: fix memory leak when doing 'get' + ip address: fix memory leak when specifying device + * Tue Jan 25 2022 wuchangsheng - 5.5.0-10 - Type:bugfix - Id:NA