!4431 v2 patchset for CVE-2023-52340 (afe6e074) · Commits · EulixOS / Software / Kernel

Documentation/networking/ip-sysctl.rst

+3 −0

Original line number	Diff line number	Diff line
		@@ -125,6 +125,9 @@ route/max_size - INTEGER
		From linux kernel 3.6 onwards, this is deprecated for ipv4
		as route cache is no longer used.

		From linux kernel 6.3 onwards, this is deprecated for ipv6
		as garbage collection manages cached route entries.

		neigh/default/gc_thresh1 - INTEGER
		Minimum number of entries to keep. Garbage collector will not
		purge entries if there are fewer than this number.

include/net/dst_ops.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -17,7 +17,7 @@ struct dst_ops {
		unsigned short family;
		unsigned int gc_thresh;

		int (gc)(struct dst_ops ops);
		KABI_REPLACE(int (gc)(struct dst_ops ops), void (gc)(struct dst_ops ops))
		struct dst_entry * (check)(struct dst_entry , __u32 cookie);
		unsigned int (default_advmss)(const struct dst_entry );
		unsigned int (mtu)(const struct dst_entry );

net/core/dst.c

+2 −6

Original line number	Diff line number	Diff line
		@@ -83,12 +83,8 @@ void dst_alloc(struct dst_ops ops, struct net_device *dev,

		if (ops->gc &&
		!(flags & DST_NOCOUNT) &&
		dst_entries_get_fast(ops) > ops->gc_thresh) {
		if (ops->gc(ops)) {
		pr_notice_ratelimited("Route cache is full: consider increasing sysctl net.ipv6.route.max_size.\n");
		return NULL;
		}
		}
		dst_entries_get_fast(ops) > ops->gc_thresh)
		ops->gc(ops);

		dst = kmem_cache_alloc(ops->kmem_cachep, GFP_ATOMIC);
		if (!dst)

net/ipv6/route.c

+5 −8

Original line number	Diff line number	Diff line
		@@ -89,7 +89,7 @@ static struct dst_entry ip6_negative_advice(struct dst_entry );
		static void ip6_dst_destroy(struct dst_entry *);
		static void ip6_dst_ifdown(struct dst_entry *,
		struct net_device *dev, int how);
		static int ip6_dst_gc(struct dst_ops *ops);
		static void ip6_dst_gc(struct dst_ops *ops);

		static int ip6_pkt_discard(struct sk_buff *skb);
		static int ip6_pkt_discard_out(struct net net, struct sock sk, struct sk_buff *skb);
		@@ -3179,11 +3179,10 @@ struct dst_entry icmp6_dst_alloc(struct net_device dev,
		return dst;
		}

		static int ip6_dst_gc(struct dst_ops *ops)
		static void ip6_dst_gc(struct dst_ops *ops)
		{
		struct net *net = container_of(ops, struct net, ipv6.ip6_dst_ops);
		int rt_min_interval = net->ipv6.sysctl.ip6_rt_gc_min_interval;
		int rt_max_size = net->ipv6.sysctl.ip6_rt_max_size;
		int rt_elasticity = net->ipv6.sysctl.ip6_rt_gc_elasticity;
		int rt_gc_timeout = net->ipv6.sysctl.ip6_rt_gc_timeout;
		unsigned long rt_last_gc = net->ipv6.ip6_rt_last_gc;
		@@ -3191,11 +3190,10 @@ static int ip6_dst_gc(struct dst_ops *ops)
		int entries;

		entries = dst_entries_get_fast(ops);
		if (entries > rt_max_size)
		if (entries > ops->gc_thresh)
		entries = dst_entries_get_slow(ops);

		if (time_after(rt_last_gc + rt_min_interval, jiffies) &&
		entries <= rt_max_size)
		if (time_after(rt_last_gc + rt_min_interval, jiffies))
		goto out;

		fib6_run_gc(atomic_inc_return(&net->ipv6.ip6_rt_gc_expire), net, true);
		@@ -3205,7 +3203,6 @@ static int ip6_dst_gc(struct dst_ops *ops)
		out:
		val = atomic_read(&net->ipv6.ip6_rt_gc_expire);
		atomic_set(&net->ipv6.ip6_rt_gc_expire, val - (val >> rt_elasticity));
		return entries > rt_max_size;
		}

		static int ip6_nh_lookup_table(struct net net, struct fib6_config cfg,
		@@ -6358,7 +6355,7 @@ static int __net_init ip6_route_net_init(struct net *net)
		#endif

		net->ipv6.sysctl.flush_delay = 0;
		net->ipv6.sysctl.ip6_rt_max_size = 4096;
		net->ipv6.sysctl.ip6_rt_max_size = INT_MAX;
		net->ipv6.sysctl.ip6_rt_gc_min_interval = HZ / 2;
		net->ipv6.sysctl.ip6_rt_gc_timeout = 60*HZ;
		net->ipv6.sysctl.ip6_rt_gc_interval = 30*HZ;