Commit f8d3cdf2 authored by Pavel Tikhomirov's avatar Pavel Tikhomirov Committed by Zhengchao Shao
Browse files

netfilter: propagate net to nf_bridge_get_physindev 

mainline inclusion
from mainline-v6.8-rc1
commit a54e72197037d2c9bfcd70dddaac8c8ccb5b41ba
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9Q9CH
CVE: CVE-2024-35839

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a54e72197037d2c9bfcd70dddaac8c8ccb5b41ba



--------------------------------

This is a preparation patch for replacing physindev with physinif on
nf_bridge_info structure. We will use dev_get_by_index_rcu to resolve
device, when needed, and it requires net to be available.

Signed-off-by: default avatarPavel Tikhomirov <ptikhomirov@virtuozzo.com>
Reviewed-by: default avatarSimon Horman <horms@kernel.org>
Signed-off-by: default avatarPablo Neira Ayuso <pablo@netfilter.org>

Conflicts:
	include/net/netfilter/nf_log.h
	net/ipv4/netfilter/nf_log_arp.c
	net/ipv4/netfilter/nf_log_ipv4.c
	net/ipv6/netfilter/nf_log_ipv6.c
	net/netfilter/nf_log_common.c
	net/netfilter/nf_log_syslog.c
	net/netfilter/nf_queue.c
[The conflict occurs because the commit e465cccd("netfilter:
nf_log_common: merge with nf_log_syslog") is not merged]
Signed-off-by: default avatarZhengchao Shao <shaozhengchao@huawei.com>
parent 49cc5038

include/linux/netfilter_bridge.h

+1 −1
Original line number Diff line number Diff line
@@ -56,7 +56,7 @@ static inline int nf_bridge_get_physoutif(const struct sk_buff *skb) 
}



static inline struct net_device *

nf_bridge_get_physindev(const struct sk_buff *skb)

nf_bridge_get_physindev(const struct sk_buff *skb, struct net *net)

{

	const struct nf_bridge_info *nf_bridge = nf_bridge_info_get(skb);

include/net/netfilter/nf_log.h

+1 −1
Original line number Diff line number Diff line
@@ -114,7 +114,7 @@ void nf_log_dump_packet_common(struct nf_log_buf *m, u_int8_t pf, 
			       const struct net_device *in,

			       const struct net_device *out,

			       const struct nf_loginfo *loginfo,

			       const char *prefix);

			       const char *prefix, struct net *net);

void nf_log_l2packet(struct net *net, u_int8_t pf,

		     __be16 protocol,

		     unsigned int hooknum,

net/ipv4/netfilter/nf_log_arp.c

+1 −1
Original line number Diff line number Diff line
@@ -108,7 +108,7 @@ static void nf_log_arp_packet(struct net *net, u_int8_t pf, 
		loginfo = &default_loginfo;



	nf_log_dump_packet_common(m, pf, hooknum, skb, in, out, loginfo,

				  prefix);

				  prefix, net);

	dump_arp_packet(m, loginfo, skb, 0);



	nf_log_buf_close(m);

net/ipv4/netfilter/nf_log_ipv4.c

+1 −1
Original line number Diff line number Diff line
@@ -327,7 +327,7 @@ static void nf_log_ip_packet(struct net *net, u_int8_t pf, 
		loginfo = &default_loginfo;



	nf_log_dump_packet_common(m, pf, hooknum, skb, in,

				  out, loginfo, prefix);

				  out, loginfo, prefix, net);



	if (in != NULL)

		dump_ipv4_mac_header(m, loginfo, skb);

net/ipv4/netfilter/nf_reject_ipv4.c

+1 −1
Original line number Diff line number Diff line
@@ -163,7 +163,7 @@ void nf_send_reset(struct net *net, struct sock *sk, struct sk_buff *oldskb, 
	 * build the eth header using the original destination's MAC as the

	 * source, and send the RST packet directly.

	 */

	br_indev = nf_bridge_get_physindev(oldskb);

	br_indev = nf_bridge_get_physindev(oldskb, net);

	if (br_indev) {

		struct ethhdr *oeth = eth_hdr(oldskb);