diff --git a/patches.suse/net-sched-act_mirred-refactor-the-handle-of-xmit.patch b/patches.suse/net-sched-act_mirred-refactor-the-handle-of-xmit.patch new file mode 100644 index 0000000..0af2471 --- /dev/null +++ b/patches.suse/net-sched-act_mirred-refactor-the-handle-of-xmit.patch @@ -0,0 +1,73 @@ +From: wenxu +Date: Wed, 25 Nov 2020 12:01:22 +0800 +Subject: net/sched: act_mirred: refactor the handle of xmit +Patch-mainline: v5.11-rc1 +Git-commit: fa6d639930ee5cd3f932cc314f3407f07a06582d +References: CVE-2022-4269 bsc#1206024 + +This one is prepare for the next patch. + +Signed-off-by: wenxu +Signed-off-by: Jakub Kicinski +Acked-by: Michal Kubecek + +--- + include/net/sch_generic.h | 5 ----- + net/sched/act_mirred.c | 21 +++++++++++++++------ + 2 files changed, 15 insertions(+), 11 deletions(-) + +--- a/include/net/sch_generic.h ++++ b/include/net/sch_generic.h +@@ -1296,9 +1296,4 @@ void mini_qdisc_pair_swap(struct mini_Qdisc_pair *miniqp, + void mini_qdisc_pair_init(struct mini_Qdisc_pair *miniqp, struct Qdisc *qdisc, + struct mini_Qdisc __rcu **p_miniq); + +-static inline int skb_tc_reinsert(struct sk_buff *skb, struct tcf_result *res) +-{ +- return res->ingress ? netif_receive_skb(skb) : dev_queue_xmit(skb); +-} +- + #endif +--- a/net/sched/act_mirred.c ++++ b/net/sched/act_mirred.c +@@ -207,6 +207,18 @@ static int tcf_mirred_init(struct net *net, struct nlattr *nla, + return err; + } + ++static int tcf_mirred_forward(bool want_ingress, struct sk_buff *skb) ++{ ++ int err; ++ ++ if (!want_ingress) ++ err = dev_queue_xmit(skb); ++ else ++ err = netif_receive_skb(skb); ++ ++ return err; ++} ++ + static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, + struct tcf_result *res) + { +@@ -291,18 +303,15 @@ static int tcf_mirred_act(struct sk_buff *skb, const struct tc_action *a, + /* let's the caller reinsert the packet, if possible */ + if (use_reinsert) { + res->ingress = want_ingress; +- if (skb_tc_reinsert(skb, res)) ++ err = tcf_mirred_forward(res->ingress, skb); ++ if (err) + tcf_action_inc_overlimit_qstats(&m->common); + __this_cpu_dec(mirred_rec_level); + return TC_ACT_CONSUMED; + } + } + +- if (!want_ingress) +- err = dev_queue_xmit(skb2); +- else +- err = netif_receive_skb(skb2); +- ++ err = tcf_mirred_forward(want_ingress, skb2); + if (err) { + out: + tcf_action_inc_overlimit_qstats(&m->common); diff --git a/series.conf b/series.conf index c457fad..36e09da 100644 --- a/series.conf +++ b/series.conf @@ -17985,6 +17985,7 @@ patches.suse/ibmvnic-Correctly-re-enable-interrupts-in-NAPI-polli.patch patches.suse/ibmvnic-Use-netdev_alloc_skb-instead-of-alloc_skb-to.patch patches.suse/ibmvnic-Do-not-replenish-RX-buffers-after-every-poll.patch + patches.suse/net-sched-act_mirred-refactor-the-handle-of-xmit.patch patches.suse/samples-bpf-Refactor-test_cgrp2_sock2-program-with-l.patch patches.suse/bpf-fix-bpf_put_raw_tracepoint-s-use-of-_module_address.patch patches.suse/selftests-bpf-Fix-invalid-use-of-strncat-in-test_soc.patch