backport pacths to fix problems

backport-libnetlink-Fix-memory-leak-in-__rtnl_talk_iov.patch

@@ -0,0 +1,86 @@
+From 0faec4d050b607f7544b6cf9a4c2d57e191f981f Mon Sep 17 00:00:00 2001
+From: Lahav Schlesinger <lschlesinger@drivenets.com>
+Date: Mon, 5 Dec 2022 10:47:41 +0200
+Subject: [PATCH] libnetlink: Fix memory leak in __rtnl_talk_iov()
+
+If `__rtnl_talk_iov` fails then callers are not expected to free `answer`.
+
+Currently if `NLMSG_ERROR` was received with an error then the netlink
+buffer was stored in `answer`, while still returning an error
+
+This leak can be observed by running this snippet over time.
+This triggers an `NLMSG_ERROR` because for each neighbour update, `ip`
+will try to query for the name of interface 9999 in the wrong netns.
+(which in itself is a separate bug)
+
+ set -e
+
+ ip netns del test-a || true
+ ip netns add test-a
+ ip netns del test-b || true
+ ip netns add test-b
+
+ ip -n test-a netns set test-b auto
+ ip -n test-a link add veth_a index 9999 type veth \
+  peer name veth_b netns test-b
+ ip -n test-b link set veth_b up
+
+ ip -n test-a monitor link address prefix neigh nsid label all-nsid \
+  > /dev/null &
+ monitor_pid=$!
+ clean() {
+  kill $monitor_pid
+  ip netns del test-a
+  ip netns del test-b
+ }
+ trap clean EXIT
+
+ while true; do
+  ip -n test-b neigh add dev veth_b 1.2.3.4 lladdr AA:AA:AA:AA:AA:AA
+  ip -n test-b neigh del dev veth_b 1.2.3.4
+ done
+
+
+Conflict:NA
+Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=0faec4d050b607f7544b6cf9a4c2d57e191f981f
+
+Fixes: 55870dfe7f8b ("Improve batch and dump times by caching link lookups")
+Signed-off-by: Lahav Schlesinger <lschlesinger@drivenets.com>
+Signed-off-by: Gilad Naaman <gnaaman@drivenets.com>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+---
+ lib/libnetlink.c | 17 +++++++++++------
+ 1 file changed, 11 insertions(+), 6 deletions(-)
+
+diff --git a/lib/libnetlink.c b/lib/libnetlink.c
+index 9af06232..001efc1d 100644
+--- a/lib/libnetlink.c
++++ b/lib/libnetlink.c
+@@ -1092,14 +1092,19 @@ next:
+ 						rtnl_talk_error(h, err, errfn);
+ 				}
+ 
+-				if (answer)
+-					*answer = (struct nlmsghdr *)buf;
+-				else
++				if (i < iovlen) {
+ 					free(buf);
+-
+-				if (i < iovlen)
+ 					goto next;
+-				return error ? -i : 0;
++				}
++
++				if (error) {
++					free(buf);
++					return -i;
++				}
++
++				if (answer)
++					*answer = (struct nlmsghdr *)buf;
++				return 0;
+ 			}
+ 
+ 			if (answer) {
+-- 
+2.23.0

backport-tc-ct-Fix-invalid-pointer-dereference.patch

@@ -0,0 +1,35 @@
+From 4de59102f49ff9128378568cf967d6c7aabea6f2 Mon Sep 17 00:00:00 2001
+From: Roi Dayan <roid@nvidia.com>
+Date: Wed, 7 Dec 2022 10:22:13 +0200
+Subject: [PATCH] tc: ct: Fix invalid pointer dereference
+
+Using macro NEXT_ARG_FWD does not validate argc.
+Use macro NEXT_ARG which validates argc while parsing args
+in the same loop iteration.
+
+Conflict:NA
+Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=4de59102f49ff9128378568cf967d6c7aabea6f2
+
+Fixes: c8a494314c40 ("tc: Introduce tc ct action")
+Signed-off-by: Roi Dayan <roid@nvidia.com>
+Reviewed-by: Paul Blakey <paulb@nvidia.com>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+---
+ tc/m_ct.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tc/m_ct.c b/tc/m_ct.c
+index a02bf0cc..54d64867 100644
+--- a/tc/m_ct.c
++++ b/tc/m_ct.c
+@@ -243,7 +243,7 @@ parse_ct(struct action_util *a, int *argc_p, char ***argv_p, int tca_id,
+ 				return -1;
+ 			}
+ 
+-			NEXT_ARG_FWD();
++			NEXT_ARG();
+ 			if (matches(*argv, "port") != 0)
+ 				continue;
+ 
+-- 
+2.23.0

backport-tc_util-Change-datatype-for-maj-to-avoid-overflow-issue.patch

@@ -0,0 +1,33 @@
+From 455fa8295298a68a2dedabf9dd4c1dbf847b128b Mon Sep 17 00:00:00 2001
+From: Lai Peter Jun Ann <jun.ann.lai@intel.com>
+Date: Mon, 21 Nov 2022 10:29:09 +0800
+Subject: [PATCH] tc_util: Change datatype for maj to avoid overflow issue
+
+The return value by stroul() is unsigned long int. Hence the datatype
+for maj should defined as unsigned long to avoid overflow issue.
+
+Conflict:NA
+Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=455fa8295298a68a2dedabf9dd4c1dbf847b128b
+
+Signed-off-by: Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli@intel.com>
+Signed-off-by: Lai Peter Jun Ann <jun.ann.lai@intel.com>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+---
+ tc/tc_util.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tc/tc_util.c b/tc/tc_util.c
+index 334334db..8cd3c035 100644
+--- a/tc/tc_util.c
++++ b/tc/tc_util.c
+@@ -74,7 +74,7 @@ const char *get_tc_lib(void)
+ 
+ int get_qdisc_handle(__u32 *h, const char *str)
+ {
+-	__u32 maj;
++	unsigned long maj;
+ 	char *p;
+ 
+ 	maj = TC_H_UNSPEC;
+-- 
+2.23.0

backport-tc_util-Fix-no-error-return-when-large-parent-id-used.patch

@@ -0,0 +1,35 @@
+From e0ecee3a33af57e01fe5d15f1a436216412f2d96 Mon Sep 17 00:00:00 2001
+From: Lai Peter Jun Ann <jun.ann.lai@intel.com>
+Date: Thu, 17 Nov 2022 13:33:17 +0800
+Subject: [PATCH] tc_util: Fix no error return when large parent id used
+
+This patch is to fix the issue where there is no error return
+when large value of parent ID is being used. The return value by
+stroul() is unsigned long int. Hence the datatype for maj and min
+should defined as unsigned long to avoid overflow issue.
+
+Conflict:NA
+Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=e0ecee3a33af57e01fe5d15f1a436216412f2d96
+
+Signed-off-by: Muhammad Husaini Zulkifli <muhammad.husaini.zulkifli@intel.com>
+Signed-off-by: Lai Peter Jun Ann <jun.ann.lai@intel.com>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+---
+ tc/tc_util.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/tc/tc_util.c b/tc/tc_util.c
+index 44137adb..334334db 100644
+--- a/tc/tc_util.c
++++ b/tc/tc_util.c
+@@ -93,7 +93,7 @@ ok:
+ 
+ int get_tc_classid(__u32 *h, const char *str)
+ {
+-	__u32 maj, min;
++	unsigned long maj, min;
+ 	char *p;
+ 
+ 	maj = TC_H_ROOT;
+-- 
+2.23.0

backport-xfrm-prepare-state-offload-logic-to-set-mode.patch

@@ -0,0 +1,117 @@
+From bdd19b1edec44c00c968950301074734cee54cab Mon Sep 17 00:00:00 2001
+From: Leon Romanovsky <leonro@nvidia.com>
+Date: Mon, 12 Dec 2022 09:54:04 +0200
+Subject: [PATCH] xfrm: prepare state offload logic to set mode
+
+The offload in xfrm state requires to provide device and direction
+in order to activate it. However, in the help section, device and
+direction were displayed as an optional.
+
+As a preparation to addition of packet offload, let's fix the help
+section and refactor the code to be more clear.
+
+Conflict:NA
+Reference:https://git.kernel.org/pub/scm/network/iproute2/iproute2.git/commit?id=bdd19b1edec44c00c968950301074734cee54cab
+
+Signed-off-by: Leon Romanovsky <leonro@nvidia.com>
+Signed-off-by: David Ahern <dsahern@kernel.org>
+---
+ ip/xfrm_state.c    | 35 +++++++++++++++++++----------------
+ man/man8/ip-xfrm.8 |  5 +++++
+ 2 files changed, 24 insertions(+), 16 deletions(-)
+
+diff --git a/ip/xfrm_state.c b/ip/xfrm_state.c
+index b2294d9f..6de2d28d 100644
+--- a/ip/xfrm_state.c
++++ b/ip/xfrm_state.c
+@@ -61,7 +61,7 @@ static void usage(void)
+ 		"        [ replay-seq-hi SEQ ] [ replay-oseq-hi SEQ ]\n"
+ 		"        [ flag FLAG-LIST ] [ sel SELECTOR ] [ LIMIT-LIST ] [ encap ENCAP ]\n"
+ 		"        [ coa ADDR[/PLEN] ] [ ctx CTX ] [ extra-flag EXTRA-FLAG-LIST ]\n"
+-		"        [ offload [dev DEV] dir DIR ]\n"
++		"        [ offload dev DEV dir DIR ]\n"
+ 		"        [ output-mark OUTPUT-MARK [ mask MASK ] ]\n"
+ 		"        [ if_id IF_ID ] [ tfcpad LENGTH ]\n"
+ 		"Usage: ip xfrm state allocspi ID [ mode MODE ] [ mark MARK [ mask MASK ] ]\n"
+@@ -267,7 +267,7 @@ static int xfrm_state_extra_flag_parse(__u32 *extra_flags, int *argcp, char ***a
+ 	return 0;
+ }
+ 
+-static int xfrm_offload_dir_parse(__u8 *dir, int *argcp, char ***argvp)
++static bool xfrm_offload_dir_parse(__u8 *dir, int *argcp, char ***argvp)
+ {
+ 	int argc = *argcp;
+ 	char **argv = *argvp;
+@@ -277,12 +277,12 @@ static int xfrm_offload_dir_parse(__u8 *dir, int *argcp, char ***argvp)
+ 	else if (strcmp(*argv, "out") == 0)
+ 		*dir = 0;
+ 	else
+-		invarg("DIR value is invalid", *argv);
++		return false;
+ 
+ 	*argcp = argc;
+ 	*argvp = argv;
+ 
+-	return 0;
++	return true;
+ }
+ 
+ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
+@@ -424,24 +424,27 @@ static int xfrm_state_modify(int cmd, unsigned int flags, int argc, char **argv)
+ 			addattr_l(&req.n, sizeof(req.buf), XFRMA_SEC_CTX,
+ 				  (void *)&ctx, ctx.sctx.len);
+ 		} else if (strcmp(*argv, "offload") == 0) {
+-			is_offload = true;
+ 			NEXT_ARG();
+ 			if (strcmp(*argv, "dev") == 0) {
+ 				NEXT_ARG();
+ 				ifindex = ll_name_to_index(*argv);
+-				if (!ifindex) {
+-					invarg("value after \"offload dev\" is invalid", *argv);
+-					is_offload = false;
+-				}
+-				NEXT_ARG();
+-			}
++				if (!ifindex)
++					invarg("Invalid device name", *argv);
++			} else
++				invarg("Missing dev keyword", *argv);
++
++			NEXT_ARG();
+ 			if (strcmp(*argv, "dir") == 0) {
++				bool is_dir;
++
+ 				NEXT_ARG();
+-				xfrm_offload_dir_parse(&dir, &argc, &argv);
+-			} else {
+-				invarg("value after \"offload dir\" is invalid", *argv);
+-				is_offload = false;
+-			}
++				is_dir = xfrm_offload_dir_parse(&dir, &argc,
++								&argv);
++				if (!is_dir)
++					invarg("DIR value is invalid", *argv);
++			} else
++				invarg("Missing DIR keyword", *argv);
++			is_offload = true;
+ 		} else if (strcmp(*argv, "output-mark") == 0) {
+ 			NEXT_ARG();
+ 			if (get_u32(&output_mark.v, *argv, 0))
+diff --git a/man/man8/ip-xfrm.8 b/man/man8/ip-xfrm.8
+index bf725cab..4243a023 100644
+--- a/man/man8/ip-xfrm.8
++++ b/man/man8/ip-xfrm.8
+@@ -65,6 +65,11 @@ ip-xfrm \- transform configuration
+ .IR MASK " ] ]"
+ .RB "[ " if_id
+ .IR IF-ID " ]"
++.RB "[ " offload
++.RB dev
++.IR DEV "
++.RB dir
++.IR DIR " ]"
+ .RB "[ " tfcpad
+ .IR LENGTH " ]"
+ 
+-- 
+2.23.0

iproute.spec

@@ -2,7 +2,7 @@
 Name:		iproute
 Version:	5.15.0
 Epoch:      1
-Release:	16
+Release:	17
 Summary:	Linux network configuration utilities
 License:	GPLv2+ and Public Domain
 URL:		https://kernel.org/pub/linux/utils/net/iproute2/
@@ -43,7 +43,11 @@ Patch6027:      backport-rdma-utils-fix-some-analyzer-warnings.patch
 Patch6028:      backport-tc-prio-handle-possible-truncated-kernel-response.patch
 Patch6029:      backport-iproute_lwtunnel-fix-array-boundary-check.patch
 Patch6030:      backport-rt_names-check-for-malloc-failure.patch
-
+Patch6031:      backport-tc_util-Fix-no-error-return-when-large-parent-id-used.patch
+Patch6032:      backport-tc_util-Change-datatype-for-maj-to-avoid-overflow-issue.patch
+Patch6033:      backport-tc-ct-Fix-invalid-pointer-dereference.patch
+Patch6034:      backport-libnetlink-Fix-memory-leak-in-__rtnl_talk_iov.patch
+Patch6035:      backport-xfrm-prepare-state-offload-logic-to-set-mode.patch
 
 Patch9000:      feature-iproute-add-support-for-ipvlan-l2e-mode.patch
 Patch9001:      bugfix-iproute2-cancel-some-test-cases.patch
@@ -124,6 +128,16 @@ install -m 0644 lib/libnetlink.a %{buildroot}%{_libdir}/libnetlink.a
 %{_mandir}/*
 
 %changelog
+* Mon Nov 27 2023 liubo <liubo335@huawei.com> - 1:5.15.0-17
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:libnetlink: Fix memory leak in __rtnl_talk_iov()
+       tc: ct: Fix invalid pointer dereference
+       tc_util: Change datatype for maj to avoid overflow issue
+       tc_util: Fix no error return when large parent id used
+       xfrm: prepare state offload logic to set mode
+
 * Mon Nov 27 2023 liubo <liubo335@huawei.com> - 1:5.15.0-16
 - Type:bugfix
 - ID:NA