[PATCH openEuler-1.0-LTS 0/2] Fix CVE-2021-47160 - Kernel - mailweb.openeuler.org

newer
[PATCH OLK-5.10 v3 0/2] Fix I/O...

[PATCH openEuler-1.0-LTS 0/2] Fix CVE-2021-47160

older
[PATCH openEuler-1.0-LTS] mld: fix...

GONG, Ruiqi

27 Mar 2024 27 Mar '24

5:23 p.m.

DENG Qingfang (2): net: dsa: mt7530: fix VLAN traffic leaks net: dsa: mt7530: fix VLAN traffic leaks again drivers/net/dsa/mt7530.c | 13 +------------ 1 file changed, 1 insertion(+), 12 deletions(-) -- 2.25.1

Reply

Sign in to reply online Use email software

Show replies by date

patchwork bot

27 Mar 27 Mar

5:21 p.m.

反馈：您发送到kernel@openeuler.org的补丁/补丁集，已成功转换为PR！ PR链接地址： https://gitee.com/openeuler/kernel/pulls/5573 邮件列表地址：https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/T... FeedBack: The patch(es) which you have sent to kernel@openeuler.org mailing list has been converted to a pull request successfully! Pull request link: https://gitee.com/openeuler/kernel/pulls/5573 Mailing list address: https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/T...

Reply

Sign in to reply online Use email software

GONG, Ruiqi

5:23 p.m.

New subject: [PATCH openEuler-1.0-LTS 1/2] net: dsa: mt7530: fix VLAN traffic leaks

From: DENG Qingfang <dqfext@gmail.com> stable inclusion from stable-v4.19.193 commit ae389812733b1b1e8e07fcc238e41db166b5c78d category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9BHG2 CVE: CVE-2021-47160 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=... -------------------------------- commit 474a2ddaa192777522a7499784f1d60691cd831a upstream. PCR_MATRIX field was set to all 1's when VLAN filtering is enabled, but was not reset when it is disabled, which may cause traffic leaks: ip link add br0 type bridge vlan_filtering 1 ip link add br1 type bridge vlan_filtering 1 ip link set swp0 master br0 ip link set swp1 master br1 ip link set br0 type bridge vlan_filtering 0 ip link set br1 type bridge vlan_filtering 0 # traffic in br0 and br1 will start leaking to each other As port_bridge_{add,del} have set up PCR_MATRIX properly, remove the PCR_MATRIX write from mt7530_port_set_vlan_aware. Fixes: 83163f7dca56 ("net: dsa: mediatek: add VLAN support for MT7530") Signed-off-by: DENG Qingfang <dqfext@gmail.com> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Conflicts: drivers/net/dsa/mt7530.c Signed-off-by: GONG, Ruiqi <gongruiqi1@huawei.com> --- drivers/net/dsa/mt7530.c | 8 -------- 1 file changed, 8 deletions(-) diff --git a/drivers/net/dsa/mt7530.c b/drivers/net/dsa/mt7530.c index 62e486652e62..515298d824ec 100644 --- a/drivers/net/dsa/mt7530.c +++ b/drivers/net/dsa/mt7530.c @@ -853,14 +853,6 @@ mt7530_port_set_vlan_aware(struct dsa_switch *ds, int port) { struct mt7530_priv *priv = ds->priv; - /* The real fabric path would be decided on the membership in the - * entry of VLAN table. PCR_MATRIX set up here with ALL_MEMBERS - * means potential VLAN can be consisting of certain subset of all - * ports. - */ - mt7530_rmw(priv, MT7530_PCR_P(port), - PCR_MATRIX_MASK, PCR_MATRIX(MT7530_ALL_MEMBERS)); - /* Trapped into security mode allows packet forwarding through VLAN * table lookup. */ -- 2.25.1

Reply

Sign in to reply online Use email software

GONG, Ruiqi

5:23 p.m.

New subject: [PATCH openEuler-1.0-LTS 2/2] net: dsa: mt7530: fix VLAN traffic leaks again

From: DENG Qingfang <dqfext@gmail.com> stable inclusion from stable-v5.10.62 commit b6c657abb893ef456fad6b229089f37127202df0 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9BHG2 CVE: CVE-2021-47160 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=... -------------------------------- commit 7428022b50d0fbb4846dd0f00639ea09d36dff02 upstream. When a port leaves a VLAN-aware bridge, the current code does not clear other ports' matrix field bit. If the bridge is later set to VLAN-unaware mode, traffic in the bridge may leak to that port. Remove the VLAN filtering check in mt7530_port_bridge_leave. Fixes: 474a2ddaa192 ("net: dsa: mt7530: fix VLAN traffic leaks") Fixes: 83163f7dca56 ("net: dsa: mediatek: add VLAN support for MT7530") Signed-off-by: DENG Qingfang <dqfext@gmail.com> Reviewed-by: Vladimir Oltean <olteanv@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Conflicts: drivers/net/dsa/mt7530.c Signed-off-by: GONG, Ruiqi <gongruiqi1@huawei.com> --- drivers/net/dsa/mt7530.c | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/drivers/net/dsa/mt7530.c b/drivers/net/dsa/mt7530.c index 515298d824ec..5c279d9f4992 100644 --- a/drivers/net/dsa/mt7530.c +++ b/drivers/net/dsa/mt7530.c @@ -879,11 +879,8 @@ mt7530_port_bridge_leave(struct dsa_switch *ds, int port, /* Remove this port from the port matrix of the other ports * in the same bridge. If the port is disabled, port matrix * is kept and not being setup until the port becomes enabled. - * And the other port's port matrix cannot be broken when the - * other port is still a VLAN-aware port. */ - if (!priv->ports[i].vlan_filtering && - dsa_is_user_port(ds, i) && i != port) { + if (dsa_is_user_port(ds, i) && i != port) { if (dsa_to_port(ds, i)->bridge_dev != bridge) continue; if (priv->ports[i].enable) -- 2.25.1

Reply

Sign in to reply online Use email software

335

Age (days ago)

335

Last active (days ago)

3 comments

2 participants

tags

participants (2)

GONG, Ruiqi
patchwork bot