hulk inclusion category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I8ZGOZ CVE: CVE-2023-52340
--------------------------------
Fix kabi broken in struct dst_ops.
Signed-off-by: Ziyang Xuan william.xuanziyang@huawei.com --- include/net/dst_ops.h | 2 +- net/core/dst.c | 8 ++++++-- net/ipv6/route.c | 5 +++-- 3 files changed, 10 insertions(+), 5 deletions(-)
diff --git a/include/net/dst_ops.h b/include/net/dst_ops.h index 02bf97394f94..b8ee48ea07f1 100644 --- a/include/net/dst_ops.h +++ b/include/net/dst_ops.h @@ -17,7 +17,7 @@ struct dst_ops { unsigned short family; unsigned int gc_thresh;
- void (*gc)(struct dst_ops *ops); + int (*gc)(struct dst_ops *ops); struct dst_entry * (*check)(struct dst_entry *, __u32 cookie); unsigned int (*default_advmss)(const struct dst_entry *); unsigned int (*mtu)(const struct dst_entry *); diff --git a/net/core/dst.c b/net/core/dst.c index 1b1677683b97..1a9f84f8cde1 100644 --- a/net/core/dst.c +++ b/net/core/dst.c @@ -99,8 +99,12 @@ void *dst_alloc(struct dst_ops *ops, struct net_device *dev,
if (ops->gc && !(flags & DST_NOCOUNT) && - dst_entries_get_fast(ops) > ops->gc_thresh) - ops->gc(ops); + dst_entries_get_fast(ops) > ops->gc_thresh) { + if (ops->gc(ops)) { + pr_notice_ratelimited("Route cache is full: consider increasing sysctl net.ipv6.route.max_size.\n"); + return NULL; + } + }
dst = kmem_cache_alloc(ops->kmem_cachep, GFP_ATOMIC); if (!dst) diff --git a/net/ipv6/route.c b/net/ipv6/route.c index 5239514502ad..83eba35adba9 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -92,7 +92,7 @@ static struct dst_entry *ip6_negative_advice(struct dst_entry *); static void ip6_dst_destroy(struct dst_entry *); static void ip6_dst_ifdown(struct dst_entry *, struct net_device *dev, int how); -static void ip6_dst_gc(struct dst_ops *ops); +static int ip6_dst_gc(struct dst_ops *ops);
static int ip6_pkt_discard(struct sk_buff *skb); static int ip6_pkt_discard_out(struct net *net, struct sock *sk, struct sk_buff *skb); @@ -2770,7 +2770,7 @@ struct dst_entry *icmp6_dst_alloc(struct net_device *dev, return dst; }
-static void ip6_dst_gc(struct dst_ops *ops) +static int ip6_dst_gc(struct dst_ops *ops) { struct net *net = container_of(ops, struct net, ipv6.ip6_dst_ops); int rt_min_interval = net->ipv6.sysctl.ip6_rt_gc_min_interval; @@ -2793,6 +2793,7 @@ static void ip6_dst_gc(struct dst_ops *ops) net->ipv6.ip6_rt_gc_expire = rt_gc_timeout>>1; out: net->ipv6.ip6_rt_gc_expire -= net->ipv6.ip6_rt_gc_expire>>rt_elasticity; + return 0; }
static int ip6_convert_metrics(struct net *net, struct fib6_info *rt,