From: Sasha Levin <sashal@kernel.org>
To: stable@vger.kernel.org
Cc: Jakub Kicinski <kuba@kernel.org>, Sasha Levin <sashal@kernel.org>
Subject: Re: [PATCH 6.12.y] netdev: prevent accessing NAPI instances from another namespace
Date: Mon, 13 Jan 2025 19:13:30 -0500 [thread overview]
Message-ID: <20250113181314-17e3b4eb3bab95ac@stable.kernel.org> (raw)
In-Reply-To: <20250113191714.4036263-1-kuba@kernel.org>
[ Sasha's backport helper bot ]
Hi,
The upstream commit SHA1 provided is correct: d1cacd74776895f6435941f86a1130e58f6dd226
Status in newer kernel trees:
6.12.y | Not found
Note: The patch differs from the upstream commit:
---
1: d1cacd747768 ! 1: 0686eb4ff47a netdev: prevent accessing NAPI instances from another namespace
@@ Metadata
## Commit message ##
netdev: prevent accessing NAPI instances from another namespace
+ [ Upstream commit d1cacd74776895f6435941f86a1130e58f6dd226 ]
+
The NAPI IDs were not fully exposed to user space prior to the netlink
API, so they were never namespaced. The netlink API must ensure that
at the very least NAPI instance belongs to the same netns as the owner
@@ net/core/netdev-genl.c: int netdev_nl_napi_get_doit(struct sk_buff *skb, struct
if (napi) {
err = netdev_nl_napi_fill_one(rsp, napi, info);
} else {
-@@ net/core/netdev-genl.c: int netdev_nl_napi_set_doit(struct sk_buff *skb, struct genl_info *info)
- rtnl_lock();
- rcu_read_lock();
-
-- napi = napi_by_id(napi_id);
-+ napi = netdev_napi_by_id(genl_info_net(info), napi_id);
- if (napi) {
- err = netdev_nl_napi_set_config(napi, info);
- } else {
---
Results of testing on various branches:
| Branch | Patch Apply | Build Test |
|---------------------------|-------------|------------|
| stable/linux-6.12.y | Success | Success |
prev parent reply other threads:[~2025-01-14 0:13 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-12 9:15 FAILED: patch "[PATCH] netdev: prevent accessing NAPI instances from another" failed to apply to 6.12-stable tree gregkh
2025-01-13 19:17 ` [PATCH 6.12.y] netdev: prevent accessing NAPI instances from another namespace Jakub Kicinski
2025-01-14 0:13 ` Sasha Levin [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250113181314-17e3b4eb3bab95ac@stable.kernel.org \
--to=sashal@kernel.org \
--cc=kuba@kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox