[Devel] [PATCH RHEL9 COMMIT] ms/netfilter: nfnetlink_log: use proper helper for fetching physinif

Tue Jan 23 22:13:52 MSK 2024

The commit is pushed to "branch-rh9-5.14.0-362.8.1.vz9.35.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh9-5.14.0-362.8.1.vz9.35.7
------>
commit 9663dd170f2553678f3e7974ab75bbbc880de959
Author: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
Date:   Tue Jan 23 11:16:18 2024 +0800

    ms/netfilter: nfnetlink_log: use proper helper for fetching physinif
    
    We don't use physindev in __build_packet_message except for getting
    physinif from it. So let's switch to nf_bridge_get_physinif to get what
    we want directly.
    
    Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
    
    Reviewed-by: Simon Horman <horms at kernel.org>
    Signed-off-by: Pablo Neira Ayuso <pablo at netfilter.org>
    
    (cherry picked from commit c3f9fd54cd87233f53bdf0e191a86b3a5e960e02)
    https://virtuozzo.atlassian.net/browse/PSBM-153269
    Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
    
    ======
    Patchset description:
    netlink: bridge: fix nf_bridge->physindev use after free
    
    This is a backport of mainstream version of the fix to vz9:
    https://lore.kernel.org/netdev/20240111150645.85637-1-ptikhomirov@virtuozzo.com/
    
    https://virtuozzo.atlassian.net/browse/PSBM-153269
    
    Feature: fix ms/net
---
 net/netfilter/nfnetlink_log.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/net/netfilter/nfnetlink_log.c b/net/netfilter/nfnetlink_log.c
index d97eb280cb2e..8116beccdc1c 100644
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@ -499,7 +499,7 @@ __build_packet_message(struct nfnl_log_net *log,
 					 htonl(br_port_get_rcu(indev)->br->dev->ifindex)))
 				goto nla_put_failure;
 		} else {
-			struct net_device *physindev;
+			int physinif;
 
 			/* Case 2: indev is bridge group, we need to look for
 			 * physical device (when called from ipv4) */
@@ -507,10 +507,10 @@ __build_packet_message(struct nfnl_log_net *log,
 					 htonl(indev->ifindex)))
 				goto nla_put_failure;
 
-			physindev = nf_bridge_get_physindev(skb);
-			if (physindev &&
+			physinif = nf_bridge_get_physinif(skb);
+			if (physinif &&
 			    nla_put_be32(inst->skb, NFULA_IFINDEX_PHYSINDEV,
-					 htonl(physindev->ifindex)))
+					 htonl(physinif)))
 				goto nla_put_failure;
 		}
 #endif
