Patch "net: hsr: Use the seqnr lock for frames received via interlink port." has been added to the 6.10-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 30 Sep 2024 19:31:55 -0400

This is a note to let you know that I've just added the patch titled

    net: hsr: Use the seqnr lock for frames received via interlink port.

to the 6.10-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-hsr-use-the-seqnr-lock-for-frames-received-via-i.patch
and it can be found in the queue-6.10 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 2778cb517368feaa8b089b192f68a19d34081d17
Author: Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx>
Date:   Fri Sep 6 15:25:31 2024 +0200

    net: hsr: Use the seqnr lock for frames received via interlink port.
    
    [ Upstream commit 430d67bdcb04ee8502c2b10dcbaced4253649189 ]
    
    syzbot reported that the seqnr_lock is not acquire for frames received
    over the interlink port. In the interlink case a new seqnr is generated
    and assigned to the frame.
    Frames, which are received over the slave port have already a sequence
    number assigned so the lock is not required.
    
    Acquire the hsr_priv::seqnr_lock during in the invocation of
    hsr_forward_skb() if a packet has been received from the interlink port.
    
    Reported-by: syzbot+3d602af7549af539274e@xxxxxxxxxxxxxxxxxxxxxxxxx
    Closes: https://groups.google.com/g/syzkaller-bugs/c/KppVvGviGg4/m/EItSdCZdBAAJ
    Fixes: 5055cccfc2d1c ("net: hsr: Provide RedBox support (HSR-SAN)")
    Signed-off-by: Sebastian Andrzej Siewior <bigeasy@xxxxxxxxxxxxx>
    Reviewed-by: Lukasz Majewski <lukma@xxxxxxx>
    Tested-by: Lukasz Majewski <lukma@xxxxxxx>
    Link: https://patch.msgid.link/20240906132816.657485-2-bigeasy@xxxxxxxxxxxxx
    Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/hsr/hsr_slave.c b/net/hsr/hsr_slave.c
index af6cf64a00e08..464f683e016db 100644
--- a/net/hsr/hsr_slave.c
+++ b/net/hsr/hsr_slave.c
@@ -67,7 +67,16 @@ static rx_handler_result_t hsr_handle_frame(struct sk_buff **pskb)
 		skb_set_network_header(skb, ETH_HLEN + HSR_HLEN);
 	skb_reset_mac_len(skb);
 
-	hsr_forward_skb(skb, port);
+	/* Only the frames received over the interlink port will assign a
+	 * sequence number and require synchronisation vs other sender.
+	 */
+	if (port->type == HSR_PT_INTERLINK) {
+		spin_lock_bh(&hsr->seqnr_lock);
+		hsr_forward_skb(skb, port);
+		spin_unlock_bh(&hsr->seqnr_lock);
+	} else {
+		hsr_forward_skb(skb, port);
+	}
 
 finish_consume:
 	return RX_HANDLER_CONSUMED;







