<feed xmlns='http://www.w3.org/2005/Atom'>
<title>kernel/linux.git/net/core/rtnetlink.c, branch v7.2-rc1</title>
<subtitle>Linux kernel stable tree (mirror)</subtitle>
<id>https://git.radix-linux.su/kernel/linux.git/atom?h=v7.2-rc1</id>
<link rel='self' href='https://git.radix-linux.su/kernel/linux.git/atom?h=v7.2-rc1'/>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/'/>
<updated>2026-06-17T23:01:52+00:00</updated>
<entry>
<title>net: ip_gre: require CAP_NET_ADMIN in the device netns for changelink</title>
<updated>2026-06-17T23:01:52+00:00</updated>
<author>
<name>Maoyi Xie</name>
<email>maoyixie.tju@gmail.com</email>
</author>
<published>2026-06-12T08:59:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=8165f7ff57d9667d2bb477ef6af83ede7fed4ad7'/>
<id>urn:sha1:8165f7ff57d9667d2bb477ef6af83ede7fed4ad7</id>
<content type='text'>
A tunnel changelink() operates on at most two netns, dev_net(dev) and
the tunnel link netns t-&gt;net. They differ once the device is created in
or moved to a netns other than the one the request runs in. The rtnl
changelink path checks CAP_NET_ADMIN only against dev_net(dev), so a
caller privileged there but not in t-&gt;net can rewrite a tunnel that
lives in t-&gt;net.

Add rtnl_dev_link_net_capable() next to rtnl_get_net_ns_capable() in
net/core/rtnetlink.c. It requires CAP_NET_ADMIN in the link netns and is
skipped when the link netns is dev_net(dev), where the rtnl path already
checked it. The other patches in this series use the same helper.

Gate ipgre_changelink() and erspan_changelink() with it, at the top of
the op before any attribute is parsed, because the parsers update live
tunnel fields first. ipgre_netlink_parms() sets t-&gt;collect_md before
ip_tunnel_changelink() runs.

Commit 8b484efd5cb4 ("ip6: vti: Use ip6_tnl.net in
vti6_siocdevprivate().") added the same check on the ioctl path. This
adds it on RTM_NEWLINK.

Reported-by: Xiao Liang &lt;shaw.leon@gmail.com&gt;
Closes: https://lore.kernel.org/netdev/CABAhCOSzP1vaThGV35_VnsRCb=87_CPjPVsTHbq905k8A+BuUg@mail.gmail.com/
Fixes: b57708add314 ("gre: add x-netns support")
Cc: stable@vger.kernel.org
Signed-off-by: Maoyi Xie &lt;maoyixie.tju@gmail.com&gt;
Reviewed-by: Kuniyuki Iwashima &lt;kuniyu@google.com&gt;
Link: https://patch.msgid.link/20260612085941.3158249-2-maoyixie.tju@gmail.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>rtnetlink: use dev_isalive() in rtnl_getlink()</title>
<updated>2026-06-05T01:16:14+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2026-06-03T18:08:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=f3c496105472f353ff7428569ea4b6a6a61caf8e'/>
<id>urn:sha1:f3c496105472f353ff7428569ea4b6a6a61caf8e</id>
<content type='text'>
rtnl_getlink() uses an RCU lookup to get the netdevice pointer.

When/If rtnl_lock() is used, we should check if the netdevice is not
being dismantled before potentially perform illegal actions.

Move dev_isalive() out of net/core/net-sysfs.c and make it available
in net/core/dev.h.

Return -ENODEV if rtnl_getlink() finds a device which is currently
being dismantled and RTNL is requested.

Fixes: e896e5c0734b ("rtnetlink: do not acquire RTNL in rtnl_getlink() with RTEXT_FILTER_NAME_ONLY")
Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Suggested-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
Reviewed-by: Jiayuan Chen &lt;jiayuan.chen@linux.dev&gt;
Link: https://patch.msgid.link/20260603180831.1024716-1-edumazet@google.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>rtnetlink: add RTEXT_FILTER_NAME_ONLY support to rtnl_dump_ifinfo()</title>
<updated>2026-05-27T02:20:15+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2026-05-25T08:35:42+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=d628604f7ea75a4dfe7ee3792f3c79c29ca81c04'/>
<id>urn:sha1:d628604f7ea75a4dfe7ee3792f3c79c29ca81c04</id>
<content type='text'>
When user requests RTEXT_FILTER_NAME_ONLY flag, we limit the dump
parts to:

 - struct nlmsghdr
 - IFLA_IFNAME
 - IFLA_PROP_LIST (alternate names)

- This saves space in the dump, pushing more devices per system call.
- This can be done without acquiring RTNL.

I still have a medium term goal to avoid RTNL in rtnl_dump_ifinfo()
regardless of RTEXT_FILTER_NAME_ONLY being used.

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Link: https://patch.msgid.link/20260525083542.1565964-6-edumazet@google.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>rtnetlink: do not assume RTNL is held in link_master_filtered()</title>
<updated>2026-05-27T02:20:15+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2026-05-25T08:35:41+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=6768c7c3d70f0d6f9cb6fad2b33357ec7379d952'/>
<id>urn:sha1:6768c7c3d70f0d6f9cb6fad2b33357ec7379d952</id>
<content type='text'>
RTNL might be no longer held by the caller in the following patch.

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Link: https://patch.msgid.link/20260525083542.1565964-5-edumazet@google.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>rtnetlink: do not acquire RTNL in rtnl_getlink() with RTEXT_FILTER_NAME_ONLY</title>
<updated>2026-05-27T02:20:15+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2026-05-25T08:35:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=e896e5c0734b559b5b58f356ebf100ccf5fcd16e'/>
<id>urn:sha1:e896e5c0734b559b5b58f356ebf100ccf5fcd16e</id>
<content type='text'>
When RTEXT_FILTER_NAME_ONLY is requested, rtnl_fill_ifinfo()
is dumping device attributes which do not need RTNL protection.

Many shell scripts invoke iproute2 commands specifying a device by
its name. After this patch, they will no longer add RTNL pressure.

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Link: https://patch.msgid.link/20260525083542.1565964-4-edumazet@google.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>rtnetlink: use nla_nest_end_safe() in rtnl_fill_prop_list()</title>
<updated>2026-05-27T02:20:15+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2026-05-25T08:35:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=73a7c8fb2302ae78920b210c098b752b9caa6bf6'/>
<id>urn:sha1:73a7c8fb2302ae78920b210c098b752b9caa6bf6</id>
<content type='text'>
Avoid corrupting a netlink message and confuse user space in the
very unlikely case rtnl_fill_prop_list was able to produce a very big
nested element.

This is extremely unlikely, because rtnl_prop_list_size()
provisions nla_total_size(ALTIFNAMSIZ) per altname.

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Link: https://patch.msgid.link/20260525083542.1565964-2-edumazet@google.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>dpll: change dpll_netdev_pin_handle_size() to assume DPLL_A_PIN_ID will be used</title>
<updated>2026-05-23T00:33:22+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2026-05-21T17:14:39+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=7409fad779e271f252d844ae16e1a7429626b13e'/>
<id>urn:sha1:7409fad779e271f252d844ae16e1a7429626b13e</id>
<content type='text'>
We plan to no longer hold RTNL in "ip link show", and use RCU instead.

Assume rtnl_fill_dpll_pin() will have to fill DPLL_A_PIN_ID.

It is fine to over-estimate skb size (by 8 bytes) in if_nlmsg_size().

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Reviewed-by: Vadim Fedorenko &lt;vadim.fedorenko@linux.dev&gt;
Link: https://patch.msgid.link/20260521171440.114956-1-edumazet@google.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>rtnetlink: do not use RTNL in rtnl_af_register() and rtnl_af_unregister()</title>
<updated>2026-05-23T00:32:56+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2026-05-21T17:40:38+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=b8de39a06535bfccf9f693e42dc8cfbee35d07be'/>
<id>urn:sha1:b8de39a06535bfccf9f693e42dc8cfbee35d07be</id>
<content type='text'>
rtnl_af_lookup() does not rely on RTNL anymoe, remove the stale
ASSERT_RTNL().

Add a private spinlock (rtnl_af_ops_lock) to protect rtnl_af_ops
list instead of using RTNL.

Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Reviewed-by: Kuniyuki Iwashima &lt;kuniyu@google.com&gt;
Link: https://patch.msgid.link/20260521174038.204481-1-edumazet@google.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net</title>
<updated>2026-05-21T22:09:02+00:00</updated>
<author>
<name>Jakub Kicinski</name>
<email>kuba@kernel.org</email>
</author>
<published>2026-05-21T22:02:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=6a20b34fe3b31b292078bc79ec18a2ab0d9f7719'/>
<id>urn:sha1:6a20b34fe3b31b292078bc79ec18a2ab0d9f7719</id>
<content type='text'>
Cross-merge networking fixes after downstream PR (net-7.1-rc5).

No conflicts, adjacent changes:

drivers/net/ethernet/mellanox/mlx5/core/en_txrx.c
  cc199cd1b912 ("net/mlx5e: Reduce branches in napi poll")
  c326f9c68921 ("net/mlx5e: xsk: Fix unlocked writing to ICOSQ")

drivers/net/ethernet/mellanox/mlx5/core/eswitch.c
  c6df9a65cbb0 ("net/mlx5: Skip disabled vports when setting max TX speed")
  1fba57c91416 ("net/mlx5: Add VHCA_ID page management mode support")

net/mac80211/mlme.c
  a6e6ccd5bd07 ("wifi: mac80211: consume only present negotiated TTLM maps")
  49e62ec6eb06 ("wifi: mac80211: move frame RX handling to type files")

Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
<entry>
<title>net: bridge: prevent too big nested attributes in br_fill_linkxstats()</title>
<updated>2026-05-21T15:47:36+00:00</updated>
<author>
<name>Eric Dumazet</name>
<email>edumazet@google.com</email>
</author>
<published>2026-05-20T11:42:07+00:00</published>
<link rel='alternate' type='text/html' href='https://git.radix-linux.su/kernel/linux.git/commit/?id=bdd39576bf50a50bdafe3da968fd271bc674a48f'/>
<id>urn:sha1:bdd39576bf50a50bdafe3da968fd271bc674a48f</id>
<content type='text'>
After commit ff205bf8c554 ("netlink: add one debug check in nla_nest_end()")
syzbot found that br_fill_linkxstats() can send corrupted netlink packets.

Make sure the nested attribute size is bounded.

Fixes: a60c090361ea ("bridge: netlink: export per-vlan stats")
Reported-by: syzbot+a35f9259d08f907c06e6@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/6a0b0da3.050a0220.175f0c.0000.GAE@google.com/
Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Reviewed-by: Ido Schimmel &lt;idosch@nvidia.com&gt;
Acked-by: Nikolay Aleksandrov &lt;razor@blackwall.org&gt;
Link: https://patch.msgid.link/20260520114207.1394241-1-edumazet@google.com
Signed-off-by: Jakub Kicinski &lt;kuba@kernel.org&gt;
</content>
</entry>
</feed>
