From cc1836507f482e5e86b3adfcb99dc3cb3eee4569 Mon Sep 17 00:00:00 2001
From: chengyechun <chengyechun1@huawei.com>
Date: Mon, 11 Nov 2024 16:59:04 +0800
Subject: [PATCH] sync some patches from upstream

---
 ...-ecmp-route-deleted-nexthop-matching.patch | 66 +++++++++++++++++++
 ...-object-in-callback-v2-on-update-obj.patch | 43 ++++++++++++
 ...-fix-ubsan-complaint-about-incorrect.patch | 32 +++++++++
 ...nfo-instead-of-release-and-reacquire.patch | 53 +++++++++++++++
 ...-with-via-nexthops-as-univers-scoped.patch | 36 ++++++++++
 libnl3.spec                                   | 13 +++-
 6 files changed, 242 insertions(+), 1 deletion(-)
 create mode 100644 backport-fix-IPv6-ecmp-route-deleted-nexthop-matching.patch
 create mode 100644 backport-fix-new-object-in-callback-v2-on-update-obj.patch
 create mode 100644 backport-fix-ubsan-complaint-about-incorrect.patch
 create mode 100644 backport-keep-link-info-instead-of-release-and-reacquire.patch
 create mode 100644 backport-treat-routes-with-via-nexthops-as-univers-scoped.patch

diff --git a/backport-fix-IPv6-ecmp-route-deleted-nexthop-matching.patch b/backport-fix-IPv6-ecmp-route-deleted-nexthop-matching.patch
new file mode 100644
index 0000000..8af2477
--- /dev/null
+++ b/backport-fix-IPv6-ecmp-route-deleted-nexthop-matching.patch
@@ -0,0 +1,66 @@
+From 2301992be667fa51084b40ac6ad4a4155a09aeb1 Mon Sep 17 00:00:00 2001
+From: Jonas Gorski <jonas.gorski@bisdn.de>
+Date: Tue, 30 Apr 2024 14:05:33 +0200
+Subject: [PATCH] route: fix IPv6 ecmp route deleted nexthop matching
+
+When the kernel sends a ECMP route update with just the deleted nexthop,
+the nexthop will have no associated weight, and its flags may indicate
+that it is dead:
+
+    route_update: RTM_DELROUTE
+    new route:
+    inet6 default table main type unicast <DEAD,>
+        scope global priority 0x400 protocol 0x9
+        nexthop via fe80::b226:28ff:fe62:8841 dev port4 <dead,>
+    old route:
+    inet6 default table main type unicast
+        scope global priority 0x400 protocol 0x9
+        nexthop via fe80::b226:28ff:fe62:8841 dev port4 weight 0 <>
+        nexthop via fe80::fa8e:a1ff:fee0:8344 dev port49 weight 0 <>
+        nexthop via fe80::b226:28ff:fe62:d400 dev port3 weight 0 <>
+        nexthop via fe80::fa8e:a1ff:fee0:8349 dev port54 weight 0 <>
+
+Since we are comparing the nexthops strictly with all attributes, we can
+never match the deleted nexthop. This causes libnl to fail to remove the
+deleted nexthop from the route, and consequently send out a nop-update
+and a desync of the route in the cache and in the kernel.
+
+Fix this by ignoring NH_ATTR_FLAGS (0x1) and NH_ATTR_WEIGHT (0x2) when
+comparing nexthops to properly match the deleted one.
+
+Fixes: 29b71371e764 ("route cache: Fix handling of ipv6 multipath routes")
+Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
+
+https://github.com/thom311/libnl/pull/382
+
+Conflict:NA
+Reference:https://github.com/thom311/libnl/commit/2301992be667fa51084b40ac6ad4a4155a09aeb1
+
+---
+ lib/route/route_obj.c | 10 +++++++++-
+ 1 file changed, 9 insertions(+), 1 deletion(-)
+
+diff --git a/lib/route/route_obj.c b/lib/route/route_obj.c
+index 9441b77..0ae029d 100644
+--- a/lib/route/route_obj.c
++++ b/lib/route/route_obj.c
+@@ -547,7 +547,15 @@ static int route_update(struct nl_object *old_obj, struct nl_object *new_obj)
+ 		 */
+ 		nl_list_for_each_entry(old_nh, &old_route->rt_nexthops,
+ 			rtnh_list) {
+-			if (!rtnl_route_nh_compare(old_nh, new_nh, ~0, 0)) {
++			/*
++			 * Since the new route has only one nexthop, it's not
++			 * an ECMP route and the nexthop won't have a weight.
++			 * Similarily, the nexthop might have been marked as
++			 * DEAD in its flags if it was deleted.
++			 * Therefore ignore NH_ATTR_FLAGS (= 0x1) and
++			 * NH_ATTR_WEIGHT (= 0x2) while comparing nexthops.
++			 */
++			if (!rtnl_route_nh_compare(old_nh, new_nh, ~0x3, 0)) {
+ 
+ 				rtnl_route_remove_nexthop(old_route, old_nh);
+ 
+-- 
+2.33.0
+
diff --git a/backport-fix-new-object-in-callback-v2-on-update-obj.patch b/backport-fix-new-object-in-callback-v2-on-update-obj.patch
new file mode 100644
index 0000000..46a1150
--- /dev/null
+++ b/backport-fix-new-object-in-callback-v2-on-update-obj.patch
@@ -0,0 +1,43 @@
+From 3a43faa1aa8e9fb98ae8bc41496ceabc4c0838f1 Mon Sep 17 00:00:00 2001
+From: Jonas Gorski <jonas.gorski@bisdn.de>
+Date: Fri, 26 Apr 2024 16:32:21 +0200
+Subject: [PATCH] cache: fix new object in callback v2 on updated objects
+
+When calling the callback v2 for objects that were updated, we pass the
+update ("obj") instead of the updated object ("old") as new.
+
+Presumably this wasn't intended, so pass the updated object as new.
+
+This avoids weird updates where the new object is significantly smaller
+than the old one. E.g. for IPv6 multipath route updates, old would be
+the full route with all nexthops, while new would be a partial route
+with only the added/removed nexthop.
+
+Fixes: 66d032ad443a ("cache_mngr: add include callback v2")
+Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
+
+https://github.com/thom311/libnl/pull/381
+
+Conflict:NA
+Reference:https://github.com/thom311/libnl/commit/3a43faa1aa8e9fb98ae8bc41496ceabc4c0838f1
+
+---
+ lib/cache.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/cache.c b/lib/cache.c
+index eadce57..8e423e5 100644
+--- a/lib/cache.c
++++ b/lib/cache.c
+@@ -802,7 +802,7 @@ static int cache_include(struct nl_cache *cache, struct nl_object *obj,
+ 			 */
+ 			if (nl_object_update(old, obj) == 0) {
+ 				if (cb_v2) {
+-					cb_v2(cache, clone, obj, diff,
++					cb_v2(cache, clone, old, diff,
+ 					      NL_ACT_CHANGE, data);
+ 					nl_object_put(clone);
+ 				} else if (cb)
+-- 
+2.33.0
+
diff --git a/backport-fix-ubsan-complaint-about-incorrect.patch b/backport-fix-ubsan-complaint-about-incorrect.patch
new file mode 100644
index 0000000..e5ee17f
--- /dev/null
+++ b/backport-fix-ubsan-complaint-about-incorrect.patch
@@ -0,0 +1,32 @@
+From 46cae1bfc2ee435fed7c73a15d0b6979fe6d43a3 Mon Sep 17 00:00:00 2001
+From: "Ilya A. Evenbach" <ievenbach@aurora.tech>
+Date: Mon, 22 Apr 2024 05:39:24 -0700
+Subject: [PATCH] socket: fix ubsan complaint about incorrect left-shift in
+ generate_local_port()
+
+n needs to be uint32_t to fit left shift by 22 bits
+
+https://github.com/thom311/libnl/pull/379
+Conflict:NA
+Reference:https:/github.com/thom311/libnl/commit/46cae1bfc2ee435fed7c73a15d0b6979fe6d43a3
+
+---
+ lib/socket.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/socket.c b/lib/socket.c
+index 2ca14f6..21a53bd 100644
+--- a/lib/socket.c
++++ b/lib/socket.c
+@@ -78,7 +78,7 @@ static NL_RW_LOCK(port_map_lock);
+ static uint32_t generate_local_port(void)
+ {
+ 	int i, j, m;
+-	uint16_t n;
++	uint32_t n;
+ 	static uint16_t idx_state = 0;
+ 	uint32_t pid = getpid() & 0x3FFFFF;
+ 
+-- 
+2.33.0
+
diff --git a/backport-keep-link-info-instead-of-release-and-reacquire.patch b/backport-keep-link-info-instead-of-release-and-reacquire.patch
new file mode 100644
index 0000000..3c63186
--- /dev/null
+++ b/backport-keep-link-info-instead-of-release-and-reacquire.patch
@@ -0,0 +1,53 @@
+From 64fad14bc9c5b594f9ffcd1aa0ca7e00042d8350 Mon Sep 17 00:00:00 2001
+From: Jonas Gorski <jonas.gorski@bisdn.de>
+Date: Tue, 16 Jul 2024 16:01:27 +0200
+Subject: [PATCH] link: link_msg_parser(): keep link info instead of release
+ and reacquire
+
+Calling release_link_info() will call io_free() for rtnl_link::l_info
+was allocated just a few lines before as a side effect of
+rtnl_link_set_type().
+
+Apart from doing needless memory churn, this will also leave the link
+with l_info set to NULL if the link type does not provide a io_parse()
+function.
+
+Assuming the memory leak mentioned in bfee88b8b0a9 ("route: fix memory
+leak of l_info_ops in link_msg_parser()") was a double reference taken
+by calling rtnl_link_info_ops_lookup() twice, once via
+rtnl_link_set_type(), and once directly, replace the lookup() /
+release() lookup() with a single lookup() and then reuse the populated
+rtnl_link::l_info_ops pointer.
+
+Fixes: bfee88b8b0a9 ("route: fix memory leak of l_info_ops in link_msg_parser()")
+Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
+
+https://github.com/thom311/libnl/pull/396
+
+Conflict:NA
+Reference:https://github.com/thom311/libnl/commit/64fad14bc9c5b594f9ffcd1aa0ca7e00042d8350
+
+---
+ lib/route/link.c | 6 +-----
+ 1 file changed, 1 insertion(+), 5 deletions(-)
+
+diff --git a/lib/route/link.c b/lib/route/link.c
+index e3f657b..09635cb 100644
+--- a/lib/route/link.c
++++ b/lib/route/link.c
+@@ -674,11 +674,7 @@ static int link_msg_parser(struct nl_cache_ops *ops, struct sockaddr_nl *who,
+ 					tb[IFLA_PROTINFO] = (struct nlattr *)link->l_af_ops->ao_protinfo_policy;
+ 			}
+ 
+-			if (link->l_info_ops)
+-				release_link_info(link);
+-
+-			ops = rtnl_link_info_ops_lookup(kind);
+-			link->l_info_ops = ops;
++			ops = link->l_info_ops;
+ 
+ 			if (ops) {
+ 				if (ops->io_parse &&
+-- 
+2.33.0
+
diff --git a/backport-treat-routes-with-via-nexthops-as-univers-scoped.patch b/backport-treat-routes-with-via-nexthops-as-univers-scoped.patch
new file mode 100644
index 0000000..0b4efb2
--- /dev/null
+++ b/backport-treat-routes-with-via-nexthops-as-univers-scoped.patch
@@ -0,0 +1,36 @@
+From 326882017876bc22f9d16508a44a8ef98a53d220 Mon Sep 17 00:00:00 2001
+From: Jonas Gorski <jonas.gorski@bisdn.de>
+Date: Wed, 29 May 2024 09:45:24 +0200
+Subject: [PATCH] route: treat routes with via nexthops as universe scoped as
+ well
+
+RTA_VIA is a RTA_GATEWAY with added address family, so we should treat
+them them equivalent for guessing the scope.
+
+Signed-off-by: Jonas Gorski <jonas.gorski@bisdn.de>
+
+https://github.com/thom311/libnl/pull/389
+
+Conflict:NA
+Reference:https://github.com/thom311/libnl/commit/326882017876bc22f9d16508a44a8ef98a53d220
+
+---
+ lib/route/route_obj.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/route/route_obj.c b/lib/route/route_obj.c
+index 0ae029d..2d4a4b8 100644
+--- a/lib/route/route_obj.c
++++ b/lib/route/route_obj.c
+@@ -983,7 +983,7 @@ int rtnl_route_guess_scope(struct rtnl_route *route)
+ 		 * is not directly connected
+ 		 */
+ 		nl_list_for_each_entry(nh, &route->rt_nexthops, rtnh_list) {
+-			if (nh->rtnh_gateway)
++			if (nh->rtnh_gateway || nh->rtnh_via)
+ 				return RT_SCOPE_UNIVERSE;
+ 		}
+ 	}
+-- 
+2.33.0
+
diff --git a/libnl3.spec b/libnl3.spec
index 28c9d37..abba976 100644
--- a/libnl3.spec
+++ b/libnl3.spec
@@ -1,6 +1,6 @@
 Name:          libnl3
 Version:       3.7.0
-Release:       4
+Release:       5
 Summary:       Providing APIs to netlink protocol based Linux kernel interfaces
 License:       LGPLv2
 URL:           http://www.infradead.org/~tgr/libnl/
@@ -25,6 +25,11 @@ patch6012:      backport-accept-NULL-argument-in-nla_nest_cancel-for-robustness.
 patch6013:      backport-fix-error-handling-in-nl_str2ip_protos.patch
 patch6014:      backport-handle-negative-and-zero-size-in-nla_memcpy.patch
 patch6015:      backport-use-thread-safe-gmtime_r-instead-of-gmtime.patch
+Patch6016:      backport-fix-ubsan-complaint-about-incorrect.patch
+Patch6017:      backport-fix-new-object-in-callback-v2-on-update-obj.patch
+Patch6018:      backport-fix-IPv6-ecmp-route-deleted-nexthop-matching.patch
+Patch6019:      backport-treat-routes-with-via-nexthops-as-univers-scoped.patch
+Patch6020:      backport-keep-link-info-instead-of-release-and-reacquire.patch
 
 BuildRequires: flex bison libtool autoconf automake swig
 Requires:      %{name} = %{version}-%{release}
@@ -109,6 +114,12 @@ cd python
 %{python3_sitearch}/netlink-*.egg-info
 
 %changelog
+* Mon Nov 11 2024 chengyechun <chengyechun1@huawei.com> - 3.7.0-5
+- Type:bugfix
+- CVE:NA
+- SUG:NA
+- DESC:sync some pathes from upstream
+
 * Thu Apr 25 2024 sunhai <sunhai10@huawei.com> - 3.7.0-4
 - Type:bugfix
 - ID:NA
-- 
Gitee