<feed xmlns='http://www.w3.org/2005/Atom'>
<title>kernel/git/stable/linux.git/net/bridge, branch linux-4.1.y</title>
<subtitle>Linux kernel stable tree</subtitle>
<id>https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/atom?h=linux-4.1.y</id>
<link rel='self' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/atom?h=linux-4.1.y'/>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/'/>
<updated>2018-05-23T01:33:57+00:00</updated>
<entry>
<title>netfilter: bridge: ebt_among: add more missing match size checks</title>
<updated>2018-05-23T01:33:57+00:00</updated>
<author>
<name>Florian Westphal</name>
<email>fw@strlen.de</email>
</author>
<published>2018-03-09T13:27:31+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=85fabfddebb4d10c847c29210752dd68d72d4bf2'/>
<id>urn:sha1:85fabfddebb4d10c847c29210752dd68d72d4bf2</id>
<content type='text'>
[ Upstream commit c8d70a700a5b486bfa8e5a7d33d805389f6e59f9 ]

ebt_among is special, it has a dynamic match size and is exempt
from the central size checks.

commit c4585a2823edf ("bridge: ebt_among: add missing match size checks")
added validation for pool size, but missed fact that the macros
ebt_among_wh_src/dst can already return out-of-bound result because
they do not check value of wh_src/dst_ofs (an offset) vs. the size
of the match that userspace gave to us.

v2:
check that offset has correct alignment.
Paolo Abeni points out that we should also check that src/dst
wormhash arrays do not overlap, and src + length lines up with
start of dst (or vice versa).
v3: compact wormhash_sizes_valid() part

NB: Fixes tag is intentionally wrong, this bug exists from day
one when match was added for 2.6 kernel. Tag is there so stable
maintainers will notice this one too.

Tested with same rules from the earlier patch.

Fixes: c4585a2823edf ("bridge: ebt_among: add missing match size checks")
Reported-by: &lt;syzbot+bdabab6f1983a03fc009@syzkaller.appspotmail.com&gt;
Signed-off-by: Florian Westphal &lt;fw@strlen.de&gt;
Reviewed-by: Eric Dumazet &lt;edumazet@google.com&gt;
Signed-off-by: Pablo Neira Ayuso &lt;pablo@netfilter.org&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</content>
</entry>
<entry>
<title>netfilter: bridge: ebt_among: add missing match size checks</title>
<updated>2018-03-21T03:49:52+00:00</updated>
<author>
<name>Florian Westphal</name>
<email>fw@strlen.de</email>
</author>
<published>2018-02-19T02:01:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b809f906144dc68bcff91ab74da723fddfcd8061'/>
<id>urn:sha1:b809f906144dc68bcff91ab74da723fddfcd8061</id>
<content type='text'>
[ Upstream commit c4585a2823edf4d1326da44d1524ecbfda26bb37 ]

ebt_among is special, it has a dynamic match size and is exempt
from the central size checks.

Therefore it must check that the size of the match structure
provided from userspace is sane by making sure em-&gt;match_size
is at least the minimum size of the expected structure.

The module has such a check, but its only done after accessing
a structure that might be out of bounds.

tested with: ebtables -A INPUT ... \
--among-dst fe:fe:fe:fe:fe:fe
--among-dst fe:fe:fe:fe:fe:fe --among-src fe:fe:fe:fe:ff:f,fe:fe:fe:fe:fe:fb,fe:fe:fe:fe:fc:fd,fe:fe:fe:fe:fe:fd,fe:fe:fe:fe:fe:fe
--among-src fe:fe:fe:fe:ff:f,fe:fe:fe:fe:fe:fa,fe:fe:fe:fe:fe:fd,fe:fe:fe:fe:fe:fe,fe:fe:fe:fe:fe:fe

Reported-by: &lt;syzbot+fe0b19af568972814355@syzkaller.appspotmail.com&gt;
Signed-off-by: Florian Westphal &lt;fw@strlen.de&gt;
Signed-off-by: Pablo Neira Ayuso &lt;pablo@netfilter.org&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</content>
</entry>
<entry>
<title>netfilter: ebtables: CONFIG_COMPAT: don't trust userland offsets</title>
<updated>2018-03-21T03:49:51+00:00</updated>
<author>
<name>Florian Westphal</name>
<email>fw@strlen.de</email>
</author>
<published>2018-02-19T00:24:15+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=1829a59ba6e8fa6467ea4607cf086b5e2d8d6426'/>
<id>urn:sha1:1829a59ba6e8fa6467ea4607cf086b5e2d8d6426</id>
<content type='text'>
[ Upstream commit b71812168571fa55e44cdd0254471331b9c4c4c6 ]

We need to make sure the offsets are not out of range of the
total size.
Also check that they are in ascending order.

The WARN_ON triggered by syzkaller (it sets panic_on_warn) is
changed to also bail out, no point in continuing parsing.

Briefly tested with simple ruleset of
-A INPUT --limit 1/s' --log
plus jump to custom chains using 32bit ebtables binary.

Reported-by: &lt;syzbot+845a53d13171abf8bf29@syzkaller.appspotmail.com&gt;
Signed-off-by: Florian Westphal &lt;fw@strlen.de&gt;
Signed-off-by: Pablo Neira Ayuso &lt;pablo@netfilter.org&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</content>
</entry>
<entry>
<title>bridge: check brport attr show in brport_show</title>
<updated>2018-03-21T03:49:47+00:00</updated>
<author>
<name>Xin Long</name>
<email>lucien.xin@gmail.com</email>
</author>
<published>2018-02-12T09:15:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=48e0c1663636fb4fcf578805a474c7f79ee2220f'/>
<id>urn:sha1:48e0c1663636fb4fcf578805a474c7f79ee2220f</id>
<content type='text'>
[ Upstream commit 1b12580af1d0677c3c3a19e35bfe5d59b03f737f ]

Now br_sysfs_if file flush doesn't have attr show. To read it will
cause kernel panic after users chmod u+r this file.

Xiong found this issue when running the commands:

  ip link add br0 type bridge
  ip link add type veth
  ip link set veth0 master br0
  chmod u+r /sys/devices/virtual/net/veth0/brport/flush
  timeout 3 cat /sys/devices/virtual/net/veth0/brport/flush

kernel crashed with NULL a pointer dereference call trace.

This patch is to fix it by return -EINVAL when brport_attr-&gt;show
is null, just the same as the check for brport_attr-&gt;store in
brport_store().

Fixes: 9cf637473c85 ("bridge: add sysfs hook to flush forwarding table")
Reported-by: Xiong Zhou &lt;xzhou@redhat.com&gt;
Signed-off-by: Xin Long &lt;lucien.xin@gmail.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;alexander.levin@microsoft.com&gt;
</content>
</entry>
<entry>
<title>net: bridge: fix old ioctl unlocked net device walk</title>
<updated>2016-07-11T03:07:25+00:00</updated>
<author>
<name>Nikolay Aleksandrov</name>
<email>nikolay@cumulusnetworks.com</email>
</author>
<published>2016-05-04T14:18:45+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=806d70c7da5bc0dc43e54fe0362fc0fcf573bfe2'/>
<id>urn:sha1:806d70c7da5bc0dc43e54fe0362fc0fcf573bfe2</id>
<content type='text'>
[ Upstream commit 31ca0458a61a502adb7ed192bf9716c6d05791a5 ]

get_bridge_ifindices() is used from the old "deviceless" bridge ioctl
calls which aren't called with rtnl held. The comment above says that it is
called with rtnl but that is not really the case.
Here's a sample output from a test ASSERT_RTNL() which I put in
get_bridge_ifindices and executed "brctl show":
[  957.422726] RTNL: assertion failed at net/bridge//br_ioctl.c (30)
[  957.422925] CPU: 0 PID: 1862 Comm: brctl Tainted: G        W  O
4.6.0-rc4+ #157
[  957.423009] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996),
BIOS 1.8.1-20150318_183358- 04/01/2014
[  957.423009]  0000000000000000 ffff880058adfdf0 ffffffff8138dec5
0000000000000400
[  957.423009]  ffffffff81ce8380 ffff880058adfe58 ffffffffa05ead32
0000000000000001
[  957.423009]  00007ffec1a444b0 0000000000000400 ffff880053c19130
0000000000008940
[  957.423009] Call Trace:
[  957.423009]  [&lt;ffffffff8138dec5&gt;] dump_stack+0x85/0xc0
[  957.423009]  [&lt;ffffffffa05ead32&gt;]
br_ioctl_deviceless_stub+0x212/0x2e0 [bridge]
[  957.423009]  [&lt;ffffffff81515beb&gt;] sock_ioctl+0x22b/0x290
[  957.423009]  [&lt;ffffffff8126ba75&gt;] do_vfs_ioctl+0x95/0x700
[  957.423009]  [&lt;ffffffff8126c159&gt;] SyS_ioctl+0x79/0x90
[  957.423009]  [&lt;ffffffff8163a4c0&gt;] entry_SYSCALL_64_fastpath+0x23/0xc1

Since it only reads bridge ifindices, we can use rcu to safely walk the net
device list. Also remove the wrong rtnl comment above.

Signed-off-by: Nikolay Aleksandrov &lt;nikolay@cumulusnetworks.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sasha.levin@oracle.com&gt;
</content>
</entry>
<entry>
<title>switchdev: Require RTNL mutex to be held when sending FDB notifications</title>
<updated>2016-03-04T15:25:47+00:00</updated>
<author>
<name>Ido Schimmel</name>
<email>idosch@mellanox.com</email>
</author>
<published>2016-01-27T14:16:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=4c62ddf7e39943b356157b4c2196a71825c8328c'/>
<id>urn:sha1:4c62ddf7e39943b356157b4c2196a71825c8328c</id>
<content type='text'>
[ Upstream commit 4f2c6ae5c64c353fb1b0425e4747e5603feadba1 ]

When switchdev drivers process FDB notifications from the underlying
device they resolve the netdev to which the entry points to and notify
the bridge using the switchdev notifier.

However, since the RTNL mutex is not held there is nothing preventing
the netdev from disappearing in the middle, which will cause
br_switchdev_event() to dereference a non-existing netdev.

Make switchdev drivers hold the lock at the beginning of the
notification processing session and release it once it ends, after
notifying the bridge.

Also, remove switchdev_mutex and fdb_lock, as they are no longer needed
when RTNL mutex is held.

Fixes: 03bf0c281234 ("switchdev: introduce switchdev notifier")
Signed-off-by: Ido Schimmel &lt;idosch@mellanox.com&gt;
Signed-off-by: Jiri Pirko &lt;jiri@mellanox.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Sasha Levin &lt;sasha.levin@oracle.com&gt;
</content>
</entry>
<entry>
<title>bridge: fix lockdep addr_list_lock false positive splat</title>
<updated>2016-01-31T19:23:37+00:00</updated>
<author>
<name>Nikolay Aleksandrov</name>
<email>nikolay@cumulusnetworks.com</email>
</author>
<published>2016-01-15T18:03:54+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=332fb8799ed1c701339e9b4dad3efbed245b4cf8'/>
<id>urn:sha1:332fb8799ed1c701339e9b4dad3efbed245b4cf8</id>
<content type='text'>
[ Upstream commit c6894dec8ea9ae05747124dce98b3b5c2e69b168 ]

After promisc mode management was introduced a bridge device could do
dev_set_promiscuity from its ndo_change_rx_flags() callback which in
turn can be called after the bridge's addr_list_lock has been taken
(e.g. by dev_uc_add). This causes a false positive lockdep splat because
the port interfaces' addr_list_lock is taken when br_manage_promisc()
runs after the bridge's addr list lock was already taken.
To remove the false positive introduce a custom bridge addr_list_lock
class and set it on bridge init.
A simple way to reproduce this is with the following:
$ brctl addbr br0
$ ip l add l br0 br0.100 type vlan id 100
$ ip l set br0 up
$ ip l set br0.100 up
$ echo 1 &gt; /sys/class/net/br0/bridge/vlan_filtering
$ brctl addif br0 eth0
Splat:
[   43.684325] =============================================
[   43.684485] [ INFO: possible recursive locking detected ]
[   43.684636] 4.4.0-rc8+ #54 Not tainted
[   43.684755] ---------------------------------------------
[   43.684906] brctl/1187 is trying to acquire lock:
[   43.685047]  (_xmit_ETHER){+.....}, at: [&lt;ffffffff8150169e&gt;] dev_set_rx_mode+0x1e/0x40
[   43.685460]  but task is already holding lock:
[   43.685618]  (_xmit_ETHER){+.....}, at: [&lt;ffffffff815072a7&gt;] dev_uc_add+0x27/0x80
[   43.686015]  other info that might help us debug this:
[   43.686316]  Possible unsafe locking scenario:

[   43.686743]        CPU0
[   43.686967]        ----
[   43.687197]   lock(_xmit_ETHER);
[   43.687544]   lock(_xmit_ETHER);
[   43.687886] *** DEADLOCK ***

[   43.688438]  May be due to missing lock nesting notation

[   43.688882] 2 locks held by brctl/1187:
[   43.689134]  #0:  (rtnl_mutex){+.+.+.}, at: [&lt;ffffffff81510317&gt;] rtnl_lock+0x17/0x20
[   43.689852]  #1:  (_xmit_ETHER){+.....}, at: [&lt;ffffffff815072a7&gt;] dev_uc_add+0x27/0x80
[   43.690575] stack backtrace:
[   43.690970] CPU: 0 PID: 1187 Comm: brctl Not tainted 4.4.0-rc8+ #54
[   43.691270] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.8.1-20150318_183358- 04/01/2014
[   43.691770]  ffffffff826a25c0 ffff8800369fb8e0 ffffffff81360ceb ffffffff826a25c0
[   43.692425]  ffff8800369fb9b8 ffffffff810d0466 ffff8800369fb968 ffffffff81537139
[   43.693071]  ffff88003a08c880 0000000000000000 00000000ffffffff 0000000002080020
[   43.693709] Call Trace:
[   43.693931]  [&lt;ffffffff81360ceb&gt;] dump_stack+0x4b/0x70
[   43.694199]  [&lt;ffffffff810d0466&gt;] __lock_acquire+0x1e46/0x1e90
[   43.694483]  [&lt;ffffffff81537139&gt;] ? netlink_broadcast_filtered+0x139/0x3e0
[   43.694789]  [&lt;ffffffff8153b5da&gt;] ? nlmsg_notify+0x5a/0xc0
[   43.695064]  [&lt;ffffffff810d10f5&gt;] lock_acquire+0xe5/0x1f0
[   43.695340]  [&lt;ffffffff8150169e&gt;] ? dev_set_rx_mode+0x1e/0x40
[   43.695623]  [&lt;ffffffff815edea5&gt;] _raw_spin_lock_bh+0x45/0x80
[   43.695901]  [&lt;ffffffff8150169e&gt;] ? dev_set_rx_mode+0x1e/0x40
[   43.696180]  [&lt;ffffffff8150169e&gt;] dev_set_rx_mode+0x1e/0x40
[   43.696460]  [&lt;ffffffff8150189c&gt;] dev_set_promiscuity+0x3c/0x50
[   43.696750]  [&lt;ffffffffa0586845&gt;] br_port_set_promisc+0x25/0x50 [bridge]
[   43.697052]  [&lt;ffffffffa05869aa&gt;] br_manage_promisc+0x8a/0xe0 [bridge]
[   43.697348]  [&lt;ffffffffa05826ee&gt;] br_dev_change_rx_flags+0x1e/0x20 [bridge]
[   43.697655]  [&lt;ffffffff81501532&gt;] __dev_set_promiscuity+0x132/0x1f0
[   43.697943]  [&lt;ffffffff81501672&gt;] __dev_set_rx_mode+0x82/0x90
[   43.698223]  [&lt;ffffffff815072de&gt;] dev_uc_add+0x5e/0x80
[   43.698498]  [&lt;ffffffffa05b3c62&gt;] vlan_device_event+0x542/0x650 [8021q]
[   43.698798]  [&lt;ffffffff8109886d&gt;] notifier_call_chain+0x5d/0x80
[   43.699083]  [&lt;ffffffff810988b6&gt;] raw_notifier_call_chain+0x16/0x20
[   43.699374]  [&lt;ffffffff814f456e&gt;] call_netdevice_notifiers_info+0x6e/0x80
[   43.699678]  [&lt;ffffffff814f4596&gt;] call_netdevice_notifiers+0x16/0x20
[   43.699973]  [&lt;ffffffffa05872be&gt;] br_add_if+0x47e/0x4c0 [bridge]
[   43.700259]  [&lt;ffffffffa058801e&gt;] add_del_if+0x6e/0x80 [bridge]
[   43.700548]  [&lt;ffffffffa0588b5f&gt;] br_dev_ioctl+0xaf/0xc0 [bridge]
[   43.700836]  [&lt;ffffffff8151a7ac&gt;] dev_ifsioc+0x30c/0x3c0
[   43.701106]  [&lt;ffffffff8151aac9&gt;] dev_ioctl+0xf9/0x6f0
[   43.701379]  [&lt;ffffffff81254345&gt;] ? mntput_no_expire+0x5/0x450
[   43.701665]  [&lt;ffffffff812543ee&gt;] ? mntput_no_expire+0xae/0x450
[   43.701947]  [&lt;ffffffff814d7b02&gt;] sock_do_ioctl+0x42/0x50
[   43.702219]  [&lt;ffffffff814d8175&gt;] sock_ioctl+0x1e5/0x290
[   43.702500]  [&lt;ffffffff81242d0b&gt;] do_vfs_ioctl+0x2cb/0x5c0
[   43.702771]  [&lt;ffffffff81243079&gt;] SyS_ioctl+0x79/0x90
[   43.703033]  [&lt;ffffffff815eebb6&gt;] entry_SYSCALL_64_fastpath+0x16/0x7a

CC: Vlad Yasevich &lt;vyasevic@redhat.com&gt;
CC: Stephen Hemminger &lt;stephen@networkplumber.org&gt;
CC: Bridge list &lt;bridge@lists.linux-foundation.org&gt;
CC: Andy Gospodarek &lt;gospo@cumulusnetworks.com&gt;
CC: Roopa Prabhu &lt;roopa@cumulusnetworks.com&gt;
Fixes: 2796d0c648c9 ("bridge: Automatically manage port promiscuous mode.")
Reported-by: Andy Gospodarek &lt;gospo@cumulusnetworks.com&gt;
Signed-off-by: Nikolay Aleksandrov &lt;nikolay@cumulusnetworks.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bridge: Only call /sbin/bridge-stp for the initial network namespace</title>
<updated>2016-01-31T19:23:36+00:00</updated>
<author>
<name>Hannes Frederic Sowa</name>
<email>hannes@stressinduktion.org</email>
</author>
<published>2016-01-05T09:46:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=a6b1d24893805bb4f2e7c7bc6f86a98ec37065ee'/>
<id>urn:sha1:a6b1d24893805bb4f2e7c7bc6f86a98ec37065ee</id>
<content type='text'>
[ Upstream commit ff62198553e43cdffa9d539f6165d3e83f8a42bc ]

[I stole this patch from Eric Biederman. He wrote:]

&gt; There is no defined mechanism to pass network namespace information
&gt; into /sbin/bridge-stp therefore don't even try to invoke it except
&gt; for bridge devices in the initial network namespace.
&gt;
&gt; It is possible for unprivileged users to cause /sbin/bridge-stp to be
&gt; invoked for any network device name which if /sbin/bridge-stp does not
&gt; guard against unreasonable arguments or being invoked twice on the
&gt; same network device could cause problems.

[Hannes: changed patch using netns_eq]

Cc: Eric W. Biederman &lt;ebiederm@xmission.com&gt;
Signed-off-by: Eric W. Biederman &lt;ebiederm@xmission.com&gt;
Signed-off-by: Hannes Frederic Sowa &lt;hannes@stressinduktion.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bridge: fix igmpv3 / mldv2 report parsing</title>
<updated>2015-10-03T11:49:15+00:00</updated>
<author>
<name>Linus Lüssing</name>
<email>linus.luessing@c0d3.blue</email>
</author>
<published>2015-09-11T16:39:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=022ce825bec2cba19bfb3cc5473df4347851c506'/>
<id>urn:sha1:022ce825bec2cba19bfb3cc5473df4347851c506</id>
<content type='text'>
[ Upstream commit c2d4fbd2163e607915cc05798ce7fb7f31117cc1 ]

With the newly introduced helper functions the skb pulling is hidden in
the checksumming function - and undone before returning to the caller.

The IGMPv3 and MLDv2 report parsing functions in the bridge still
assumed that the skb is pointing to the beginning of the IGMP/MLD
message while it is now kept at the beginning of the IPv4/6 header,
breaking the message parsing and creating packet loss.

Fixing this by taking the offset between IP and IGMP/MLD header into
account, too.

Fixes: 9afd85c9e455 ("net: Export IGMP/MLD message validation code")
Reported-by: Tobias Powalowski &lt;tobias.powalowski@googlemail.com&gt;
Tested-by: Tobias Powalowski &lt;tobias.powalowski@googlemail.com&gt;
Signed-off-by: Linus Lüssing &lt;linus.luessing@c0d3.blue&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>bridge: netlink: account for the IFLA_BRPORT_PROXYARP_WIFI attribute size and policy</title>
<updated>2015-09-29T17:26:25+00:00</updated>
<author>
<name>Nikolay Aleksandrov</name>
<email>nikolay@cumulusnetworks.com</email>
</author>
<published>2015-08-04T17:06:33+00:00</published>
<link rel='alternate' type='text/html' href='https://git.rulkc.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=b291dba31d0862c9262005ee7a8b38f2377494fa'/>
<id>urn:sha1:b291dba31d0862c9262005ee7a8b38f2377494fa</id>
<content type='text'>
[ Upstream commit 786c2077ec8e9eab37a88fc14aac4309a8061e18 ]

The attribute size wasn't accounted for in the get_slave_size() callback
(br_port_get_slave_size) when it was introduced, so fix it now. Also add
a policy entry for it in br_port_policy.

Signed-off-by: Nikolay Aleksandrov &lt;nikolay@cumulusnetworks.com&gt;
Fixes: 842a9ae08a25 ("bridge: Extend Proxy ARP design to allow optional rules for Wi-Fi")
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Greg Kroah-Hartman &lt;gregkh@linuxfoundation.org&gt;
</content>
</entry>
</feed>
