From be1694f0bded513c4870eaecefceb6b86593c15f Mon Sep 17 00:00:00 2001
From: yangl777 <yanglu72@h-partners.com>
Date: Tue, 15 Apr 2025 12:17:12 +0000
Subject: [PATCH] sync some patches from upstream

---
 ...-fix-fd-leak-when-playing-with-netns.patch | 112 ++++++++++++++++++
 ...alloc-return-value-in-db_names_alloc.patch |  33 ++++++
 iproute.spec                                  |  12 +-
 3 files changed, 155 insertions(+), 2 deletions(-)
 create mode 100644 backport-fix-fd-leak-when-playing-with-netns.patch
 create mode 100644 backport-lib-names-check-calloc-return-value-in-db_names_alloc.patch

diff --git a/backport-fix-fd-leak-when-playing-with-netns.patch b/backport-fix-fd-leak-when-playing-with-netns.patch
new file mode 100644
index 0000000..b0bc8d5
--- /dev/null
+++ b/backport-fix-fd-leak-when-playing-with-netns.patch
@@ -0,0 +1,112 @@
+From 57daf8ff8c6c357a5a083657e5b03d2883cbc4f9 Mon Sep 17 00:00:00 2001
+From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
+Date: Wed, 18 Sep 2024 18:49:41 +0200
+Subject: [PATCH] iplink: fix fd leak when playing with netns
+ 
+The command 'ip link set foo netns mynetns' opens a file descriptor to fill
+the netlink attribute IFLA_NET_NS_FD. This file descriptor is never closed.
+When batch mode is used, the number of file descriptor may grow greatly and
+reach the maximum file descriptor number that can be opened.
+ 
+This fd can be closed only after the netlink answer. Moreover, a second
+fd could be opened because some (struct link_util)->parse_opt() handlers
+call iplink_parse().
+ 
+Let's add a helper to manage these fds:
+ - open_fds_add() stores a fd, up to 5 (arbitrary choice, it seems enough);
+ - open_fds_close() closes all stored fds.
+ 
+Fixes: 0dc34c7713bb ("iproute2: Add processless network namespace support")
+Reported-by: Alexandre Ferrieux <alexandre.ferrieux@orange.com>
+Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+ 
+Reference:https://github.com/iproute2/iproute2/commit/57daf8ff8c6c357a5a083657e5b03d2883cbc4f9
+Conflict:Context adaptation
+---
+ include/utils.h |  3 +++
+ ip/iplink.c     |  8 ++++++--
+ lib/utils.c     | 23 +++++++++++++++++++++++
+ 3 files changed, 32 insertions(+), 2 deletions(-)
+
+diff --git a/include/utils.h b/include/utils.h
+index 5c2cd91..69de411 100644
+--- a/include/utils.h
++++ b/include/utils.h
+@@ -321,4 +321,7 @@ int get_time64(__s64 *time, const char *str);
+ char *sprint_time(__u32 time, char *buf);
+ char *sprint_time64(__s64 time, char *buf);
+ 
++int open_fds_add(int fd);
++void open_fds_close(void);
++
+ #endif /* __UTILS_H__ */
+diff --git a/ip/iplink.c b/ip/iplink.c
+index 47f7398..51937e2 100644
+--- a/ip/iplink.c
++++ b/ip/iplink.c
+@@ -675,9 +675,11 @@ int iplink_parse(int argc, char **argv, struct iplink_req *req, char **type)
+ 			if (netns != -1)
+ 				duparg("netns", *argv);
+ 			netns = netns_get_fd(*argv);
+-			if (netns >= 0)
++			if (netns >= 0) {
++				open_fds_add(netns);
+ 				addattr_l(&req->n, sizeof(*req), IFLA_NET_NS_FD,
+ 					  &netns, 4);
++			}
+ 			else if (get_integer(&netns, *argv, 0) == 0)
+ 				addattr_l(&req->n, sizeof(*req),
+ 					  IFLA_NET_NS_PID, &netns, 4);
+@@ -1085,7 +1087,9 @@ static int iplink_modify(int cmd, unsigned int flags, int argc, char **argv)
+ 		return -1;
+ 	}
+ 
+-	if (rtnl_talk(&rth, &req.n, NULL) < 0)
++	ret = rtnl_talk(&rth, &req.n, NULL);
++	open_fds_close();
++	if (ret < 0)
+ 		return -2;
+ 
+ 	/* remove device from cache; next use can refresh with new data */
+diff --git a/lib/utils.c b/lib/utils.c
+index c6f19ce..061d7c4 100644
+--- a/lib/utils.c
++++ b/lib/utils.c
+@@ -45,6 +45,9 @@ int timestamp_short;
+ int pretty;
+ const char *_SL_ = "\n";
+ 
++static int open_fds[5];
++static int open_fds_cnt;
++
+ static int af_byte_len(int af);
+ static void print_time(char *buf, int len, __u32 time);
+ static void print_time64(char *buf, int len, __s64 time);
+@@ -1695,3 +1698,23 @@ char *sprint_time64(__s64 time, char *buf)
+ 	print_time64(buf, SPRINT_BSIZE-1, time);
+ 	return buf;
+ }
++
++int open_fds_add(int fd)
++{
++	if (open_fds_cnt >= ARRAY_SIZE(open_fds))
++		return -1;
++
++	open_fds[open_fds_cnt++] = fd;
++	return 0;
++}
++
++
++void open_fds_close(void)
++{
++	int i;
++
++	for (i = 0; i < open_fds_cnt; i++)
++		close(open_fds[i]);
++
++	open_fds_cnt = 0;
++}
+-- 
+2.43.0
+
diff --git a/backport-lib-names-check-calloc-return-value-in-db_names_alloc.patch b/backport-lib-names-check-calloc-return-value-in-db_names_alloc.patch
new file mode 100644
index 0000000..138a640
--- /dev/null
+++ b/backport-lib-names-check-calloc-return-value-in-db_names_alloc.patch
@@ -0,0 +1,33 @@
+From 225f74761b091e51444cf1f9686547f3c42e44b3 Mon Sep 17 00:00:00 2001
+From: Denis Kirjanov <kirjanov@gmail.com>
+Date: Wed, 13 Nov 2024 13:53:49 +0300
+Subject: [PATCH] lib: names: check calloc return value in db_names_alloc
+
+db_names_load() may crash since it touches the
+hash member. Fix it by checking the return value
+
+Signed-off-by: Denis Kirjanov <kirjanov@gmail.com>
+Signed-off-by: Stephen Hemminger <stephen@networkplumber.org>
+
+Reference:https://github.com/iproute2/iproute2/commit/225f74761b091e51444cf1f9686547f3c42e44b3
+Conflict:NA
+---
+ lib/names.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/lib/names.c b/lib/names.c
+index cbfa971ff..4ecae92b9 100644
+--- a/lib/names.c
++++ b/lib/names.c
+@@ -55,6 +55,10 @@ struct db_names *db_names_alloc(void)
+ 
+ 	db->size = MAX_ENTRIES;
+ 	db->hash = calloc(db->size, sizeof(struct db_entry *));
++	if (!db->hash) {
++		free(db);
++		return NULL;
++	}
+ 
+ 	return db;
+ }
+
diff --git a/iproute.spec b/iproute.spec
index 651776d..7b9fb0f 100644
--- a/iproute.spec
+++ b/iproute.spec
@@ -1,7 +1,7 @@
 #needsrootforbuild
 Name:		iproute
 Version:	5.5.0
-Release:	18
+Release:	19
 Summary:	Linux network configuration utilities
 License:	GPLv2+ and Public Domain
 URL:		https://kernel.org/pub/linux/utils/net/iproute2/
@@ -61,7 +61,8 @@ Patch6038:  backport-lnstat-fix-strdup-leak-in-w-argument-parsing.patch
 Patch6039:  backport-libnetlink-fix-socket-leak-in-rtnl_open_byproto.patch
 
 Patch6040:  backport-nstat-print-useful-error-messages-in-abort-cases.patch
-
+Patch6041:  backport-lib-names-check-calloc-return-value-in-db_names_alloc.patch
+Patch6042:  backport-fix-fd-leak-when-playing-with-netns.patch
 
 BuildRequires:	gcc bison elfutils-libelf-devel flex iptables-devel
 BuildRequires:  libmnl-devel libselinux-devel pkgconfig git make sudo
@@ -137,6 +138,13 @@ install -m 0644 lib/libnetlink.a %{buildroot}%{_libdir}/libnetlink.a
 %{_mandir}/*
 
 %changelog
+* Tue Apr 15 2025 yanglu <yanglu72@h-partners.com> - 5.5.0-19
+- Type:bugfix
+- ID:NA
+- SUG:NA
+- DESC:lib:names:check calloc return value in db_names_alloc
+       fix fd leak when playing with netns
+
 * Mon 19 Feb 2024 jiangjixiang <jiangjixiang@kylinos.cn> - 5.5.0-18
 - Type:bugfix
 - ID:NA