[SRU][J][PATCH 0/1] build failure when CONFIG_NET_SWITCHDEV=n (CVE-2024-26837 follow-up)

Koichiro Den koichiro.den at canonical.com
Thu Mar 27 13:56:47 UTC 2025 

BugLink: https://bugs.launchpad.net/bugs/2104380

[ Impact ]

Since jammy:linux commit 0158242f01a0 ("net: bridge: switchdev: Skip MDB
replays of deferred events on offload"), the kernel build fails when
CONFIG_NET_SWITCHDEV=n, as observed in e.g. jammy:linux-kvm. The error is
as follows:

/build/jammy/net/bridge/br_mdb.c: In function 'br_mdb_queue_one':
/build/jammy/net/bridge/br_mdb.c:640:13: error: implicit declaration of function
'switchdev_port_obj_act_is_deferred'; did you mean 'switchdev_port_obj_add'? \
  [-Werror=implicit- function-declaration]
  640 |             switchdev_port_obj_act_is_deferred(dev, action, &mdb.obj)) {
      |             ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      |             switchdev_port_obj_add

[ Fix ]

Add a dummy implementation of switchdev_port_obj_act_is_deferred() for the
CONFIG_NET_SWITCHDEV=n case. This approach was chosen because it is less
risky and also requires minimal changes compared to the alternatives:

* Backport 9776457c784f ("net: bridge: mdb: move all switchdev logic to
  br_switchdev.c"), which would involve resolving significant conflicts, or
* Revert the CVE fix, cherry-pick nearly all prerequisite patches from [1]
  and [2], and then reapply the CVE fix.

Note that register_switchdev_blocking_notifier() does nothing when
CONFIG_NET_SWITCHDEV=n. Therefore, nbp_switchdev_(un)sync_objs (the sole
caller of br_mdb_replay()) does not run in the first place.

[1] https://lore.kernel.org/all/20211026142743.1298877-1-vladimir.oltean@nxp.com/
[2] https://lore.kernel.org/all/20211027162119.2496321-1-vladimir.oltean@nxp.com/

[ Test Plan ]

Compile test with both CONFIG_NET_SWITCHDEV=y and CONFIG_NET_SWITCHDEV=n.

[ Where problems could occur ]

Any regressions caused by this tiny fix-the-fix patch should be caught
during compilation.


Koichiro Den (1):
  UBUNTU: SAUCE: net: switchdev: fix compilation error for
    CONFIG_NET_SWITCHDEV=n

 include/net/switchdev.h | 7 +++++++
 1 file changed, 7 insertions(+)

-- 
2.45.2

More information about the kernel-team mailing list