| Message ID | 1469060555-20250-3-git-send-email-bblanco@plumgrid.com |
|---|---|
| State | Accepted, archived |
| Delegated to: | David Miller |
| Headers | show |
On Wed, Jul 20, 2016 at 05:22:34PM -0700, Brenden Blanco wrote: > The IFLA_XDP_ATTACHED nested attribute is meant for read-only, and while > do_setlink properly ignores it, it should be more paranoid and reject > commands that try to set it. > > Signed-off-by: Brenden Blanco <bblanco@plumgrid.com> Suggested-by: Daniel Borkmann <daniel@iogearbox.net> Acked-by: Alexei Starovoitov <ast@kernel.org>
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index eba2b82..189cc78 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -2109,6 +2109,10 @@ static int do_setlink(const struct sk_buff *skb, if (err < 0) goto errout; + if (xdp[IFLA_XDP_ATTACHED]) { + err = -EINVAL; + goto errout; + } if (xdp[IFLA_XDP_FD]) { err = dev_change_xdp_fd(dev, nla_get_s32(xdp[IFLA_XDP_FD]));
The IFLA_XDP_ATTACHED nested attribute is meant for read-only, and while do_setlink properly ignores it, it should be more paranoid and reject commands that try to set it. Signed-off-by: Brenden Blanco <bblanco@plumgrid.com> --- net/core/rtnetlink.c | 4 ++++ 1 file changed, 4 insertions(+)