From patchwork Thu Jul 21 00:22:34 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Brenden Blanco X-Patchwork-Id: 650958 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3rvvdT12fqz9t4k for ; Thu, 21 Jul 2016 10:23:25 +1000 (AEST) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=plumgrid-com.20150623.gappssmtp.com header.i=@plumgrid-com.20150623.gappssmtp.com header.b=VMkkKyqN; dkim-atps=neutral Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753924AbcGUAXW (ORCPT ); Wed, 20 Jul 2016 20:23:22 -0400 Received: from mail-pa0-f52.google.com ([209.85.220.52]:33240 "EHLO mail-pa0-f52.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753660AbcGUAXI (ORCPT ); Wed, 20 Jul 2016 20:23:08 -0400 Received: by mail-pa0-f52.google.com with SMTP id ks6so23024294pab.0 for ; Wed, 20 Jul 2016 17:23:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=plumgrid-com.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=L8IOknuHwxdoP8SSxgjUUJSb+s6hCswScAJgrKYiXq8=; b=VMkkKyqNCOmusFuGXQYjp0IWlz848Iy0lodzYpqhKsVd4PWFZiDw3oE37GbsvJHZl+ mI5HnSTYDHFacNLUlPjfTPljSUH8v6IRCdWzXSSNMNc7X3s7lSTfxFHC4vTDPCBJ7YhT JkS02VTqoLuScehyip6PZTe1Kp0sNZW07tgxFJIns0zM7BhseILFt3HlnPDsHn6UHf77 ZykSbya+iOmV8+ADWkkb/J0UFikQNyJcePP/MoYhVXLiT+1YCiYamqc4y52hGGc6PuPA 4z+wCMQKO/INWYrGb4Xk96en1eEBH2PBYMnVfOt884BPlw8QeveRQCs5CJrMDAEGnDwJ 3egQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=L8IOknuHwxdoP8SSxgjUUJSb+s6hCswScAJgrKYiXq8=; b=URfjByv7iEf09cZ18iGjBh1rW3J2iQlNposl7qINMbrPbOg3ZkbwZW94HMqpB7plm2 UfKBh8hmMx+MVjDeFS8kzBYXK1uYc8/w10EwlRleaWquPqf+WRg2rU1SPa/i74rpcTmi x3ysF9PZ8Kqq/djtOVHgX820BxYleI/+gKj4f4jj88iuK2PqRXFLKwKxzvCWvJwHtJ7Z IaA4MmkUHNzaDgxIqGsc6wPIv4wKdqCL7oPfWBYw/XMf4R0lQAMkcQvAsGMH6chyGwjd WDexxSfRETuDhiLYOwgy+J484KkcbxHXCeAVweN2MvhX3V5dQw4PYh9xDIhDs77bPaCP 8WLQ== X-Gm-Message-State: ALyK8tJS2i2QpEnQMwNFooBVVNC81JlgDdhnMpKv9qu8/fv8/nvuEGJazPkgV4VFyNCNSyg6 X-Received: by 10.66.161.195 with SMTP id xu3mr64378959pab.68.1469060587619; Wed, 20 Jul 2016 17:23:07 -0700 (PDT) Received: from iovisor-test1.plumgrid.com ([12.97.19.201]) by smtp.gmail.com with ESMTPSA id l128sm1773651pfl.21.2016.07.20.17.23.06 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 20 Jul 2016 17:23:07 -0700 (PDT) From: Brenden Blanco To: davem@davemloft.net, netdev@vger.kernel.org Cc: Brenden Blanco , Daniel Borkmann , Alexei Starovoitov , Tariq Toukan Subject: [PATCH net-next 2/3] rtnl: protect do_setlink from IFLA_XDP_ATTACHED Date: Wed, 20 Jul 2016 17:22:34 -0700 Message-Id: <1469060555-20250-3-git-send-email-bblanco@plumgrid.com> X-Mailer: git-send-email 2.8.2 In-Reply-To: <1469060555-20250-1-git-send-email-bblanco@plumgrid.com> References: <1469060555-20250-1-git-send-email-bblanco@plumgrid.com> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org The IFLA_XDP_ATTACHED nested attribute is meant for read-only, and while do_setlink properly ignores it, it should be more paranoid and reject commands that try to set it. Signed-off-by: Brenden Blanco Acked-by: Alexei Starovoitov --- net/core/rtnetlink.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index eba2b82..189cc78 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -2109,6 +2109,10 @@ static int do_setlink(const struct sk_buff *skb, if (err < 0) goto errout; + if (xdp[IFLA_XDP_ATTACHED]) { + err = -EINVAL; + goto errout; + } if (xdp[IFLA_XDP_FD]) { err = dev_change_xdp_fd(dev, nla_get_s32(xdp[IFLA_XDP_FD]));