| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <81baa41c-991f-e417-2a13-da9218c1408d@gmail.com>
Date: Fri, 15 Feb 2019 11:58:49 -0800
From: Gregory Rose <gvrose8192@...il.com>
To: Lorenzo Bianconi <lorenzo.bianconi@...hat.com>, davem@...emloft.net
Cc: netdev@...r.kernel.org, petrm@...lanox.com
Subject: Re: [PATCH net] net: ip6_gre: initialize erspan_ver just for erspan
tunnels
On 2/15/2019 6:10 AM, Lorenzo Bianconi wrote:
> After commit c706863bc890 ("net: ip6_gre: always reports o_key to
> userspace"), ip6gre and ip6gretap tunnels started reporting TUNNEL_KEY
> output flag even if it is not configured.
> ip6gre_fill_info checks erspan_ver value to add TUNNEL_KEY for
> erspan tunnels, however in commit 84581bdae9587 ("erspan: set
> erspan_ver to 1 by default when adding an erspan dev")
> erspan_ver is initialized to 1 even for ip6gre or ip6gretap
> Fix the issue moving erspan_ver initialization in a dedicated routine
>
> Fixes: c706863bc890 ("net: ip6_gre: always reports o_key to userspace")
> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@...hat.com>
> ---
> net/ipv6/ip6_gre.c | 34 ++++++++++++++++++++--------------
> 1 file changed, 20 insertions(+), 14 deletions(-)
>
> diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
> index 801a9a0c217e..43890898b0b5 100644
> --- a/net/ipv6/ip6_gre.c
> +++ b/net/ipv6/ip6_gre.c
> @@ -1719,6 +1719,24 @@ static int ip6erspan_tap_validate(struct nlattr *tb[], struct nlattr *data[],
> return 0;
> }
>
> +static void ip6erspan_set_version(struct nlattr *data[],
> + struct __ip6_tnl_parm *parms)
> +{
> + parms->erspan_ver = 1;
> + if (data[IFLA_GRE_ERSPAN_VER])
> + parms->erspan_ver = nla_get_u8(data[IFLA_GRE_ERSPAN_VER]);
> +
> + if (parms->erspan_ver == 1) {
> + if (data[IFLA_GRE_ERSPAN_INDEX])
> + parms->index = nla_get_u32(data[IFLA_GRE_ERSPAN_INDEX]);
> + } else if (parms->erspan_ver == 2) {
> + if (data[IFLA_GRE_ERSPAN_DIR])
> + parms->dir = nla_get_u8(data[IFLA_GRE_ERSPAN_DIR]);
> + if (data[IFLA_GRE_ERSPAN_HWID])
> + parms->hwid = nla_get_u16(data[IFLA_GRE_ERSPAN_HWID]);
> + }
> +}
> +
> static void ip6gre_netlink_parms(struct nlattr *data[],
> struct __ip6_tnl_parm *parms)
> {
> @@ -1767,20 +1785,6 @@ static void ip6gre_netlink_parms(struct nlattr *data[],
>
> if (data[IFLA_GRE_COLLECT_METADATA])
> parms->collect_md = true;
> -
> - parms->erspan_ver = 1;
> - if (data[IFLA_GRE_ERSPAN_VER])
> - parms->erspan_ver = nla_get_u8(data[IFLA_GRE_ERSPAN_VER]);
> -
> - if (parms->erspan_ver == 1) {
> - if (data[IFLA_GRE_ERSPAN_INDEX])
> - parms->index = nla_get_u32(data[IFLA_GRE_ERSPAN_INDEX]);
> - } else if (parms->erspan_ver == 2) {
> - if (data[IFLA_GRE_ERSPAN_DIR])
> - parms->dir = nla_get_u8(data[IFLA_GRE_ERSPAN_DIR]);
> - if (data[IFLA_GRE_ERSPAN_HWID])
> - parms->hwid = nla_get_u16(data[IFLA_GRE_ERSPAN_HWID]);
> - }
> }
>
> static int ip6gre_tap_init(struct net_device *dev)
> @@ -2203,6 +2207,7 @@ static int ip6erspan_newlink(struct net *src_net, struct net_device *dev,
> int err;
>
> ip6gre_netlink_parms(data, &nt->parms);
> + ip6erspan_set_version(data, &nt->parms);
> ign = net_generic(net, ip6gre_net_id);
>
> if (nt->parms.collect_md) {
> @@ -2248,6 +2253,7 @@ static int ip6erspan_changelink(struct net_device *dev, struct nlattr *tb[],
> if (IS_ERR(t))
> return PTR_ERR(t);
>
> + ip6erspan_set_version(data, &p);
> ip6gre_tunnel_unlink_md(ign, t);
> ip6gre_tunnel_unlink(ign, t);
> ip6erspan_tnl_change(t, &p, !tb[IFLA_MTU]);
LGTM. Thanks Lorenzo.
Reviewed-by: Greg Rose <gvrose8192@...il.com>
Powered by blists - more mailing lists