lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Fri, 15 Feb 2019 11:58:49 -0800
From:   Gregory Rose <gvrose8192@...il.com>
To:     Lorenzo Bianconi <lorenzo.bianconi@...hat.com>, davem@...emloft.net
Cc:     netdev@...r.kernel.org, petrm@...lanox.com
Subject: Re: [PATCH net] net: ip6_gre: initialize erspan_ver just for erspan
 tunnels


On 2/15/2019 6:10 AM, Lorenzo Bianconi wrote:
> After commit c706863bc890 ("net: ip6_gre: always reports o_key to
> userspace"), ip6gre and ip6gretap tunnels started reporting TUNNEL_KEY
> output flag even if it is not configured.
> ip6gre_fill_info checks erspan_ver value to add TUNNEL_KEY for
> erspan tunnels, however in commit 84581bdae9587 ("erspan: set
> erspan_ver to 1 by default when adding an erspan dev")
> erspan_ver is initialized to 1 even for ip6gre or ip6gretap
> Fix the issue moving erspan_ver initialization in a dedicated routine
>
> Fixes: c706863bc890 ("net: ip6_gre: always reports o_key to userspace")
> Signed-off-by: Lorenzo Bianconi <lorenzo.bianconi@...hat.com>
> ---
>   net/ipv6/ip6_gre.c | 34 ++++++++++++++++++++--------------
>   1 file changed, 20 insertions(+), 14 deletions(-)
>
> diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
> index 801a9a0c217e..43890898b0b5 100644
> --- a/net/ipv6/ip6_gre.c
> +++ b/net/ipv6/ip6_gre.c
> @@ -1719,6 +1719,24 @@ static int ip6erspan_tap_validate(struct nlattr *tb[], struct nlattr *data[],
>   	return 0;
>   }
>   
> +static void ip6erspan_set_version(struct nlattr *data[],
> +				  struct __ip6_tnl_parm *parms)
> +{
> +	parms->erspan_ver = 1;
> +	if (data[IFLA_GRE_ERSPAN_VER])
> +		parms->erspan_ver = nla_get_u8(data[IFLA_GRE_ERSPAN_VER]);
> +
> +	if (parms->erspan_ver == 1) {
> +		if (data[IFLA_GRE_ERSPAN_INDEX])
> +			parms->index = nla_get_u32(data[IFLA_GRE_ERSPAN_INDEX]);
> +	} else if (parms->erspan_ver == 2) {
> +		if (data[IFLA_GRE_ERSPAN_DIR])
> +			parms->dir = nla_get_u8(data[IFLA_GRE_ERSPAN_DIR]);
> +		if (data[IFLA_GRE_ERSPAN_HWID])
> +			parms->hwid = nla_get_u16(data[IFLA_GRE_ERSPAN_HWID]);
> +	}
> +}
> +
>   static void ip6gre_netlink_parms(struct nlattr *data[],
>   				struct __ip6_tnl_parm *parms)
>   {
> @@ -1767,20 +1785,6 @@ static void ip6gre_netlink_parms(struct nlattr *data[],
>   
>   	if (data[IFLA_GRE_COLLECT_METADATA])
>   		parms->collect_md = true;
> -
> -	parms->erspan_ver = 1;
> -	if (data[IFLA_GRE_ERSPAN_VER])
> -		parms->erspan_ver = nla_get_u8(data[IFLA_GRE_ERSPAN_VER]);
> -
> -	if (parms->erspan_ver == 1) {
> -		if (data[IFLA_GRE_ERSPAN_INDEX])
> -			parms->index = nla_get_u32(data[IFLA_GRE_ERSPAN_INDEX]);
> -	} else if (parms->erspan_ver == 2) {
> -		if (data[IFLA_GRE_ERSPAN_DIR])
> -			parms->dir = nla_get_u8(data[IFLA_GRE_ERSPAN_DIR]);
> -		if (data[IFLA_GRE_ERSPAN_HWID])
> -			parms->hwid = nla_get_u16(data[IFLA_GRE_ERSPAN_HWID]);
> -	}
>   }
>   
>   static int ip6gre_tap_init(struct net_device *dev)
> @@ -2203,6 +2207,7 @@ static int ip6erspan_newlink(struct net *src_net, struct net_device *dev,
>   	int err;
>   
>   	ip6gre_netlink_parms(data, &nt->parms);
> +	ip6erspan_set_version(data, &nt->parms);
>   	ign = net_generic(net, ip6gre_net_id);
>   
>   	if (nt->parms.collect_md) {
> @@ -2248,6 +2253,7 @@ static int ip6erspan_changelink(struct net_device *dev, struct nlattr *tb[],
>   	if (IS_ERR(t))
>   		return PTR_ERR(t);
>   
> +	ip6erspan_set_version(data, &p);
>   	ip6gre_tunnel_unlink_md(ign, t);
>   	ip6gre_tunnel_unlink(ign, t);
>   	ip6erspan_tnl_change(t, &p, !tb[IFLA_MTU]);

LGTM.  Thanks Lorenzo.

Reviewed-by: Greg Rose <gvrose8192@...il.com>

Powered by blists - more mailing lists