[pve-kernel-jessie.git] / bridge-vlandrange4.patch

From patchwork Thu Jul  2 12:48:17 2015
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Subject: [net] bridge: vlan: fix usage of vlan 0 and 4095 again
From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
X-Patchwork-Id: 490608
Message-Id: <1435841297-44200-1-git-send-email-nikolay@cumulusnetworks.com>
To: netdev@vger.kernel.org
Cc: vyasevich@gmail.com, bridge@lists.linux-foundation.org,
 davem@davemloft.net, toshiaki.makita1@gmail.com,
 stephen@networkplumber.org, roopa@cumulusnetworks.com,
 Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Date: Thu,  2 Jul 2015 05:48:17 -0700

Vlan ids 0 and 4095 were disallowed by commit:
8adff41c3d25 ("bridge: Don't use VID 0 and 4095 in vlan filtering")
but then the check was removed when vlan ranges were introduced by:
bdced7ef7838 ("bridge: support for multiple vlans and vlan ranges in setlink and dellink requests")
So reintroduce the vlan range check.
Before patch:
[root@testvm ~]# bridge vlan add vid 0 dev eth0 master
(succeeds)
After Patch:
[root@testvm ~]# bridge vlan add vid 0 dev eth0 master
RTNETLINK answers: Invalid argument

Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Fixes: bdced7ef7838 ("bridge: support for multiple vlans and vlan ranges in setlink and dellink requests")
Acked-by: Toshiaki Makita <toshiaki.makita1@gmail.com>
---
 net/bridge/br_netlink.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index 6b67ed3831de..364bdc98bd9b 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -457,6 +457,8 @@ static int br_afspec(struct net_bridge *br,
 		if (nla_len(attr) != sizeof(struct bridge_vlan_info))
 			return -EINVAL;
 		vinfo = nla_data(attr);
+		if (!vinfo->vid || vinfo->vid >= VLAN_VID_MASK)
+			return -EINVAL;
 		if (vinfo->flags & BRIDGE_VLAN_INFO_RANGE_BEGIN) {
 			if (vinfo_start)
 				return -EINVAL;
Commit	Line	Data
82000aac AD	1	From patchwork Thu Jul 2 12:48:17 2015
	2	Content-Type: text/plain; charset="utf-8"
	3	MIME-Version: 1.0
	4	Content-Transfer-Encoding: 7bit
	5	Subject: [net] bridge: vlan: fix usage of vlan 0 and 4095 again
	6	From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
	7	X-Patchwork-Id: 490608
	8	Message-Id: <1435841297-44200-1-git-send-email-nikolay@cumulusnetworks.com>
	9	To: netdev@vger.kernel.org
	10	Cc: vyasevich@gmail.com, bridge@lists.linux-foundation.org,
	11	davem@davemloft.net, toshiaki.makita1@gmail.com,
	12	stephen@networkplumber.org, roopa@cumulusnetworks.com,
	13	Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
	14	Date: Thu, 2 Jul 2015 05:48:17 -0700
	15
	16	Vlan ids 0 and 4095 were disallowed by commit:
	17	8adff41c3d25 ("bridge: Don't use VID 0 and 4095 in vlan filtering")
	18	but then the check was removed when vlan ranges were introduced by:
	19	bdced7ef7838 ("bridge: support for multiple vlans and vlan ranges in setlink and dellink requests")
	20	So reintroduce the vlan range check.
	21	Before patch:
	22	[root@testvm ~]# bridge vlan add vid 0 dev eth0 master
	23	(succeeds)
	24	After Patch:
	25	[root@testvm ~]# bridge vlan add vid 0 dev eth0 master
	26	RTNETLINK answers: Invalid argument
	27
	28	Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
	29	Fixes: bdced7ef7838 ("bridge: support for multiple vlans and vlan ranges in setlink and dellink requests")
	30	Acked-by: Toshiaki Makita <toshiaki.makita1@gmail.com>
	31	---
	32	net/bridge/br_netlink.c \| 2 ++
	33	1 file changed, 2 insertions(+)
	34
	35	diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
	36	index 6b67ed3831de..364bdc98bd9b 100644
	37	--- a/net/bridge/br_netlink.c
	38	+++ b/net/bridge/br_netlink.c
	39	@@ -457,6 +457,8 @@ static int br_afspec(struct net_bridge *br,
	40	if (nla_len(attr) != sizeof(struct bridge_vlan_info))
	41	return -EINVAL;
	42	vinfo = nla_data(attr);
	43	+ if (!vinfo->vid \|\| vinfo->vid >= VLAN_VID_MASK)
	44	+ return -EINVAL;
	45	if (vinfo->flags & BRIDGE_VLAN_INFO_RANGE_BEGIN) {
	46	if (vinfo_start)
	47	return -EINVAL;