From: Xin Long <lucien.xin@gmail.com>
To: network dev <netdev@vger.kernel.org>
Cc: davem@davemloft.net, kuba@kernel.org,
Eric Dumazet <edumazet@google.com>,
Paolo Abeni <pabeni@redhat.com>,
Stephen Hemminger <stephen@networkplumber.org>,
Patrick McHardy <kaber@trash.net>,
Thomas Graf <tgraf@infradead.org>,
Alexander Duyck <alexanderduyck@fb.com>,
Simon Horman <simon.horman@corigine.com>
Subject: [PATCHv2 net 3/3] rtnetlink: add the missing IFLA_GRO_ tb check in validate_linkmsg
Date: Wed, 31 May 2023 12:01:44 -0400 [thread overview]
Message-ID: <70169240cb4430a9b09e89c27ef268e772b68548.1685548598.git.lucien.xin@gmail.com> (raw)
In-Reply-To: <cover.1685548598.git.lucien.xin@gmail.com>
This fixes the issue that dev gro_max_size and gso_ipv4_max_size
can be set to a huge value:
# ip link add dummy1 type dummy
# ip link set dummy1 gro_max_size 4294967295
# ip -d link show dummy1
dummy addrgenmode eui64 ... gro_max_size 4294967295
Fixes: 0fe79f28bfaf ("net: allow gro_max_size to exceed 65536")
Fixes: 9eefedd58ae1 ("net: add gso_ipv4_max_size and gro_ipv4_max_size per device")
Reported-by: Xiumei Mu <xmu@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
---
net/core/rtnetlink.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index bc068a857219..41de3a2f29e1 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -2399,11 +2399,23 @@ static int validate_linkmsg(struct net_device *dev, struct nlattr *tb[],
return -EINVAL;
}
+ if (tb[IFLA_GRO_MAX_SIZE] &&
+ nla_get_u32(tb[IFLA_GRO_MAX_SIZE]) > GRO_MAX_SIZE) {
+ NL_SET_ERR_MSG(extack, "too big gro_max_size");
+ return -EINVAL;
+ }
+
if (tb[IFLA_GSO_IPV4_MAX_SIZE] &&
nla_get_u32(tb[IFLA_GSO_IPV4_MAX_SIZE]) > dev->tso_max_size) {
NL_SET_ERR_MSG(extack, "too big gso_ipv4_max_size");
return -EINVAL;
}
+
+ if (tb[IFLA_GRO_IPV4_MAX_SIZE] &&
+ nla_get_u32(tb[IFLA_GRO_IPV4_MAX_SIZE]) > GRO_MAX_SIZE) {
+ NL_SET_ERR_MSG(extack, "too big gro_ipv4_max_size");
+ return -EINVAL;
+ }
}
if (tb[IFLA_AF_SPEC]) {
--
2.39.1
next prev parent reply other threads:[~2023-05-31 16:01 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-31 16:01 [PATCHv2 net 0/3] rtnetlink: a couple of fixes in linkmsg validation Xin Long
2023-05-31 16:01 ` [PATCHv2 net 1/3] rtnetlink: call validate_linkmsg in rtnl_create_link Xin Long
2023-05-31 16:01 ` [PATCHv2 net 2/3] rtnetlink: move IFLA_GSO_ tb check to validate_linkmsg Xin Long
2023-05-31 16:01 ` Xin Long [this message]
2023-06-01 17:10 ` [PATCHv2 net 0/3] rtnetlink: a couple of fixes in linkmsg validation patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=70169240cb4430a9b09e89c27ef268e772b68548.1685548598.git.lucien.xin@gmail.com \
--to=lucien.xin@gmail.com \
--cc=alexanderduyck@fb.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kaber@trash.net \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=simon.horman@corigine.com \
--cc=stephen@networkplumber.org \
--cc=tgraf@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).