From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.8 required=3.0 tests=DKIMWL_WL_HIGH,DKIM_SIGNED, DKIM_VALID,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY, SPF_HELO_NONE,SPF_PASS,URIBL_BLOCKED,USER_AGENT_GIT autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id F41D7C5518A for ; Wed, 22 Apr 2020 10:16:28 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id CB8B220776 for ; Wed, 22 Apr 2020 10:16:28 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587550588; bh=8Wco1LY/21WJk6K3aCn8LMqP5SK4Id+lrMtZrhm9VNg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:List-ID:From; b=EtgDOZAzlflYGIvft2MB5DAWs4fbFnPqA87h7ALqDW+qZ5cG2qtd5BiIRZ//e5rOA w8gNUswjXdXTyx41Douyicr1RGBAIO5eJtCFTqd4ubndBXncqwmDubz6H7PnKw84lb i/068M5ymBvz+vlUSdV+4b71wz3/eySie6K+HM4g= Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729759AbgDVKQ0 (ORCPT ); Wed, 22 Apr 2020 06:16:26 -0400 Received: from mail.kernel.org ([198.145.29.99]:52148 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729751AbgDVKQX (ORCPT ); Wed, 22 Apr 2020 06:16:23 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id EBBB72076B; Wed, 22 Apr 2020 10:16:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587550583; bh=8Wco1LY/21WJk6K3aCn8LMqP5SK4Id+lrMtZrhm9VNg=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=eqhLXHg/5EQ6CLzLU377INjrFgqWNlWfePEyV61HGOZ1Hveii2oFJg7b5Onu6Htrc V42a1UhRBu64HjEGS80Pb2mH3EUJWcH+/PMkpRdxraivkUSWrNZSNj3PhlBjDImaq6 lLYCKy2yweh/2nqz7dPdI01ypl8qXyNTHmZQhX3k= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Pablo Neira Ayuso Subject: [PATCH 5.4 011/118] netfilter: nf_tables: report EOPNOTSUPP on unsupported flags/object type Date: Wed, 22 Apr 2020 11:56:12 +0200 Message-Id: <20200422095033.436693159@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200422095031.522502705@linuxfoundation.org> References: <20200422095031.522502705@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Pablo Neira Ayuso commit d9583cdf2f38d0f526d9a8c8564dd2e35e649bc7 upstream. EINVAL should be used for malformed netlink messages. New userspace utility and old kernels might easily result in EINVAL when exercising new set features, which is misleading. Fixes: 8aeff920dcc9 ("netfilter: nf_tables: add stateful object reference to set elements") Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman --- net/netfilter/nf_tables_api.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -3598,7 +3598,7 @@ static int nf_tables_newset(struct net * NFT_SET_INTERVAL | NFT_SET_TIMEOUT | NFT_SET_MAP | NFT_SET_EVAL | NFT_SET_OBJECT)) - return -EINVAL; + return -EOPNOTSUPP; /* Only one of these operations is supported */ if ((flags & (NFT_SET_MAP | NFT_SET_OBJECT)) == (NFT_SET_MAP | NFT_SET_OBJECT)) @@ -3636,7 +3636,7 @@ static int nf_tables_newset(struct net * objtype = ntohl(nla_get_be32(nla[NFTA_SET_OBJ_TYPE])); if (objtype == NFT_OBJECT_UNSPEC || objtype > NFT_OBJECT_MAX) - return -EINVAL; + return -EOPNOTSUPP; } else if (flags & NFT_SET_OBJECT) return -EINVAL; else