Patch "net/sched: flower: Ensure both minimum and maximum ports are specified" has been added to the 5.15-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    net/sched: flower: Ensure both minimum and maximum ports are specified

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-sched-flower-ensure-both-minimum-and-maximum-por.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 44622fbc074e9b9ae5c44939d4a707ac687c3e4b
Author: Ido Schimmel <idosch@xxxxxxxxxx>
Date:   Tue Jul 11 10:08:09 2023 +0300

    net/sched: flower: Ensure both minimum and maximum ports are specified
    
    [ Upstream commit d3f87278bcb80bd7f9519669d928b43320363d4f ]
    
    The kernel does not currently validate that both the minimum and maximum
    ports of a port range are specified. This can lead user space to think
    that a filter matching on a port range was successfully added, when in
    fact it was not. For example, with a patched (buggy) iproute2 that only
    sends the minimum port, the following commands do not return an error:
    
     # tc filter add dev swp1 ingress pref 1 proto ip flower ip_proto udp src_port 100-200 action pass
    
     # tc filter add dev swp1 ingress pref 1 proto ip flower ip_proto udp dst_port 100-200 action pass
    
     # tc filter show dev swp1 ingress
     filter protocol ip pref 1 flower chain 0
     filter protocol ip pref 1 flower chain 0 handle 0x1
       eth_type ipv4
       ip_proto udp
       not_in_hw
             action order 1: gact action pass
              random type none pass val 0
              index 1 ref 1 bind 1
    
     filter protocol ip pref 1 flower chain 0 handle 0x2
       eth_type ipv4
       ip_proto udp
       not_in_hw
             action order 1: gact action pass
              random type none pass val 0
              index 2 ref 1 bind 1
    
    Fix by returning an error unless both ports are specified:
    
     # tc filter add dev swp1 ingress pref 1 proto ip flower ip_proto udp src_port 100-200 action pass
     Error: Both min and max source ports must be specified.
     We have an error talking to the kernel
    
     # tc filter add dev swp1 ingress pref 1 proto ip flower ip_proto udp dst_port 100-200 action pass
     Error: Both min and max destination ports must be specified.
     We have an error talking to the kernel
    
    Fixes: 5c72299fba9d ("net: sched: cls_flower: Classify packets using port ranges")
    Signed-off-by: Ido Schimmel <idosch@xxxxxxxxxx>
    Reviewed-by: Petr Machata <petrm@xxxxxxxxxx>
    Acked-by: Jamal Hadi Salim <jhs@xxxxxxxxxxxx>
    Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index ee137d5c20a4f..bff0a5f24aca8 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -784,6 +784,16 @@ static int fl_set_key_port_range(struct nlattr **tb, struct fl_flow_key *key,
 		       TCA_FLOWER_KEY_PORT_SRC_MAX, &mask->tp_range.tp_max.src,
 		       TCA_FLOWER_UNSPEC, sizeof(key->tp_range.tp_max.src));
 
+	if (mask->tp_range.tp_min.dst != mask->tp_range.tp_max.dst) {
+		NL_SET_ERR_MSG(extack,
+			       "Both min and max destination ports must be specified");
+		return -EINVAL;
+	}
+	if (mask->tp_range.tp_min.src != mask->tp_range.tp_max.src) {
+		NL_SET_ERR_MSG(extack,
+			       "Both min and max source ports must be specified");
+		return -EINVAL;
+	}
 	if (mask->tp_range.tp_min.dst && mask->tp_range.tp_max.dst &&
 	    ntohs(key->tp_range.tp_max.dst) <=
 	    ntohs(key->tp_range.tp_min.dst)) {



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux