Patch "vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING" has been added to the 5.4-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING

to the 5.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     vlan-skip-nested-type-that-is-not-ifla_vlan_qos_mapp.patch
and it can be found in the queue-5.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit b544b768120a9301a9364a15b0aa51df2926dab6
Author: Lin Ma <linma@xxxxxxxxxx>
Date:   Thu Jan 18 21:03:06 2024 +0800

    vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
    
    [ Upstream commit 6c21660fe221a15c789dee2bc2fd95516bc5aeaf ]
    
    In the vlan_changelink function, a loop is used to parse the nested
    attributes IFLA_VLAN_EGRESS_QOS and IFLA_VLAN_INGRESS_QOS in order to
    obtain the struct ifla_vlan_qos_mapping. These two nested attributes are
    checked in the vlan_validate_qos_map function, which calls
    nla_validate_nested_deprecated with the vlan_map_policy.
    
    However, this deprecated validator applies a LIBERAL strictness, allowing
    the presence of an attribute with the type IFLA_VLAN_QOS_UNSPEC.
    Consequently, the loop in vlan_changelink may parse an attribute of type
    IFLA_VLAN_QOS_UNSPEC and believe it carries a payload of
    struct ifla_vlan_qos_mapping, which is not necessarily true.
    
    To address this issue and ensure compatibility, this patch introduces two
    type checks that skip attributes whose type is not IFLA_VLAN_QOS_MAPPING.
    
    Fixes: 07b5b17e157b ("[VLAN]: Use rtnl_link API")
    Signed-off-by: Lin Ma <linma@xxxxxxxxxx>
    Reviewed-by: Simon Horman <horms@xxxxxxxxxx>
    Link: https://lore.kernel.org/r/20240118130306.1644001-1-linma@xxxxxxxxxx
    Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/8021q/vlan_netlink.c b/net/8021q/vlan_netlink.c
index 0db85aeb119b..99b277775257 100644
--- a/net/8021q/vlan_netlink.c
+++ b/net/8021q/vlan_netlink.c
@@ -118,12 +118,16 @@ static int vlan_changelink(struct net_device *dev, struct nlattr *tb[],
 	}
 	if (data[IFLA_VLAN_INGRESS_QOS]) {
 		nla_for_each_nested(attr, data[IFLA_VLAN_INGRESS_QOS], rem) {
+			if (nla_type(attr) != IFLA_VLAN_QOS_MAPPING)
+				continue;
 			m = nla_data(attr);
 			vlan_dev_set_ingress_priority(dev, m->to, m->from);
 		}
 	}
 	if (data[IFLA_VLAN_EGRESS_QOS]) {
 		nla_for_each_nested(attr, data[IFLA_VLAN_EGRESS_QOS], rem) {
+			if (nla_type(attr) != IFLA_VLAN_QOS_MAPPING)
+				continue;
 			m = nla_data(attr);
 			err = vlan_dev_set_egress_priority(dev, m->from, m->to);
 			if (err)




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux