On 12/14/17 11:38 AM, Alexander Aring wrote:
> @@ -912,8 +920,10 @@ static int qdisc_graft(struct net_device *dev, struct
> Qdisc *parent,
> (new && new->flags & TCQ_F_INGRESS)) {
> num_q = 1;
> ingress = 1;
> - if (!dev_ingress_queue(dev))
> + if (!dev_ingress_queue(dev)) {
> + NL_SET_ERR_MSG(extack, "Cannot find ingress
> queue for specified device");
"Device does not have an ingress queue" ?
> @@ -1241,8 +1262,10 @@ static int tc_get_qdisc(struct sk_buff *skb, struct
> nlmsghdr *n,
> int err;
>
> if ((n->nlmsg_type != RTM_GETQDISC) &&
> - !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
> + !netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) {
> + NL_SET_ERR_MSG(extack, "Net admin permission required for this
> operation");
EPERM does not need a string.
> @@ -1309,8 +1346,10 @@ static int tc_modify_qdisc(struct sk_buff *skb, struct
> nlmsghdr *n,
> struct Qdisc *q, *p;
> int err;
>
> - if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN))
> + if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) {
> + NL_SET_ERR_MSG(extack, "Net admin permission required for this
> operation");
Ditto here. Please check other patches as well.
> return -EPERM;
> + }
>
> replay:
> /* Reinit, just in case something touches this. */
