From: Daniel Borkmann <dan...@iogearbox.net>
Date: Tue, 7 Jul 2015 00:07:52 +0200
> Jason Gunthorpe reported that since commit c02db8c6290b ("rtnetlink: make
> SR-IOV VF interface symmetric"), we don't verify IFLA_VF_INFO attributes
> anymore with respect to their policy, that is, ifla_vfinfo_policy[].
>
> Before, they were part of ifla_policy[], but they have been nested since
> placed under IFLA_VFINFO_LIST, that contains the attribute IFLA_VF_INFO,
> which is another nested attribute for the actual VF attributes such as
> IFLA_VF_MAC, IFLA_VF_VLAN, etc.
>
> Despite the policy being split out from ifla_policy[] in this commit,
> it's never applied anywhere. nla_for_each_nested() only does basic nla_ok()
> testing for struct nlattr, but it doesn't know about the data context and
> their requirements.
>
> Fix, on top of Jason's initial work, does 1) parsing of the attributes
> with the right policy, and 2) using the resulting parsed attribute table
> from 1) instead of the nla_for_each_nested() loop (just like we used to
> do when still part of ifla_policy[]).
>
> Reference: http://thread.gmane.org/gmane.linux.network/368913
> Fixes: c02db8c6290b ("rtnetlink: make SR-IOV VF interface symmetric")
> Reported-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
> Signed-off-by: Jason Gunthorpe <jguntho...@obsidianresearch.com>
> Signed-off-by: Daniel Borkmann <dan...@iogearbox.net>
Applied and queued up for -stable, thanks.
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
