From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Taras Kondratiuk <takondra@cisco.com>,
Ying Xue <ying.xue@windriver.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.19 34/45] tipc: compat: allow tipc commands without arguments
Date: Thu, 8 Aug 2019 21:05:20 +0200 [thread overview]
Message-ID: <20190808190455.713867804@linuxfoundation.org> (raw)
In-Reply-To: <20190808190453.827571908@linuxfoundation.org>
From: Taras Kondratiuk <takondra@cisco.com>
[ Upstream commit 4da5f0018eef4c0de31675b670c80e82e13e99d1 ]
Commit 2753ca5d9009 ("tipc: fix uninit-value in tipc_nl_compat_doit")
broke older tipc tools that use compat interface (e.g. tipc-config from
tipcutils package):
% tipc-config -p
operation not supported
The commit started to reject TIPC netlink compat messages that do not
have attributes. It is too restrictive because some of such messages are
valid (they don't need any arguments):
% grep 'tx none' include/uapi/linux/tipc_config.h
#define TIPC_CMD_NOOP 0x0000 /* tx none, rx none */
#define TIPC_CMD_GET_MEDIA_NAMES 0x0002 /* tx none, rx media_name(s) */
#define TIPC_CMD_GET_BEARER_NAMES 0x0003 /* tx none, rx bearer_name(s) */
#define TIPC_CMD_SHOW_PORTS 0x0006 /* tx none, rx ultra_string */
#define TIPC_CMD_GET_REMOTE_MNG 0x4003 /* tx none, rx unsigned */
#define TIPC_CMD_GET_MAX_PORTS 0x4004 /* tx none, rx unsigned */
#define TIPC_CMD_GET_NETID 0x400B /* tx none, rx unsigned */
#define TIPC_CMD_NOT_NET_ADMIN 0xC001 /* tx none, rx none */
This patch relaxes the original fix and rejects messages without
arguments only if such arguments are expected by a command (reg_type is
non zero).
Fixes: 2753ca5d9009 ("tipc: fix uninit-value in tipc_nl_compat_doit")
Cc: stable@vger.kernel.org
Signed-off-by: Taras Kondratiuk <takondra@cisco.com>
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/tipc/netlink_compat.c | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
--- a/net/tipc/netlink_compat.c
+++ b/net/tipc/netlink_compat.c
@@ -55,6 +55,7 @@ struct tipc_nl_compat_msg {
int rep_type;
int rep_size;
int req_type;
+ int req_size;
struct net *net;
struct sk_buff *rep;
struct tlv_desc *req;
@@ -257,7 +258,8 @@ static int tipc_nl_compat_dumpit(struct
int err;
struct sk_buff *arg;
- if (msg->req_type && !TLV_CHECK_TYPE(msg->req, msg->req_type))
+ if (msg->req_type && (!msg->req_size ||
+ !TLV_CHECK_TYPE(msg->req, msg->req_type)))
return -EINVAL;
msg->rep = tipc_tlv_alloc(msg->rep_size);
@@ -354,7 +356,8 @@ static int tipc_nl_compat_doit(struct ti
{
int err;
- if (msg->req_type && !TLV_CHECK_TYPE(msg->req, msg->req_type))
+ if (msg->req_type && (!msg->req_size ||
+ !TLV_CHECK_TYPE(msg->req, msg->req_type)))
return -EINVAL;
err = __tipc_nl_compat_doit(cmd, msg);
@@ -1276,8 +1279,8 @@ static int tipc_nl_compat_recv(struct sk
goto send;
}
- len = nlmsg_attrlen(req_nlh, GENL_HDRLEN + TIPC_GENL_HDRLEN);
- if (!len || !TLV_OK(msg.req, len)) {
+ msg.req_size = nlmsg_attrlen(req_nlh, GENL_HDRLEN + TIPC_GENL_HDRLEN);
+ if (msg.req_size && !TLV_OK(msg.req, msg.req_size)) {
msg.rep = tipc_get_err_tlv(TIPC_CFG_NOT_SUPPORTED);
err = -EOPNOTSUPP;
goto send;
next prev parent reply other threads:[~2019-08-08 19:09 UTC|newest]
Thread overview: 53+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-08 19:04 [PATCH 4.19 00/45] 4.19.66-stable review Greg Kroah-Hartman
2019-08-08 19:04 ` [PATCH 4.19 01/45] scsi: fcoe: Embed fc_rport_priv in fcoe_rport structure Greg Kroah-Hartman
2019-08-08 19:04 ` [PATCH 4.19 02/45] gcc-9: dont warn about uninitialized variable Greg Kroah-Hartman
2019-08-08 19:04 ` [PATCH 4.19 03/45] driver core: Establish order of operations for device_add and device_del via bitflag Greg Kroah-Hartman
2019-08-08 19:04 ` [PATCH 4.19 04/45] drivers/base: Introduce kill_device() Greg Kroah-Hartman
2019-08-08 19:04 ` [PATCH 4.19 05/45] libnvdimm/bus: Prevent duplicate device_unregister() calls Greg Kroah-Hartman
2019-08-08 19:04 ` [PATCH 4.19 06/45] libnvdimm/region: Register badblocks before namespaces Greg Kroah-Hartman
2019-08-08 19:04 ` [PATCH 4.19 07/45] libnvdimm/bus: Prepare the nd_ioctl() path to be re-entrant Greg Kroah-Hartman
2019-08-08 19:04 ` [PATCH 4.19 08/45] libnvdimm/bus: Fix wait_nvdimm_bus_probe_idle() ABBA deadlock Greg Kroah-Hartman
2019-08-08 19:04 ` [PATCH 4.19 09/45] HID: wacom: fix bit shift for Cintiq Companion 2 Greg Kroah-Hartman
2019-08-08 19:04 ` [PATCH 4.19 10/45] HID: Add quirk for HP X1200 PIXART OEM mouse Greg Kroah-Hartman
2019-08-08 19:04 ` [PATCH 4.19 11/45] [PATCH] IB: directly cast the sockaddr union to aockaddr Greg Kroah-Hartman
2019-08-08 19:04 ` [PATCH 4.19 12/45] atm: iphase: Fix Spectre v1 vulnerability Greg Kroah-Hartman
2019-08-08 19:04 ` [PATCH 4.19 13/45] bnx2x: Disable multi-cos feature Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 14/45] ife: error out when nla attributes are empty Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 15/45] ip6_gre: reload ipv6h in prepare_ip6gre_xmit_ipv6 Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 16/45] ip6_tunnel: fix possible use-after-free on xmit Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 17/45] ipip: validate header length in ipip_tunnel_xmit Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 18/45] mlxsw: spectrum: Fix error path in mlxsw_sp_module_init() Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 19/45] mvpp2: fix panic on module removal Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 20/45] mvpp2: refactor MTU change code Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 21/45] net: bridge: delete local fdb on device init failure Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 22/45] net: bridge: mcast: dont delete permanent entries when fast leave is enabled Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 23/45] net: fix ifindex collision during namespace removal Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 24/45] net/mlx5e: always initialize frag->last_in_page Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 25/45] net/mlx5: Use reversed order when unregister devices Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 26/45] net: phylink: Fix flow control for fixed-link Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 27/45] net: qualcomm: rmnet: Fix incorrect UL checksum offload logic Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 28/45] net: sched: Fix a possible null-pointer dereference in dequeue_func() Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 29/45] net sched: update vlan action for batched events operations Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 30/45] net: sched: use temporary variable for actions indexes Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 31/45] net/smc: do not schedule tx_work in SMC_CLOSED state Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 32/45] NFC: nfcmrvl: fix gpio-handling regression Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 33/45] ocelot: Cancel delayed work before wq destruction Greg Kroah-Hartman
2019-08-08 19:05 ` Greg Kroah-Hartman [this message]
2019-08-08 19:05 ` [PATCH 4.19 35/45] tun: mark small packets as owned by the tap sock Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 36/45] net/mlx5: Fix modify_cq_in alignment Greg Kroah-Hartman
2019-08-10 11:25 ` Pavel Machek
2019-08-11 6:17 ` Leon Romanovsky
2019-08-08 19:05 ` [PATCH 4.19 37/45] net/mlx5e: Prevent encap flow counter update async to user query Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 38/45] r8169: dont use MSI before RTL8168d Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 39/45] compat_ioctl: pppoe: fix PPPOEIOCSFWD handling Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 40/45] cgroup: Call cgroup_release() before __exit_signal() Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 41/45] cgroup: Implement css_task_iter_skip() Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 42/45] cgroup: Include dying leaders with live threads in PROCS iterations Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 43/45] cgroup: css_task_iter_skip()d iterators must be advanced before accessed Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 44/45] cgroup: Fix css_task_iter_advance_css_set() cset skip condition Greg Kroah-Hartman
2019-08-08 19:05 ` [PATCH 4.19 45/45] spi: bcm2835: Fix 3-wire mode if DMA is enabled Greg Kroah-Hartman
2019-08-09 0:37 ` [PATCH 4.19 00/45] 4.19.66-stable review shuah
2019-08-09 3:20 ` Naresh Kamboju
2019-08-09 14:49 ` Thierry Reding
2019-08-09 14:49 ` Thierry Reding
2019-08-09 15:37 ` Guenter Roeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190808190455.713867804@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=takondra@cisco.com \
--cc=ying.xue@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.