summaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorTaehee Yoo <ap420073@gmail.com>2022-07-17 16:09:08 +0000
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2022-07-29 17:28:10 +0200
commit0411de008f4f536993169fcd60d779387a154fc2 (patch)
treedf6639d5366469c66969e9bae24c775e731b2567 /drivers
parent61b58315a79a3aa5f35bce4b9aeab5da6adfba13 (diff)
downloadlinux-stable-0411de008f4f536993169fcd60d779387a154fc2.tar.gz
linux-stable-0411de008f4f536993169fcd60d779387a154fc2.tar.bz2
linux-stable-0411de008f4f536993169fcd60d779387a154fc2.zip
amt: drop unexpected query message
[ Upstream commit 239d886601e38d948a28f3b2a1c9ce5f01bf75f2 ] AMT gateway interface should not receive unexpected query messages. In order to drop unexpected query messages, it checks nonce. And it also checks ready4 and ready6 variables to drop duplicated messages. Fixes: cbc21dc1cfe9 ("amt: add data plane of amt interface") Signed-off-by: Taehee Yoo <ap420073@gmail.com> Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/net/amt.c14
1 files changed, 13 insertions, 1 deletions
diff --git a/drivers/net/amt.c b/drivers/net/amt.c
index 0811a5211ec4..5c65908abd5a 100644
--- a/drivers/net/amt.c
+++ b/drivers/net/amt.c
@@ -967,8 +967,11 @@ static void amt_event_send_request(struct amt_dev *amt)
goto out;
}
- if (!amt->req_cnt)
+ if (!amt->req_cnt) {
+ WRITE_ONCE(amt->ready4, false);
+ WRITE_ONCE(amt->ready6, false);
get_random_bytes(&amt->nonce, sizeof(__be32));
+ }
amt_send_request(amt, false);
amt_send_request(amt, true);
@@ -2353,6 +2356,9 @@ static bool amt_membership_query_handler(struct amt_dev *amt,
if (amtmq->reserved || amtmq->version)
return true;
+ if (amtmq->nonce != amt->nonce)
+ return true;
+
hdr_size -= sizeof(*eth);
if (iptunnel_pull_header(skb, hdr_size, htons(ETH_P_TEB), false))
return true;
@@ -2367,6 +2373,9 @@ static bool amt_membership_query_handler(struct amt_dev *amt,
iph = ip_hdr(skb);
if (iph->version == 4) {
+ if (READ_ONCE(amt->ready4))
+ return true;
+
if (!pskb_may_pull(skb, sizeof(*iph) + AMT_IPHDR_OPTS +
sizeof(*ihv3)))
return true;
@@ -2389,6 +2398,9 @@ static bool amt_membership_query_handler(struct amt_dev *amt,
struct mld2_query *mld2q;
struct ipv6hdr *ip6h;
+ if (READ_ONCE(amt->ready6))
+ return true;
+
if (!pskb_may_pull(skb, sizeof(*ip6h) + AMT_IP6HDR_OPTS +
sizeof(*mld2q)))
return true;