diff options
| author | Jakub Kicinski <kuba@kernel.org> | 2023-08-14 13:56:25 -0700 |
|---|---|---|
| committer | Jakub Kicinski <kuba@kernel.org> | 2023-08-15 19:18:34 -0700 |
| commit | 956db0a13b47df7f3d6d624394e602e8bf9b057e (patch) | |
| tree | 98a6379b884bb9a1986cbb8f9757034f093180c5 /net/core/dev.c | |
| parent | cf74eb5a5bc867258e7d0b0d1c3c4a60e1e3de2f (diff) | |
| download | linux-956db0a13b47df7f3d6d624394e602e8bf9b057e.tar.gz linux-956db0a13b47df7f3d6d624394e602e8bf9b057e.tar.bz2 linux-956db0a13b47df7f3d6d624394e602e8bf9b057e.zip | |
net: warn about attempts to register negative ifindex
Since the xarray changes we mix returning valid ifindex and negative
errno in a single int returned from dev_index_reserve(). This depends
on the fact that ifindexes can't be negative. Otherwise we may insert
into the xarray and return a very large negative value. This in turn
may break ERR_PTR().
OvS is susceptible to this problem and lacking validation (fix posted
separately for net).
Reject negative ifindex explicitly. Add a warning because the input
validation is better handled by the caller.
Reviewed-by: Leon Romanovsky <leonro@nvidia.com>
Link: https://lore.kernel.org/r/20230814205627.2914583-2-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'net/core/dev.c')
| -rw-r--r-- | net/core/dev.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/net/core/dev.c b/net/core/dev.c index 636b41f0b32d..17e6281e408c 100644 --- a/net/core/dev.c +++ b/net/core/dev.c @@ -9589,6 +9589,11 @@ static int dev_index_reserve(struct net *net, u32 ifindex) { int err; + if (ifindex > INT_MAX) { + DEBUG_NET_WARN_ON_ONCE(1); + return -EINVAL; + } + if (!ifindex) err = xa_alloc_cyclic(&net->dev_by_index, &ifindex, NULL, xa_limit_31b, &net->ifindex, GFP_KERNEL); |