[ 10/37] net: fix rtnetlink IFF_PROMISC and IFF_ALLMULTI handling

From: Ben Hutchings
Date: Thu Aug 16 2012 - 23:35:16 EST

Next message: Ben Hutchings: "[ 11/37] tcp: perform DMA to userspace only if there is a task waiting for it"
Previous message: Ben Hutchings: "[ 16/37] drm/i915: fixup seqno allocation logic for lazy_request"
In reply to: Ben Hutchings: "[ 16/37] drm/i915: fixup seqno allocation logic for lazy_request"
Next in thread: Ben Hutchings: "[ 11/37] tcp: perform DMA to userspace only if there is a task waiting for it"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

3.2-stable review patch. If anyone has any objections, please let me know.

------------------

From: Jiri Benc <jbenc@xxxxxxxxxx>

[ Upstream commit b1beb681cba5358f62e6187340660ade226a5fcc ]

When device flags are set using rtnetlink, IFF_PROMISC and IFF_ALLMULTI
flags are handled specially. Function dev_change_flags sets IFF_PROMISC and
IFF_ALLMULTI bits in dev->gflags according to the passed value but
do_setlink passes a result of rtnl_dev_combine_flags which takes those bits
from dev->flags.

This can be easily trigerred by doing:

tcpdump -i eth0 &
ip l s up eth0

ip sets IFF_UP flag in ifi_flags and ifi_change, which is combined with
IFF_PROMISC by rtnl_dev_combine_flags, causing __dev_change_flags to set
IFF_PROMISC in gflags.

Reported-by: Max Matveev <makc@xxxxxxxxxx>
Signed-off-by: Jiri Benc <jbenc@xxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
---
net/core/rtnetlink.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 2ef859a..88bcf76 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -670,6 +670,12 @@ static void set_operstate(struct net_device *dev, unsigned char transition)
}
}

+static unsigned int rtnl_dev_get_flags(const struct net_device *dev)
+{
+ return (dev->flags & ~(IFF_PROMISC | IFF_ALLMULTI)) |
+ (dev->gflags & (IFF_PROMISC | IFF_ALLMULTI));
+}
+
static unsigned int rtnl_dev_combine_flags(const struct net_device *dev,
const struct ifinfomsg *ifm)
{
@@ -678,7 +684,7 @@ static unsigned int rtnl_dev_combine_flags(const struct net_device *dev,
/* bugwards compatibility: ifi_change == 0 is treated as ~0 */
if (ifm->ifi_change)
flags = (flags & ifm->ifi_change) |
- (dev->flags & ~ifm->ifi_change);
+ (rtnl_dev_get_flags(dev) & ~ifm->ifi_change);

return flags;
}

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Ben Hutchings: "[ 11/37] tcp: perform DMA to userspace only if there is a task waiting for it"
Previous message: Ben Hutchings: "[ 16/37] drm/i915: fixup seqno allocation logic for lazy_request"
In reply to: Ben Hutchings: "[ 16/37] drm/i915: fixup seqno allocation logic for lazy_request"
Next in thread: Ben Hutchings: "[ 11/37] tcp: perform DMA to userspace only if there is a task waiting for it"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]