diff options
author | Nikolay Aleksandrov <nikolay@cumulusnetworks.com> | 2015-10-11 13:49:56 +0300 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2015-10-13 05:59:15 +0300 |
commit | 6623c60dc28ee966cd85c6f12aa2fc3c952d0179 (patch) | |
tree | de0a5d416660a96ef4248d0e5953b1bd8b1e8ff1 /net/bridge | |
parent | cbb41b91e68a302087762823136c9067138cff7c (diff) | |
download | linux-6623c60dc28ee966cd85c6f12aa2fc3c952d0179.tar.xz |
bridge: vlan: enforce no pvid flag in vlan ranges
Currently it's possible for someone to send a vlan range to the kernel
with the pvid flag set which will result in the pvid bouncing from a
vlan to vlan and isn't correct, it also introduces problems for hardware
where it doesn't make sense having more than 1 pvid. iproute2 already
enforces this, so let's enforce it on kernel-side as well.
Reported-by: Elad Raz <eladr@mellanox.com>
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/bridge')
-rw-r--r-- | net/bridge/br_netlink.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c index 544ab966d477..d792d1a848ad 100644 --- a/net/bridge/br_netlink.c +++ b/net/bridge/br_netlink.c @@ -524,6 +524,9 @@ static int br_afspec(struct net_bridge *br, if (vinfo_start) return -EINVAL; vinfo_start = vinfo; + /* don't allow range of pvids */ + if (vinfo_start->flags & BRIDGE_VLAN_INFO_PVID) + return -EINVAL; continue; } |