diff options
| author | Steffen Klassert <steffen.klassert@secunet.com> | 2024-10-23 13:53:45 +0300 |
|---|---|---|
| committer | Steffen Klassert <steffen.klassert@secunet.com> | 2024-10-29 13:56:24 +0300 |
| commit | 83dfce38c49f3242c7edf5baab5c79c9ec360ecc (patch) | |
| tree | a0c992455820cbcda733fafeb717ea487084347f /net/xfrm | |
| parent | 81a331a0e72ddc2f75092603d9577bd1a0ca23ad (diff) | |
| download | linux-83dfce38c49f3242c7edf5baab5c79c9ec360ecc.tar.xz | |
xfrm: Restrict percpu SA attribute to specific netlink message types
Reject the usage of XFRMA_SA_PCPU in xfrm netlink messages when
it's not applicable.
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Tested-by: Antony Antony <antony.antony@secunet.com>
Tested-by: Tobias Brunner <tobias@strongswan.org>
Diffstat (limited to 'net/xfrm')
| -rw-r--r-- | net/xfrm/xfrm_user.c | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index e4d448950d05..b6ce2b3c6b87 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -3282,6 +3282,20 @@ static int xfrm_reject_unused_attr(int type, struct nlattr **attrs, } } + if (attrs[XFRMA_SA_PCPU]) { + switch (type) { + case XFRM_MSG_NEWSA: + case XFRM_MSG_UPDSA: + case XFRM_MSG_ALLOCSPI: + case XFRM_MSG_ACQUIRE: + + break; + default: + NL_SET_ERR_MSG(extack, "Invalid attribute SA_PCPU"); + return -EINVAL; + } + } + return 0; } |