[thirdparty/kernel/stable-queue.git] / queue-4.4 / ipv6-invert-flowlabel-sharing-check-in-process-and-user-mode.patch

From foo@baz Sat 04 May 2019 12:23:27 PM CEST
From: Willem de Bruijn <willemb@google.com>
Date: Thu, 25 Apr 2019 12:06:54 -0400
Subject: ipv6: invert flowlabel sharing check in process and user mode

From: Willem de Bruijn <willemb@google.com>

[ Upstream commit 95c169251bf734aa555a1e8043e4d88ec97a04ec ]

A request for a flowlabel fails in process or user exclusive mode must
fail if the caller pid or uid does not match. Invert the test.

Previously, the test was unsafe wrt PID recycling, but indeed tested
for inequality: fl1->owner != fl->owner

Fixes: 4f82f45730c68 ("net ip6 flowlabel: Make owner a union of struct pid* and kuid_t")
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv6/ip6_flowlabel.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -639,9 +639,9 @@ recheck:
 				if (fl1->share == IPV6_FL_S_EXCL ||
 				    fl1->share != fl->share ||
 				    ((fl1->share == IPV6_FL_S_PROCESS) &&
-				     (fl1->owner.pid == fl->owner.pid)) ||
+				     (fl1->owner.pid != fl->owner.pid)) ||
 				    ((fl1->share == IPV6_FL_S_USER) &&
-				     uid_eq(fl1->owner.uid, fl->owner.uid)))
+				     !uid_eq(fl1->owner.uid, fl->owner.uid)))
 					goto release;
 
 				err = -ENOMEM;
Commit	Line	Data
d0832b76 GKH	1	From foo@baz Sat 04 May 2019 12:23:27 PM CEST
	2	From: Willem de Bruijn <willemb@google.com>
	3	Date: Thu, 25 Apr 2019 12:06:54 -0400
	4	Subject: ipv6: invert flowlabel sharing check in process and user mode
	5
	6	From: Willem de Bruijn <willemb@google.com>
	7
	8	[ Upstream commit 95c169251bf734aa555a1e8043e4d88ec97a04ec ]
	9
	10	A request for a flowlabel fails in process or user exclusive mode must
	11	fail if the caller pid or uid does not match. Invert the test.
	12
	13	Previously, the test was unsafe wrt PID recycling, but indeed tested
	14	for inequality: fl1->owner != fl->owner
	15
	16	Fixes: 4f82f45730c68 ("net ip6 flowlabel: Make owner a union of struct pid* and kuid_t")
	17	Signed-off-by: Willem de Bruijn <willemb@google.com>
	18	Signed-off-by: David S. Miller <davem@davemloft.net>
	19	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	20	---
	21	net/ipv6/ip6_flowlabel.c \| 4 ++--
	22	1 file changed, 2 insertions(+), 2 deletions(-)
	23
	24	--- a/net/ipv6/ip6_flowlabel.c
	25	+++ b/net/ipv6/ip6_flowlabel.c
	26	@@ -639,9 +639,9 @@ recheck:
	27	if (fl1->share == IPV6_FL_S_EXCL \|\|
	28	fl1->share != fl->share \|\|
	29	((fl1->share == IPV6_FL_S_PROCESS) &&
	30	- (fl1->owner.pid == fl->owner.pid)) \|\|
	31	+ (fl1->owner.pid != fl->owner.pid)) \|\|
	32	((fl1->share == IPV6_FL_S_USER) &&
	33	- uid_eq(fl1->owner.uid, fl->owner.uid)))
	34	+ !uid_eq(fl1->owner.uid, fl->owner.uid)))
	35	goto release;
	36
	37	err = -ENOMEM;