]>
Commit | Line | Data |
---|---|---|
d0832b76 GKH |
1 | From foo@baz Sat 04 May 2019 12:23:27 PM CEST |
2 | From: Willem de Bruijn <willemb@google.com> | |
3 | Date: Thu, 25 Apr 2019 12:06:54 -0400 | |
4 | Subject: ipv6: invert flowlabel sharing check in process and user mode | |
5 | ||
6 | From: Willem de Bruijn <willemb@google.com> | |
7 | ||
8 | [ Upstream commit 95c169251bf734aa555a1e8043e4d88ec97a04ec ] | |
9 | ||
10 | A request for a flowlabel fails in process or user exclusive mode must | |
11 | fail if the caller pid or uid does not match. Invert the test. | |
12 | ||
13 | Previously, the test was unsafe wrt PID recycling, but indeed tested | |
14 | for inequality: fl1->owner != fl->owner | |
15 | ||
16 | Fixes: 4f82f45730c68 ("net ip6 flowlabel: Make owner a union of struct pid* and kuid_t") | |
17 | Signed-off-by: Willem de Bruijn <willemb@google.com> | |
18 | Signed-off-by: David S. Miller <davem@davemloft.net> | |
19 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
20 | --- | |
21 | net/ipv6/ip6_flowlabel.c | 4 ++-- | |
22 | 1 file changed, 2 insertions(+), 2 deletions(-) | |
23 | ||
24 | --- a/net/ipv6/ip6_flowlabel.c | |
25 | +++ b/net/ipv6/ip6_flowlabel.c | |
26 | @@ -639,9 +639,9 @@ recheck: | |
27 | if (fl1->share == IPV6_FL_S_EXCL || | |
28 | fl1->share != fl->share || | |
29 | ((fl1->share == IPV6_FL_S_PROCESS) && | |
30 | - (fl1->owner.pid == fl->owner.pid)) || | |
31 | + (fl1->owner.pid != fl->owner.pid)) || | |
32 | ((fl1->share == IPV6_FL_S_USER) && | |
33 | - uid_eq(fl1->owner.uid, fl->owner.uid))) | |
34 | + !uid_eq(fl1->owner.uid, fl->owner.uid))) | |
35 | goto release; | |
36 | ||
37 | err = -ENOMEM; |