releases/4.9.4/net-vrf-do-not-allow-table-id-0.patch

   1 From foo@baz Thu Jan 12 21:37:26 CET 2017
   2 From: David Ahern <dsa@cumulusnetworks.com>
   3 Date: Tue, 10 Jan 2017 15:22:25 -0800
   4 Subject: net: vrf: do not allow table id 0
   5
   6 From: David Ahern <dsa@cumulusnetworks.com>
   7
   8
   9 [ Upstream commit 24c63bbc18e25d5d8439422aa5fd2d66390b88eb ]
  10
  11 Frank reported that vrf devices can be created with a table id of 0.
  12 This breaks many of the run time table id checks and should not be
  13 allowed. Detect this condition at create time and fail with EINVAL.
  14
  15 Fixes: 193125dbd8eb ("net: Introduce VRF device driver")
  16 Reported-by: Frank Kellermann <frank.kellermann@atos.net>
  17 Signed-off-by: David Ahern <dsa@cumulusnetworks.com>
  18 Signed-off-by: David S. Miller <davem@davemloft.net>
  19 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  20 ---
  21  drivers/net/vrf.c |    2 ++
  22  1 file changed, 2 insertions(+)
  23
  24 --- a/drivers/net/vrf.c
  25 +++ b/drivers/net/vrf.c
  26 @@ -1239,6 +1239,8 @@ static int vrf_newlink(struct net *src_n
  27                 return -EINVAL;
  28
  29         vrf->tb_id = nla_get_u32(data[IFLA_VRF_TABLE]);
  30 +       if (vrf->tb_id == RT_TABLE_UNSPEC)
  31 +               return -EINVAL;
  32
  33         dev->priv_flags |= IFF_L3MDEV_MASTER;
  34