xfrm: Restrict percpu SA attribute to specific netlink message types

Reject the usage of XFRMA_SA_PCPU in xfrm netlink messages when
it's not applicable.

Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Tested-by: Antony Antony <antony.antony@secunet.com>
Tested-by: Tobias Brunner <tobias@strongswan.org>

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index e4d448950d059f5401c7a6600ec33f1fe953bb96..b6ce2b3c6b8743ca64182eb8e999b81712d664b7 100644 (file)
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -3282,6 +3282,20 @@ static int xfrm_reject_unused_attr(int type, struct nlattr **attrs,
                }
        }
 
+       if (attrs[XFRMA_SA_PCPU]) {
+               switch (type) {
+               case XFRM_MSG_NEWSA:
+               case XFRM_MSG_UPDSA:
+               case XFRM_MSG_ALLOCSPI:
+               case XFRM_MSG_ACQUIRE:
+
+                       break;
+               default:
+                       NL_SET_ERR_MSG(extack, "Invalid attribute SA_PCPU");
+                       return -EINVAL;
+               }
+       }
+
        return 0;
 }