fou: Don't allow 0 for FOU_ATTR_IPPROTO.

[ Upstream commit 7a9bc9e3f42391e4c187e099263cf7a1c4b69ff5 ]

fou_udp_recv() has the same problem mentioned in the previous
patch.

If FOU_ATTR_IPPROTO is set to 0, skb is not freed by
fou_udp_recv() nor "resubmit"-ted in ip_protocol_deliver_rcu().

Let's forbid 0 for FOU_ATTR_IPPROTO.

Fixes: 23461551c0062 ("fou: Support for foo-over-udp RX path")
Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://patch.msgid.link/20260115172533.693652-4-kuniyu@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/Documentation/netlink/specs/fou.yaml b/Documentation/netlink/specs/fou.yaml
index 0af5ab842c04de11bae64d620e8943f2fd93486c..91721ee40641398badc76dd4cbf6c30f5ca2be7d 100644 (file)
--- a/Documentation/netlink/specs/fou.yaml
+++ b/Documentation/netlink/specs/fou.yaml
@@ -39,6 +39,8 @@ attribute-sets:
       -
         name: ipproto
         type: u8
+        checks:
+          min: 1
       -
         name: type
         type: u8

diff --git a/net/ipv4/fou_nl.c b/net/ipv4/fou_nl.c
index 98b90107b5abcba02129e8ddef2e446f0699d972..bbd955f4c9d19d4a6e9e6c7b9291cfd9e8533238 100644 (file)
--- a/net/ipv4/fou_nl.c
+++ b/net/ipv4/fou_nl.c
@@ -14,7 +14,7 @@
 const struct nla_policy fou_nl_policy[FOU_ATTR_IFINDEX + 1] = {
        [FOU_ATTR_PORT] = { .type = NLA_U16, },
        [FOU_ATTR_AF] = { .type = NLA_U8, },
-       [FOU_ATTR_IPPROTO] = { .type = NLA_U8, },
+       [FOU_ATTR_IPPROTO] = NLA_POLICY_MIN(NLA_U8, 1),
        [FOU_ATTR_TYPE] = { .type = NLA_U8, },
        [FOU_ATTR_REMCSUM_NOPARTIAL] = { .type = NLA_FLAG, },
        [FOU_ATTR_LOCAL_V4] = { .type = NLA_U32, },