From: Davide Caratti <dcaratti@redhat.com>
Date: Tue, 11 Feb 2020 18:33:40 +0000 (+0100)
Subject: net/sched: flower: add missing validation of TCA_FLOWER_FLAGS
X-Git-Tag: v4.19.106~179
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=e2eb6f22ac0e58dcc40970ccf56d418a5f7ccea4;p=thirdparty%2Fkernel%2Fstable.git

net/sched: flower: add missing validation of TCA_FLOWER_FLAGS

[ Upstream commit e2debf0852c4d66ba1a8bde12869b196094c70a7 ]

unlike other classifiers that can be offloaded (i.e. users can set flags
like 'skip_hw' and 'skip_sw'), 'cls_flower' doesn't validate the size of
netlink attribute 'TCA_FLOWER_FLAGS' provided by user: add a proper entry
to fl_policy.

Fixes: 5b33f48842fa ("net/flower: Introduce hardware offload support")
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/net/sched/cls_flower.c b/net/sched/cls_flower.c
index 22415311f3246..c006d3b89ba30 100644
--- a/net/sched/cls_flower.c
+++ b/net/sched/cls_flower.c
@@ -486,6 +486,7 @@ static const struct nla_policy fl_policy[TCA_FLOWER_MAX + 1] = {
 	[TCA_FLOWER_KEY_ENC_IP_TTL_MASK] = { .type = NLA_U8 },
 	[TCA_FLOWER_KEY_ENC_OPTS]	= { .type = NLA_NESTED },
 	[TCA_FLOWER_KEY_ENC_OPTS_MASK]	= { .type = NLA_NESTED },
+	[TCA_FLOWER_FLAGS]		= { .type = NLA_U32 },
 };
 
 static const struct nla_policy