| From: Willem de Bruijn <willemb@google.com> |
| Date: Thu, 25 Apr 2019 12:06:54 -0400 |
| Subject: ipv6: invert flowlabel sharing check in process and user mode |
| |
| commit 95c169251bf734aa555a1e8043e4d88ec97a04ec upstream. |
| |
| A request for a flowlabel fails in process or user exclusive mode must |
| fail if the caller pid or uid does not match. Invert the test. |
| |
| Previously, the test was unsafe wrt PID recycling, but indeed tested |
| for inequality: fl1->owner != fl->owner |
| |
| Fixes: 4f82f45730c68 ("net ip6 flowlabel: Make owner a union of struct pid* and kuid_t") |
| Signed-off-by: Willem de Bruijn <willemb@google.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| net/ipv6/ip6_flowlabel.c | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| --- a/net/ipv6/ip6_flowlabel.c |
| +++ b/net/ipv6/ip6_flowlabel.c |
| @@ -630,9 +630,9 @@ recheck: |
| if (fl1->share == IPV6_FL_S_EXCL || |
| fl1->share != fl->share || |
| ((fl1->share == IPV6_FL_S_PROCESS) && |
| - (fl1->owner.pid == fl->owner.pid)) || |
| + (fl1->owner.pid != fl->owner.pid)) || |
| ((fl1->share == IPV6_FL_S_USER) && |
| - uid_eq(fl1->owner.uid, fl->owner.uid))) |
| + !uid_eq(fl1->owner.uid, fl->owner.uid))) |
| goto release; |
| |
| err = -ENOMEM; |
