| From foo@baz Fri Jan 22 01:21:57 PM CET 2021 |
| From: Petr Machata <petrm@nvidia.com> |
| Date: Mon, 11 Jan 2021 18:07:07 +0100 |
| Subject: net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands |
| |
| From: Petr Machata <petrm@nvidia.com> |
| |
| [ Upstream commit df85bc140a4d6cbaa78d8e9c35154e1a2f0622c7 ] |
| |
| In commit 826f328e2b7e ("net: dcb: Validate netlink message in DCB |
| handler"), Linux started rejecting RTM_GETDCB netlink messages if they |
| contained a set-like DCB_CMD_ command. |
| |
| The reason was that privileges were only verified for RTM_SETDCB messages, |
| but the value that determined the action to be taken is the command, not |
| the message type. And validation of message type against the DCB command |
| was the obvious missing piece. |
| |
| Unfortunately it turns out that mlnx_qos, a somewhat widely deployed tool |
| for configuration of DCB, accesses the DCB set-like APIs through |
| RTM_GETDCB. |
| |
| Therefore do not bounce the discrepancy between message type and command. |
| Instead, in addition to validating privileges based on the actual message |
| type, validate them also based on the expected message type. This closes |
| the loophole of allowing DCB configuration on non-admin accounts, while |
| maintaining backward compatibility. |
| |
| Fixes: 2f90b8657ec9 ("ixgbe: this patch adds support for DCB to the kernel and ixgbe driver") |
| Fixes: 826f328e2b7e ("net: dcb: Validate netlink message in DCB handler") |
| Signed-off-by: Petr Machata <petrm@nvidia.com> |
| Link: https://lore.kernel.org/r/a3edcfda0825f2aa2591801c5232f2bbf2d8a554.1610384801.git.me@pmachata.org |
| Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/dcb/dcbnl.c | 2 +- |
| 1 file changed, 1 insertion(+), 1 deletion(-) |
| |
| --- a/net/dcb/dcbnl.c |
| +++ b/net/dcb/dcbnl.c |
| @@ -1756,7 +1756,7 @@ static int dcb_doit(struct sk_buff *skb, |
| fn = &reply_funcs[dcb->cmd]; |
| if (!fn->cb) |
| return -EOPNOTSUPP; |
| - if (fn->type != nlh->nlmsg_type) |
| + if (fn->type == RTM_SETDCB && !netlink_capable(skb, CAP_NET_ADMIN)) |
| return -EPERM; |
| |
| if (!tb[DCB_ATTR_IFNAME]) |