[Devel] ve/bridge: br_dev_init: check if "bridge" feature is enabled

Submitted by Evgenii Shatokhin on July 25, 2016, 2:10 p.m.

Details

Message ID 1469455835-24444-1-git-send-email-eshatokhin@virtuozzo.com
State New
Series "ve/bridge: br_dev_init: check if "bridge" feature is enabled"
Headers show

Commit Message

Evgenii Shatokhin July 25, 2016, 2:10 p.m.
https://jira.sw.ru/browse/PSBM-50009

Currently, the feature is checked in br_ioctl_deviceless_stub() which is
called when "brctl addbr" runs. However, "ip link add br1 type bridge"
goes a different path and still succeeds even if the feature is disabled
for a CT:
	rtnl_newlink
	  rtnl_create_link
	    br_dev_setup
          register_netdevice
	    br_dev_init
	    ...

Let us check the "bridge" feature in br_dev_init() instead, to cover both
cases.

Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>
---
 net/bridge/br_device.c | 4 ++++
 net/bridge/br_ioctl.c  | 3 ---
 2 files changed, 4 insertions(+), 3 deletions(-)

Patch hide | download patch | download mbox

diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
index 5e3347b..db206a3 100644
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -88,8 +88,12 @@  out:
 static int br_dev_init(struct net_device *dev)
 {
 	struct net_bridge *br = netdev_priv(dev);
+	struct net *net = dev_net(dev);
 	int err;
 
+	if (!(net->owner_ve->features & VE_FEATURE_BRIDGE))
+		return -EACCES;
+
 	br->stats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
 	if (!br->stats)
 		return -ENOMEM;
diff --git a/net/bridge/br_ioctl.c b/net/bridge/br_ioctl.c
index 98447b8..cd8c3a4 100644
--- a/net/bridge/br_ioctl.c
+++ b/net/bridge/br_ioctl.c
@@ -351,9 +351,6 @@  static int old_deviceless(struct net *net, void __user *uarg)
 
 int br_ioctl_deviceless_stub(struct net *net, unsigned int cmd, void __user *uarg)
 {
-	if (!(net->owner_ve->features & VE_FEATURE_BRIDGE))
-		return -ENOTTY;
-
 	switch (cmd) {
 	case SIOCGIFBR:
 	case SIOCSIFBR:

Comments

Kirill Tkhai July 26, 2016, 1:10 p.m.
On 25.07.2016 17:10, Evgenii Shatokhin wrote:
> https://jira.sw.ru/browse/PSBM-50009
> 
> Currently, the feature is checked in br_ioctl_deviceless_stub() which is
> called when "brctl addbr" runs. However, "ip link add br1 type bridge"
> goes a different path and still succeeds even if the feature is disabled
> for a CT:
> 	rtnl_newlink
> 	  rtnl_create_link
> 	    br_dev_setup
>           register_netdevice
> 	    br_dev_init
> 	    ...
> 
> Let us check the "bridge" feature in br_dev_init() instead, to cover both
> cases.
> 
> Signed-off-by: Evgenii Shatokhin <eshatokhin@virtuozzo.com>

Acked-by: Kirill Tkhai <ktkhai@virtuozzo.com>

> ---
>  net/bridge/br_device.c | 4 ++++
>  net/bridge/br_ioctl.c  | 3 ---
>  2 files changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
> index 5e3347b..db206a3 100644
> --- a/net/bridge/br_device.c
> +++ b/net/bridge/br_device.c
> @@ -88,8 +88,12 @@ out:
>  static int br_dev_init(struct net_device *dev)
>  {
>  	struct net_bridge *br = netdev_priv(dev);
> +	struct net *net = dev_net(dev);
>  	int err;
>  
> +	if (!(net->owner_ve->features & VE_FEATURE_BRIDGE))
> +		return -EACCES;
> +
>  	br->stats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
>  	if (!br->stats)
>  		return -ENOMEM;
> diff --git a/net/bridge/br_ioctl.c b/net/bridge/br_ioctl.c
> index 98447b8..cd8c3a4 100644
> --- a/net/bridge/br_ioctl.c
> +++ b/net/bridge/br_ioctl.c
> @@ -351,9 +351,6 @@ static int old_deviceless(struct net *net, void __user *uarg)
>  
>  int br_ioctl_deviceless_stub(struct net *net, unsigned int cmd, void __user *uarg)
>  {
> -	if (!(net->owner_ve->features & VE_FEATURE_BRIDGE))
> -		return -ENOTTY;
> -
>  	switch (cmd) {
>  	case SIOCGIFBR:
>  	case SIOCSIFBR:
>