Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp667797ybz; Wed, 22 Apr 2020 05:52:44 -0700 (PDT) X-Google-Smtp-Source: APiQypLHudAP9pByMsfIbk1s+RyQJi0QlSuD+u9pZU50LQ1drNLi6pveVXKlD4Q8CuHBvAdqcWoh X-Received: by 2002:a17:906:1d4c:: with SMTP id o12mr20248870ejh.357.1587559963974; Wed, 22 Apr 2020 05:52:43 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1587559963; cv=none; d=google.com; s=arc-20160816; b=FWoigxErbOCEeYNVINLIeyCvBskvJqZI8+bIkdfR8MR40JWNOL+4KasYgkZegtnUrB 1uIhD0ZjyqHtwNbHQoKhaGgXYCzWPf28vQUyDu3qz9Dl9aw6bkiftIK5zirGb7w43bem hUYkrIFNHUikiXGaVNh8J9Sk/N8LvPNsA7KEQrZt4512yt0PUjWqW8UOeFChaiwrMvSJ uEolUWg+LB7RKFBd28O7Iw6IskryDEfZSyP75T5Tm2jnP5omSRUFOc1lwICF1EUDfHSG CrgnbR+ahAJ8dTOozIvIbu5EHYKhoJTBZwHNnjFiCaly40qMkhVTIaXjrNlWlW4mtcfw J2hA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=WsYcEgjDtASV9unIwVGAsvF6WLgv5pRHKoqCuERr6rw=; b=GT4nZDckEuSwcFhBZ2MF2SAkaxkXrPp+zwDU9ONV/09D2ikrLG8SOcYInp9dx+AClI IqVSNZDrbPE/ad1nFPy60jEpFNU2qfRSGyJx+KLaHSI3UfBNMhK7CGAHAcJR5MaM3IMr 3vlvcNvfgt3+Ja7Y7sm1j25oepRsJRBy7geRAtZFRVZ9E/vYXU7gL/EKdbWWwEFauXOo fFw4c9La+tsLxiZUNlsXo3jT8XQpQlwR8EkRmZY96A7DtgeB40mWSWPz4eLUjaiNQBIA 41JmpvSO8z/41Wl1VAsYZ4CS7LWMWPyUirZx87MIXPu/4SpphSgfLlYwUXhRSq34KMnc H7RA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=FY9xkYxW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y6si3391482edo.175.2020.04.22.05.52.20; Wed, 22 Apr 2020 05:52:43 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=FY9xkYxW; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732071AbgDVKs7 (ORCPT + 99 others); Wed, 22 Apr 2020 06:48:59 -0400 Received: from mail.kernel.org ([198.145.29.99]:48226 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729459AbgDVKN6 (ORCPT ); Wed, 22 Apr 2020 06:13:58 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 71B442076E; Wed, 22 Apr 2020 10:13:57 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1587550437; bh=tjM+Gu6dhZqW2oK0pWrJ6jwHx7kK3RIuVIcVvonX61g=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=FY9xkYxWCReaDsWGeH5BwiVDzUhi25iXwTXrYoe+FinqjIn5MT+SVcLm9Zrs/Cdos TKRG0+GR7ffLJmNB+9EOK3GXwYUAU/U+eZv6oteybSJxzXcm6cTDB5HkK4ex+25zXS k+tC1CznPshdAwFWc4N6dTjUe+2MisbwaKDaK2GY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Pablo Neira Ayuso Subject: [PATCH 4.19 08/64] netfilter: nf_tables: report EOPNOTSUPP on unsupported flags/object type Date: Wed, 22 Apr 2020 11:56:52 +0200 Message-Id: <20200422095014.024164240@linuxfoundation.org> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200422095008.799686511@linuxfoundation.org> References: <20200422095008.799686511@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Pablo Neira Ayuso commit d9583cdf2f38d0f526d9a8c8564dd2e35e649bc7 upstream. EINVAL should be used for malformed netlink messages. New userspace utility and old kernels might easily result in EINVAL when exercising new set features, which is misleading. Fixes: 8aeff920dcc9 ("netfilter: nf_tables: add stateful object reference to set elements") Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman --- net/netfilter/nf_tables_api.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) --- a/net/netfilter/nf_tables_api.c +++ b/net/netfilter/nf_tables_api.c @@ -3450,7 +3450,7 @@ static int nf_tables_newset(struct net * NFT_SET_INTERVAL | NFT_SET_TIMEOUT | NFT_SET_MAP | NFT_SET_EVAL | NFT_SET_OBJECT)) - return -EINVAL; + return -EOPNOTSUPP; /* Only one of these operations is supported */ if ((flags & (NFT_SET_MAP | NFT_SET_OBJECT)) == (NFT_SET_MAP | NFT_SET_OBJECT)) @@ -3488,7 +3488,7 @@ static int nf_tables_newset(struct net * objtype = ntohl(nla_get_be32(nla[NFTA_SET_OBJ_TYPE])); if (objtype == NFT_OBJECT_UNSPEC || objtype > NFT_OBJECT_MAX) - return -EINVAL; + return -EOPNOTSUPP; } else if (flags & NFT_SET_OBJECT) return -EINVAL; else