Received: by 2002:a05:6a10:2785:0:0:0:0 with SMTP id ia5csp2260292pxb; Mon, 11 Jan 2021 05:25:48 -0800 (PST) X-Google-Smtp-Source: ABdhPJzrlYq1BOBg7Ez9u2T2lO7LVzbuH48S/JsfiswRVkNHeYBSU2kFTi+W1NmVP+IgokClY9D2 X-Received: by 2002:a50:f307:: with SMTP id p7mr13851931edm.368.1610371548062; Mon, 11 Jan 2021 05:25:48 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1610371548; cv=none; d=google.com; s=arc-20160816; b=GtbWBI6JD/WyE9s8/LLFn/As26psKyMRxBEhwjFnkgiImMZg9gNrVpTtp0s7JLxsju NTzzUcGELTYSQGBenjj8id1UNCBFYEFCVWowIdCeYXfFnpBS8gkBHMPTOJyMVi3nYr44 sMKqXlPOk8OGRqgeQ5G4drP9/8tlk7ifxSzXBrTqrhu/SQXTw/468BmTxsS3DrmRO/YF cXCR138ylmb5qQxnW7Sf4IXrF4YWoTMXgEg0nULj8mIcdzWadRFcLKF8wFv/CthpT24+ 9RAF7MqCrMwyyCJKSqJciue8yfhy3pfLMShFof1JM9vvbdTR+20cDjShEbt3MjBhXlK6 SaZQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Gk1sQxLCYeZw3zYnydfMZHSMU6Sj6hCqOM263YtkxRo=; b=xRtsK5rVGxcplZWr75DwdDm6KqVyVVh9j7EFSvSl4V/sEZtnqpjbsHcCRyFb7/w3vZ WjbvANZuP5mfVVxqKHKjHPW1iDoqPfR3ApIFiKYtz3ncbuTUglnW5GeKa4s1bBfcbVSF 2huQbXz7lZx+tFDjs14/svI1jNRETbjoPBQ87euc8yUKXLGcSyibY81WncnVG5l7EKkc VGjVKG+xPpPvdlZwU66DaM25PCQ8OShh5iVdlWvo2CsQDxB6ZSCLBi8StTb4+MUYJ31O 0GYnXAjl/D6JT00VFBUqFiqw9tSt5oyJCbGaxW3SzJNmBJanyHiBoYfKOnpf9QDSYVpN vhIg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="wB7r/cpK"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f20si6917131edy.12.2021.01.11.05.25.24; Mon, 11 Jan 2021 05:25:48 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b="wB7r/cpK"; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1732003AbhAKNNx (ORCPT + 99 others); Mon, 11 Jan 2021 08:13:53 -0500 Received: from mail.kernel.org ([198.145.29.99]:60492 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726652AbhAKNNf (ORCPT ); Mon, 11 Jan 2021 08:13:35 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id 1F33E2255F; Mon, 11 Jan 2021 13:12:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1610370774; bh=RtPCodWJNa8Vq9zjgTOX1nKJGNsC80WBcGyk3ofdae0=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=wB7r/cpKJyBUmuK0w5pv1riAn2FK9PUfZU1WFac3LpzhxZf0apS/BS84Xnz2iyj1K BpRAKmqujMmMT98BgQHtLT+W/iLqCxqir/WuOo6iKv7AXZbzptrcMow9/mkIE7RX19 bvspgRNI58Mf4Mi/vmFYnx1Go3kva5cAls8ydoR0= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Pablo Neira Ayuso Subject: [PATCH 5.4 90/92] netfilter: nft_dynset: report EOPNOTSUPP on missing set feature Date: Mon, 11 Jan 2021 14:02:34 +0100 Message-Id: <20210111130043.494744303@linuxfoundation.org> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210111130039.165470698@linuxfoundation.org> References: <20210111130039.165470698@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Pablo Neira Ayuso commit 95cd4bca7b1f4a25810f3ddfc5e767fb46931789 upstream. If userspace requests a feature which is not available the original set definition, then bail out with EOPNOTSUPP. If userspace sends unsupported dynset flags (new feature not supported by this kernel), then report EOPNOTSUPP to userspace. EINVAL should be only used to report malformed netlink messages from userspace. Fixes: 22fe54d5fefc ("netfilter: nf_tables: add support for dynamic set updates") Signed-off-by: Pablo Neira Ayuso Signed-off-by: Greg Kroah-Hartman --- net/netfilter/nft_dynset.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) --- a/net/netfilter/nft_dynset.c +++ b/net/netfilter/nft_dynset.c @@ -146,7 +146,7 @@ static int nft_dynset_init(const struct u32 flags = ntohl(nla_get_be32(tb[NFTA_DYNSET_FLAGS])); if (flags & ~NFT_DYNSET_F_INV) - return -EINVAL; + return -EOPNOTSUPP; if (flags & NFT_DYNSET_F_INV) priv->invert = true; } @@ -179,7 +179,7 @@ static int nft_dynset_init(const struct timeout = 0; if (tb[NFTA_DYNSET_TIMEOUT] != NULL) { if (!(set->flags & NFT_SET_TIMEOUT)) - return -EINVAL; + return -EOPNOTSUPP; err = nf_msecs_to_jiffies64(tb[NFTA_DYNSET_TIMEOUT], &timeout); if (err) @@ -193,7 +193,7 @@ static int nft_dynset_init(const struct if (tb[NFTA_DYNSET_SREG_DATA] != NULL) { if (!(set->flags & NFT_SET_MAP)) - return -EINVAL; + return -EOPNOTSUPP; if (set->dtype == NFT_DATA_VERDICT) return -EOPNOTSUPP;