Received: by 2002:a05:6a10:8c0a:0:0:0:0 with SMTP id go10csp1267217pxb; Fri, 22 Jan 2021 11:01:19 -0800 (PST) X-Google-Smtp-Source: ABdhPJxemRsDOT4RMGXIZaEf8YkPk2sxe5pakBSPgGtv+kik3Qanobeh+1SVwelJgLheTUxAWGuw X-Received: by 2002:a17:906:f6d8:: with SMTP id jo24mr3934584ejb.213.1611342079564; Fri, 22 Jan 2021 11:01:19 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1611342079; cv=none; d=google.com; s=arc-20160816; b=TK/TNN7NgAiBSR74SoN20eawItnxL7LpNbGNy+y1cbJzIXLZXXJ8Unrty+UbvPr+f5 2SBdsyxGMqpBkTfhm0KEOStLsxTWz1WUAf9WggIGaPsib3n2pDD7jMp6t2+uhvH7xvlr 5ebL5SAgx3PWp5SFj7zQvrcP0NTuN/DY1kks0M/jOHnMaCADnOd0gFDTGb8muhk1zyw4 AxMm+f9PEZRvaNO2KrBsQyB3Y6vxw30WVmlIzFhAr+rLwrry4RiIVvrIep2AEa4anHxG OcJyzNwgGSa2XDIF0KwaHjRHA84yDlnsP85omxJiSai5MsbvNW4+O7QVFigEHtb1sSm5 97oA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=skHDl8MN/SNepzZqHMqhAx9uAcPhFxbaY1pPG/He8Vw=; b=Yf0ZRls0Frcca/b8CIrvHUT3guXZrIj50NlFM4dV5nwUr/XgRNRF3b2bHFs09ufghr UEA7R1x4U0VLVICGTFXn0Y1mJzJnBdHp74dGlOdRLPYfP9HVNgHLlxRVXPRv+cS+LLi5 scZeQKdPKLFl9nYMVJSwMawdzGXV4EQrYZjajVJiWliFvBAtHXA8iUmPkQgHzjkhILE4 xiD2+efpocB6XlAMN9ym+9k+1lWwskMF4Eux2kfXUUqG972oLCnPhS/jrHRpvNuvINbQ jsx3xAC/DjWF7li3sPoHAc5XNefopmqj1txqqJTig6zelNNbRAR39+7rtotuS4V2+Umw kCfg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=EmmXZweB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id l15si3223878ejn.754.2021.01.22.11.00.54; Fri, 22 Jan 2021 11:01:19 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=EmmXZweB; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730409AbhAVSyb (ORCPT + 99 others); Fri, 22 Jan 2021 13:54:31 -0500 Received: from mail.kernel.org ([198.145.29.99]:39602 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727742AbhAVOVo (ORCPT ); Fri, 22 Jan 2021 09:21:44 -0500 Received: by mail.kernel.org (Postfix) with ESMTPSA id D171323B40; Fri, 22 Jan 2021 14:15:37 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1611324938; bh=//bqa8Bs54FOVZ3fRmrsBWz7y02SEyS3ElFgoz15l4M=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=EmmXZweBzGiwB43qc3XrTvqX6wFB4MKbwUhOOE91vq3zraY7eD8RsEY2CN8vBEW1U FK2AyACWeEutNTllBGus/kwlqPrxivVG1CVYr0S+vHID9n6C5NxUoeDd+MMbebayb8 CHKpRDEuEH2+dgUjMIvSE3hTDB6lnf7SnEl6fOxs= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Petr Machata , Jakub Kicinski Subject: [PATCH 4.19 12/22] net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands Date: Fri, 22 Jan 2021 15:12:30 +0100 Message-Id: <20210122135732.405110922@linuxfoundation.org> X-Mailer: git-send-email 2.30.0 In-Reply-To: <20210122135731.921636245@linuxfoundation.org> References: <20210122135731.921636245@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Petr Machata [ Upstream commit df85bc140a4d6cbaa78d8e9c35154e1a2f0622c7 ] In commit 826f328e2b7e ("net: dcb: Validate netlink message in DCB handler"), Linux started rejecting RTM_GETDCB netlink messages if they contained a set-like DCB_CMD_ command. The reason was that privileges were only verified for RTM_SETDCB messages, but the value that determined the action to be taken is the command, not the message type. And validation of message type against the DCB command was the obvious missing piece. Unfortunately it turns out that mlnx_qos, a somewhat widely deployed tool for configuration of DCB, accesses the DCB set-like APIs through RTM_GETDCB. Therefore do not bounce the discrepancy between message type and command. Instead, in addition to validating privileges based on the actual message type, validate them also based on the expected message type. This closes the loophole of allowing DCB configuration on non-admin accounts, while maintaining backward compatibility. Fixes: 2f90b8657ec9 ("ixgbe: this patch adds support for DCB to the kernel and ixgbe driver") Fixes: 826f328e2b7e ("net: dcb: Validate netlink message in DCB handler") Signed-off-by: Petr Machata Link: https://lore.kernel.org/r/a3edcfda0825f2aa2591801c5232f2bbf2d8a554.1610384801.git.me@pmachata.org Signed-off-by: Jakub Kicinski Signed-off-by: Greg Kroah-Hartman --- net/dcb/dcbnl.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/dcb/dcbnl.c +++ b/net/dcb/dcbnl.c @@ -1756,7 +1756,7 @@ static int dcb_doit(struct sk_buff *skb, fn = &reply_funcs[dcb->cmd]; if (!fn->cb) return -EOPNOTSUPP; - if (fn->type != nlh->nlmsg_type) + if (fn->type == RTM_SETDCB && !netlink_capable(skb, CAP_NET_ADMIN)) return -EPERM; if (!tb[DCB_ATTR_IFNAME])