diff options
| author |   Florian Westphal <fw@strlen.de> | 2017-08-10 16:52:58 +0200 |
|---|---|---|
| committer |   David S. Miller <davem@davemloft.net> | 2017-08-10 09:50:22 -0700 |
| commit | 5c2bb9b6e27d9207c2e12b9cdb6bfc171afa663e (patch) | |
| tree | 5ddd2662f10cbaad9329675ec4d6d159f8d034fd /net/core/rtnetlink.c | |
| parent | rtnetlink: use rcu_dereference_raw to silence rcu splat (diff) | |
| download | linux-dev-5c2bb9b6e27d9207c2e12b9cdb6bfc171afa663e.tar.xz linux-dev-5c2bb9b6e27d9207c2e12b9cdb6bfc171afa663e.zip | |
rtnetlink: do not use RTM_GETLINK directly
Userspace sends RTM_GETLINK type, but the kernel substracts
RTM_BASE from this, i.e. 'type' doesn't contain RTM_GETLINK
anymore but instead RTM_GETLINK - RTM_BASE.
This caused the calcit callback to not be invoked when it
should have been (and vice versa).
While at it, also fix a off-by one when checking family index. vs
handler array size.
Fixes: e1fa6d216dd ("rtnetlink: call rtnl_calcit directly")
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/core/rtnetlink.c')
| -rw-r--r-- | net/core/rtnetlink.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index a5bc5bd0dc12..a9b5ebc1af21 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c @@ -4167,7 +4167,7 @@ static int rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, if (kind != 2 && !netlink_net_capable(skb, CAP_NET_ADMIN)) return -EPERM; - if (family > ARRAY_SIZE(rtnl_msg_handlers)) + if (family >= ARRAY_SIZE(rtnl_msg_handlers)) family = PF_UNSPEC; rcu_read_lock(); @@ -4196,7 +4196,7 @@ static int rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, refcount_inc(&rtnl_msg_handlers_ref[family]); - if (type == RTM_GETLINK) + if (type == RTM_GETLINK - RTM_BASE) min_dump_alloc = rtnl_calcit(skb, nlh); rcu_read_unlock(); |