[Devel] [PATCH rh7 2/2] venet: forbid assigning veip to ve w/o id

[Vladimir Davydov]

A veip should only be assigned to a ve with veid, because veip's are
referenced by veid, but currently one can assign a veip to a ve w/o veid
by writing to ve.ip_allow cgroup file. Fix this.

Also, while we are here, make ve_ip_access_seq_read static.

Signed-off-by: Vladimir Davydov <vdavydov at parallels.com>
---
 drivers/net/venetdev.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/drivers/net/venetdev.c b/drivers/net/venetdev.c
index 00457d3eb7cc..d16ac3d4349b 100644
--- a/drivers/net/venetdev.c
+++ b/drivers/net/venetdev.c
@@ -985,6 +985,9 @@ static int ve_ip_access_write(struct cgroup *cgrp, struct cftype *cft,
 	struct ve_addr_struct addr;
 	int ret;
 
+	if (!ve->veid)
+		return -ENOENT;
+
 	memset(&addr, 0, sizeof(addr));
 	if (strncmp(cft->name, "ip6", 3)) {
 		if ((ret = in4_to_veaddr(buffer, &addr)) != 0)
@@ -997,8 +1000,8 @@ static int ve_ip_access_write(struct cgroup *cgrp, struct cftype *cft,
 	return do_ve_ip_map(ve, cft->private, &addr);
 }
 
-int ve_ip_access_seq_read(struct cgroup *cgrp, struct cftype *cft,
-			  struct seq_file *m)
+static int ve_ip_access_seq_read(struct cgroup *cgrp, struct cftype *cft,
+				 struct seq_file *m)
 {
 	struct ve_struct *ve = cgroup_ve(cgrp);
 	struct ip_entry_struct *s;
@@ -1006,6 +1009,9 @@ int ve_ip_access_seq_read(struct cgroup *cgrp, struct cftype *cft,
 	int family = strncmp(cft->name, "ip6", 3) ? AF_INET : AF_INET6;
 	int i;
 
+	if (!ve->veid)
+		return -ENOENT;
+
 	rcu_read_lock();
 	for (i = 0; i < VEIP_HASH_SZ; i++) {
 		hlist_for_each_entry_rcu(s, ip_entry_hash_table + i,
-- 
2.1.4