[Devel] [PATCH RHEL7 COMMIT] venet: forbid assigning veip to ve w/o id

Konstantin Khorenko khorenko at virtuozzo.com
Wed Jun 24 07:14:44 PDT 2015 

The commit is pushed to "branch-rh7-3.10.0-123.1.2-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-123.1.2.vz7.5.17
------>
commit c51e94154c9388aedca4233f1c2da6d42e3ec920
Author: Vladimir Davydov <vdavydov at parallels.com>
Date:   Wed Jun 24 18:14:44 2015 +0400

    venet: forbid assigning veip to ve w/o id
    
    A veip should only be assigned to a ve with veid, because veip's are
    referenced by veid, but currently one can assign a veip to a ve w/o veid
    by writing to ve.ip_allow cgroup file. Fix this.
    
    Also, while we are here, make ve_ip_access_seq_read static.
    
    https://jira.sw.ru/browse/PSBM-34450
    
    Signed-off-by: Vladimir Davydov <vdavydov at parallels.com>
---
 drivers/net/venetdev.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/drivers/net/venetdev.c b/drivers/net/venetdev.c
index 00457d3..d16ac3d 100644
--- a/drivers/net/venetdev.c
+++ b/drivers/net/venetdev.c
@@ -985,6 +985,9 @@ static int ve_ip_access_write(struct cgroup *cgrp, struct cftype *cft,
 	struct ve_addr_struct addr;
 	int ret;
 
+	if (!ve->veid)
+		return -ENOENT;
+
 	memset(&addr, 0, sizeof(addr));
 	if (strncmp(cft->name, "ip6", 3)) {
 		if ((ret = in4_to_veaddr(buffer, &addr)) != 0)
@@ -997,8 +1000,8 @@ static int ve_ip_access_write(struct cgroup *cgrp, struct cftype *cft,
 	return do_ve_ip_map(ve, cft->private, &addr);
 }
 
-int ve_ip_access_seq_read(struct cgroup *cgrp, struct cftype *cft,
-			  struct seq_file *m)
+static int ve_ip_access_seq_read(struct cgroup *cgrp, struct cftype *cft,
+				 struct seq_file *m)
 {
 	struct ve_struct *ve = cgroup_ve(cgrp);
 	struct ip_entry_struct *s;
@@ -1006,6 +1009,9 @@ int ve_ip_access_seq_read(struct cgroup *cgrp, struct cftype *cft,
 	int family = strncmp(cft->name, "ip6", 3) ? AF_INET : AF_INET6;
 	int i;
 
+	if (!ve->veid)
+		return -ENOENT;
+
 	rcu_read_lock();
 	for (i = 0; i < VEIP_HASH_SZ; i++) {
 		hlist_for_each_entry_rcu(s, ip_entry_hash_table + i,

More information about the Devel mailing list