[Devel] [PATCH RHEL7 COMMIT] ve/bridge: br_dev_init: check if "bridge" feature is enabled
Konstantin Khorenko
khorenko at virtuozzo.com
Fri Jul 29 08:16:35 PDT 2016
The commit is pushed to "branch-rh7-3.10.0-327.22.2.vz7.16.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-327.22.2.vz7.16.1
------>
commit 420fc7211bffd87d83cd4c8877ea446d9bc9222a
Author: Evgenii Shatokhin <eshatokhin at virtuozzo.com>
Date: Fri Jul 29 19:16:34 2016 +0400
ve/bridge: br_dev_init: check if "bridge" feature is enabled
Currently, the feature is checked in br_ioctl_deviceless_stub() which is
called when "brctl addbr" runs. However, "ip link add br1 type bridge"
goes a different path and still succeeds even if the feature is disabled
for a CT:
rtnl_newlink
rtnl_create_link
br_dev_setup
register_netdevice
br_dev_init
...
Let us check the "bridge" feature in br_dev_init() instead, to cover both
cases.
https://jira.sw.ru/browse/PSBM-50009
Signed-off-by: Evgenii Shatokhin <eshatokhin at virtuozzo.com>
Acked-by: Kirill Tkhai <ktkhai at virtuozzo.com>
---
net/bridge/br_device.c | 4 ++++
net/bridge/br_ioctl.c | 3 ---
2 files changed, 4 insertions(+), 3 deletions(-)
diff --git a/net/bridge/br_device.c b/net/bridge/br_device.c
index 5e3347b..db206a3 100644
--- a/net/bridge/br_device.c
+++ b/net/bridge/br_device.c
@@ -88,8 +88,12 @@ out:
static int br_dev_init(struct net_device *dev)
{
struct net_bridge *br = netdev_priv(dev);
+ struct net *net = dev_net(dev);
int err;
+ if (!(net->owner_ve->features & VE_FEATURE_BRIDGE))
+ return -EACCES;
+
br->stats = netdev_alloc_pcpu_stats(struct pcpu_sw_netstats);
if (!br->stats)
return -ENOMEM;
diff --git a/net/bridge/br_ioctl.c b/net/bridge/br_ioctl.c
index 98447b8..cd8c3a4 100644
--- a/net/bridge/br_ioctl.c
+++ b/net/bridge/br_ioctl.c
@@ -351,9 +351,6 @@ static int old_deviceless(struct net *net, void __user *uarg)
int br_ioctl_deviceless_stub(struct net *net, unsigned int cmd, void __user *uarg)
{
- if (!(net->owner_ve->features & VE_FEATURE_BRIDGE))
- return -ENOTTY;
-
switch (cmd) {
case SIOCGIFBR:
case SIOCSIFBR:
More information about the Devel
mailing list