[Devel] [PATCH RHEL7 COMMIT] ms/neigh: disallow un-init_net to change thresh of neigh
Konstantin Khorenko
khorenko at virtuozzo.com
Wed Mar 29 04:59:19 PDT 2017
The commit is pushed to "branch-rh7-3.10.0-514.10.2.vz7.29.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-514.10.2.vz7.29.7
------>
commit 1789dc3ce5fa059b1cc0cd84fc699e2a028ad344
Author: Gao feng <gaofeng at cn.fujitsu.com>
Date: Thu Jun 20 10:01:34 2013 +0800
ms/neigh: disallow un-init_net to change thresh of neigh
thresh and interval are global resources,
only init net can change them.
Signed-off-by: Gao feng <gaofeng at cn.fujitsu.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
(cherry picked from commit dc25c676f54addb10e598daa9da9b8dd4fd487ab)
Let's prohibit changing of neigh thresholds from inside Container
similar to https://jira.sw.ru/browse/PSBM-59964
Found during investigation of
https://jira.sw.ru/browse/PSBM-63020
Signed-off-by: Konstantin Khorenko <khorenko at virtuozzo.com>
---
net/core/neighbour.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index d05622a..4320305 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -2108,6 +2108,12 @@ static int neightbl_set(struct sk_buff *skb, struct nlmsghdr *nlh)
}
}
+ err = -ENOENT;
+ if ((tb[NDTA_THRESH1] || tb[NDTA_THRESH2] ||
+ tb[NDTA_THRESH3] || tb[NDTA_GC_INTERVAL]) &&
+ !net_eq(net, &init_net))
+ goto errout_tbl_lock;
+
if (tb[NDTA_THRESH1])
tbl->gc_thresh1 = nla_get_u32(tb[NDTA_THRESH1]);
More information about the Devel
mailing list