[Devel] [PATCH RHEL9 COMMIT] net/ve: move check if netdevice is allowed in VE

[Konstantin Khorenko]

The commit is pushed to "branch-rh9-5.14.0-42.vz9.14.x-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh9-5.14.0-42.vz9.14.3
------>
commit 69127b26db200ae11c0001d57dd51cda74ec626e
Author: Nikita Yushchenko <nikita.yushchenko at virtuozzo.com>
Date:   Mon Feb 21 15:43:49 2022 +0300

    net/ve: move check if netdevice is allowed in VE
    
    The check if netdevice registration is allowed inside VE uses netdev's
    feature words, that are configured in ndo_init for some netdev types
    (namely, vlan and gre). Move the check below ndo_init, to avoid
    use-before-init scenario.
    
    Signed-off-by: Nikita Yushchenko <nikita.yushchenko at virtuozzo.com>
    Fixes: c45712b4c1a5 ("net: Add NETIF_F_VIRTUAL feature to mask devices allowed
    in CT")
---
 net/core/dev.c | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/net/core/dev.c b/net/core/dev.c
index 312958cf2c6d..96c849c7259f 100644
--- a/net/core/dev.c
+++ b/net/core/dev.c
@@ -10314,10 +10314,6 @@ int register_netdevice(struct net_device *dev)
 	BUG_ON(dev->reg_state != NETREG_UNINITIALIZED);
 	BUG_ON(!net);
 
-	ret = -EPERM;
-	if (!ve_is_super(net->owner_ve) && ve_is_dev_movable(dev))
-		return ret;
-
 	ret = ethtool_check_ops(dev->ethtool_ops);
 	if (ret)
 		return ret;
@@ -10353,6 +10349,11 @@ int register_netdevice(struct net_device *dev)
 		}
 	}
 
+	if (!ve_is_super(net->owner_ve) && ve_is_dev_movable(dev)) {
+		ret = -EPERM;
+		goto err_uninit;
+	}
+
 	if (((dev->hw_features | dev->features) &
 	     NETIF_F_HW_VLAN_CTAG_FILTER) &&
 	    (!dev->netdev_ops->ndo_vlan_rx_add_vid ||