Patchwork [3.5.y.z,extended,stable] Patch "tools: hv: Netlink source address validation allows DoS" has been added to staging queue

mail settings
Submitter Luis Henriques
Date March 22, 2013, 10:07 a.m.
Message ID <>
Download mbox | patch
Permalink /patch/229956/
State New
Headers show


Luis Henriques - March 22, 2013, 10:07 a.m.
This is a note to let you know that I have just added a patch titled

    tools: hv: Netlink source address validation allows DoS

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see



From 313d067be9c2cad62869b46a8e138e0acef216a0 Mon Sep 17 00:00:00 2001
From: Tomas Hozza <>
Date: Thu, 8 Nov 2012 10:53:29 +0100
Subject: [PATCH] tools: hv: Netlink source address validation allows DoS

commit 95a69adab9acfc3981c504737a2b6578e4d846ef upstream.

The source code without this patch caused hypervkvpd to exit when it processed
a spoofed Netlink packet which has been sent from an untrusted local user.
Now Netlink messages with a non-zero nl_pid source address are ignored
and a warning is printed into the syslog.

Signed-off-by: Tomas Hozza <>
Acked-by:  K. Y. Srinivasan <>
Signed-off-by: Greg Kroah-Hartman <>
Signed-off-by: Luis Henriques <>
 tools/hv/hv_kvp_daemon.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)



diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
index 2984ffb..60a8e29 100644
--- a/tools/hv/hv_kvp_daemon.c
+++ b/tools/hv/hv_kvp_daemon.c
@@ -727,13 +727,19 @@  int main(void)
 		len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0,
 				addr_p, &addr_l);

-		if (len < 0 || addr.nl_pid) {
+		if (len < 0) {
 			syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
 					addr.nl_pid, errno, strerror(errno));
 			return -1;

+		if (addr.nl_pid) {
+			syslog(LOG_WARNING, "Received packet from untrusted pid:%u",
+					addr.nl_pid);
+			continue;
+		}
 		incoming_msg = (struct nlmsghdr *)kvp_recv_buffer;
 		incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg);
 		hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data;