Message ID | 1444560596-7140-1-git-send-email-razor@blackwall.org |
---|---|
State | Accepted, archived |
Delegated to: | David Miller |
Headers | show |
Sun, Oct 11, 2015 at 12:49:56PM CEST, razor@blackwall.org wrote: >From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> > >Currently it's possible for someone to send a vlan range to the kernel >with the pvid flag set which will result in the pvid bouncing from a >vlan to vlan and isn't correct, it also introduces problems for hardware >where it doesn't make sense having more than 1 pvid. iproute2 already >enforces this, so let's enforce it on kernel-side as well. > >Reported-by: Elad Raz <eladr@mellanox.com> >Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Acked-by: Jiri Pirko <jiri@mellanox.com> -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: Nikolay Aleksandrov <razor@blackwall.org> Date: Sun, 11 Oct 2015 12:49:56 +0200 > From: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> > > Currently it's possible for someone to send a vlan range to the kernel > with the pvid flag set which will result in the pvid bouncing from a > vlan to vlan and isn't correct, it also introduces problems for hardware > where it doesn't make sense having more than 1 pvid. iproute2 already > enforces this, so let's enforce it on kernel-side as well. > > Reported-by: Elad Raz <eladr@mellanox.com> > Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com> Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c index d78b4429505a..02b17b53e9a6 100644 --- a/net/bridge/br_netlink.c +++ b/net/bridge/br_netlink.c @@ -524,6 +524,9 @@ static int br_afspec(struct net_bridge *br, if (vinfo_start) return -EINVAL; vinfo_start = vinfo; + /* don't allow range of pvids */ + if (vinfo_start->flags & BRIDGE_VLAN_INFO_PVID) + return -EINVAL; continue; }