Message ID | 20200322160449.79185-1-willemdebruijn.kernel@gmail.com |
---|---|
State | Superseded |
Delegated to: | David Miller |
Headers | show |
Series | [net] macsec: restrict to ethernet devices | expand |
On Sun, Mar 22, 2020 at 12:04:49PM -0400, Willem de Bruijn wrote: > From: Willem de Bruijn <willemb@google.com> > > Only attach macsec to ethernet devices. > > Syzbot was able able trigger a KMSAN warning in macsec_handle_frame able to Looks sensible otherwise. Andrew
On Sun, Mar 22, 2020 at 12:23 PM Andrew Lunn <andrew@lunn.ch> wrote: > > On Sun, Mar 22, 2020 at 12:04:49PM -0400, Willem de Bruijn wrote: > > From: Willem de Bruijn <willemb@google.com> > > > > Only attach macsec to ethernet devices. > > > > Syzbot was able able trigger a KMSAN warning in macsec_handle_frame > > able to > > Looks sensible otherwise. Thanks! Will send a v2 right away.
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 6ec6fc191a6e..92bc2b2df660 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -19,6 +19,7 @@ #include <net/gro_cells.h> #include <net/macsec.h> #include <linux/phy.h> +#include <linux/if_arp.h> #include <uapi/linux/if_macsec.h> @@ -3665,6 +3666,8 @@ static int macsec_newlink(struct net *net, struct net_device *dev, real_dev = __dev_get_by_index(net, nla_get_u32(tb[IFLA_LINK])); if (!real_dev) return -ENODEV; + if (real_dev->type != ARPHRD_ETHER) + return -EINVAL; dev->priv_flags |= IFF_MACSEC;