Message ID | 20200322175113.91143-1-willemdebruijn.kernel@gmail.com |
---|---|
State | Accepted |
Delegated to: | David Miller |
Headers | show |
Series | [net,v2] macsec: restrict to ethernet devices | expand |
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com> Date: Sun, 22 Mar 2020 13:51:13 -0400 > From: Willem de Bruijn <willemb@google.com> > > Only attach macsec to ethernet devices. > > Syzbot was able to trigger a KMSAN warning in macsec_handle_frame > by attaching to a phonet device. > > Macvlan has a similar check in macvlan_port_create. > > v1->v2 > - fix commit message typo > > Reported-by: syzbot <syzkaller@googlegroups.com> > Signed-off-by: Willem de Bruijn <willemb@google.com> Applied and queued up for -stable.
diff --git a/drivers/net/macsec.c b/drivers/net/macsec.c index 6ec6fc191a6e..92bc2b2df660 100644 --- a/drivers/net/macsec.c +++ b/drivers/net/macsec.c @@ -19,6 +19,7 @@ #include <net/gro_cells.h> #include <net/macsec.h> #include <linux/phy.h> +#include <linux/if_arp.h> #include <uapi/linux/if_macsec.h> @@ -3665,6 +3666,8 @@ static int macsec_newlink(struct net *net, struct net_device *dev, real_dev = __dev_get_by_index(net, nla_get_u32(tb[IFLA_LINK])); if (!real_dev) return -ENODEV; + if (real_dev->type != ARPHRD_ETHER) + return -EINVAL; dev->priv_flags |= IFF_MACSEC;