From patchwork Mon Jul 31 17:53:29 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sumit Semwal X-Patchwork-Id: 109039 Delivered-To: patch@linaro.org Received: by 10.140.101.6 with SMTP id t6csp494863qge; Mon, 31 Jul 2017 10:54:14 -0700 (PDT) X-Received: by 10.99.66.130 with SMTP id p124mr16442129pga.53.1501523654047; Mon, 31 Jul 2017 10:54:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501523654; cv=none; d=google.com; s=arc-20160816; b=CHB7eF7p9G6Nmbe9vRH8A1l9o3OdhETP9zHfuSegCJn9Tom8/a3TBmwZWODLivab/Z so00qu4cVSTvqtlPeVfOhriZbaMkqrKE5ojPcH/jsk3DikR8WH/STnoH4emeOxlTqHGg FXgTTSdBNEoVCQohfJp5boOT3G+OzPQK4xRB5OTXGnlM7K61H/o4XokcjDbtxoGOrKef iurhgVAu2oO/aOWWVEUhtMQ/aQdguGkrVKDYcKMRvYdsjTRWVlskDXEY5abGrWUV12Ot pBh8YICRs0LZGbvjDL6n6hwz7uQVwoGMGl/A2afnsFPaAJ6eRbm4SuvAhe3pHKb0u/8U 4wOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=i2nIVT4ro7ZL+DfLkxGsAHBsGkl7bEiedqcPR9i1WwA=; b=KUyYDzFek0LjLy74IrBd7cCN3G6ZlUphMaVtmitx9KdJMCc0iOD2c5OBaJ7cfqGD8r fSFZ/rzGyOiuh+Er9ycxJasgHgWpaYRbLhy/LNdSfUdcjpZmkI18ZPOubZQVdledIOgr EZQTvoSRr7mhm5pxHbMBioVeDlib6iQZnEoBi8D/hhgPLXrHpVXEJnq9reMn5bTYJwFl xeLTw8faOQFDC8oMidmtTSLvY1hAediLSPkb57PztCZz0HDsfA4Qm4wesM8zOh1y3gg6 zyEvYjXuHzZW/pd2RcJPa9FoJcqJN01l5lh6vSlzADheQhYb/PaOWcQB361R9kV7CoyW oJWw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=KiQ4y12+; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d2si17444585pln.785.2017.07.31.10.54.13; Mon, 31 Jul 2017 10:54:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=KiQ4y12+; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751701AbdGaRyM (ORCPT + 6 others); Mon, 31 Jul 2017 13:54:12 -0400 Received: from mail-pf0-f180.google.com ([209.85.192.180]:35157 "EHLO mail-pf0-f180.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751563AbdGaRyL (ORCPT ); Mon, 31 Jul 2017 13:54:11 -0400 Received: by mail-pf0-f180.google.com with SMTP id t86so13920728pfe.2 for ; Mon, 31 Jul 2017 10:54:11 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=i2nIVT4ro7ZL+DfLkxGsAHBsGkl7bEiedqcPR9i1WwA=; b=KiQ4y12+ABYYsF2hgd4zExNLgJouPFogjTtKdDYhs6vqHtoe5QiQWHZvgWfKdZqC3r n3edBC1W5XOZK2JtNvlOVeeom6xhaDx6B9dADo6mOv7wgI5LBtmLOk5bqrf9ncKsd7mn 38pEoSOjaZDE+nhblrZLfKMohIBz6TlRAHzmg= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=i2nIVT4ro7ZL+DfLkxGsAHBsGkl7bEiedqcPR9i1WwA=; b=iOEDOzdKUO2iL+Iugq957L01FDE8TJQj8YCd/iWpBqnIldqKZG6QQDtB5UOfOYFZJb TMUX26CKdBCPiwMiMEzwrvpR8WsZt/2VdtnKdqePKE48V+OX2snI1Yo4PlANfBs0ekxq tbw74U5jzDvEDKCo8qtVvdcZa5A2cgqeDuYniNxE7MN13f7Ibo0sJwUGe6GaDO+mFPUP /l7Ne8QoYKDogqyxA8bL4v77sGlvFq+AMPClGelpNOUF+ZZ+MhpRdf+adqKJIEfPvA1q UqSTqUUDymzYiZuj5GG0bt4Ykrr4V+rTUON5bIp6m8PGX8xLirDeXrr/QwK5BWYP4sQp V+rw== X-Gm-Message-State: AIVw1119zEWEEHq8Ci2Z1/3DWVqhbJfUT+nPWfHZ+joPYSvnEUBpl4DR 27IqFjNBcmokeofL58Q1LQ== X-Received: by 10.84.178.164 with SMTP id z33mr14614895plb.419.1501523649967; Mon, 31 Jul 2017 10:54:09 -0700 (PDT) Received: from phantom.lan ([106.51.116.52]) by smtp.gmail.com with ESMTPSA id j29sm62148749pfj.68.2017.07.31.10.54.07 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 31 Jul 2017 10:54:08 -0700 (PDT) From: Sumit Semwal To: stable@vger.kernel.org Cc: Linus Torvalds , Sumit Semwal Subject: [PATCH for-4.4 1/3] Make file credentials available to the seqfile interfaces Date: Mon, 31 Jul 2017 23:23:29 +0530 Message-Id: <1501523611-18222-2-git-send-email-sumit.semwal@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501523611-18222-1-git-send-email-sumit.semwal@linaro.org> References: <1501523611-18222-1-git-send-email-sumit.semwal@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Linus Torvalds Commit 34dbbcdbf63360661ff7bda6c5f52f99ac515f92 upstream. A lot of seqfile users seem to be using things like %pK that uses the credentials of the current process, but that is actually completely wrong for filesystem interfaces. The unix semantics for permission checking files is to check permissions at _open_ time, not at read or write time, and that is not just a small detail: passing off stdin/stdout/stderr to a suid application and making the actual IO happen in privileged context is a classic exploit technique. So if we want to be able to look at permissions at read time, we need to use the file open credentials, not the current ones. Normal file accesses can just use "f_cred" (or any of the helper functions that do that, like file_ns_capable()), but the seqfile interfaces do not have any such options. It turns out that seq_file _does_ save away the user_ns information of the file, though. Since user_ns is just part of the full credential information, replace that special case with saving off the cred pointer instead, and suddenly seq_file has all the permission information it needs. [sumits: this is used in Ubuntu as a fix for CVE-2015-8944] Signed-off-by: Linus Torvalds Signed-off-by: Sumit Semwal --- fs/seq_file.c | 7 ++++--- include/linux/seq_file.h | 13 ++++--------- 2 files changed, 8 insertions(+), 12 deletions(-) -- 2.7.4 diff --git a/fs/seq_file.c b/fs/seq_file.c index d672e2fec459..6dc4296eed62 100644 --- a/fs/seq_file.c +++ b/fs/seq_file.c @@ -72,9 +72,10 @@ int seq_open(struct file *file, const struct seq_operations *op) mutex_init(&p->lock); p->op = op; -#ifdef CONFIG_USER_NS - p->user_ns = file->f_cred->user_ns; -#endif + + // No refcounting: the lifetime of 'p' is constrained + // to the lifetime of the file. + p->file = file; /* * Wrappers around seq_open(e.g. swaps_open) need to be diff --git a/include/linux/seq_file.h b/include/linux/seq_file.h index dde00defbaa5..f3d45dd42695 100644 --- a/include/linux/seq_file.h +++ b/include/linux/seq_file.h @@ -7,13 +7,10 @@ #include #include #include +#include +#include struct seq_operations; -struct file; -struct path; -struct inode; -struct dentry; -struct user_namespace; struct seq_file { char *buf; @@ -27,9 +24,7 @@ struct seq_file { struct mutex lock; const struct seq_operations *op; int poll_event; -#ifdef CONFIG_USER_NS - struct user_namespace *user_ns; -#endif + const struct file *file; void *private; }; @@ -147,7 +142,7 @@ int seq_release_private(struct inode *, struct file *); static inline struct user_namespace *seq_user_ns(struct seq_file *seq) { #ifdef CONFIG_USER_NS - return seq->user_ns; + return seq->file->f_cred->user_ns; #else extern struct user_namespace init_user_ns; return &init_user_ns; From patchwork Mon Jul 31 17:53:30 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sumit Semwal X-Patchwork-Id: 109040 Delivered-To: patch@linaro.org Received: by 10.140.101.6 with SMTP id t6csp494989qge; Mon, 31 Jul 2017 10:54:21 -0700 (PDT) X-Received: by 10.98.65.220 with SMTP id g89mr4839256pfd.122.1501523661779; Mon, 31 Jul 2017 10:54:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501523661; cv=none; d=google.com; s=arc-20160816; b=pGq6433ck8WoB90NyCOLz18S8Ev6E9BY1wqqGXMoll4rNKNVHVcf5YVtLgMsGmddLz DJ+VmlRv1+PIqnBIogjR60yxf1nvBEgJFQGTuLr9smEz4QPV2b8/Hk9mu8EhuVZyS3E4 gJ0it2LqHQMctM7kiBHNRkcprWk9c5pVio3lETw0gJiqgYnLTHhC9wR42cIxEnMNFav1 p+KeuJtyp6DqUO3mZatV8iFFDP+w3602UM4GG3ZAFn3jg09M9B9rSn8PX6Mcg4gpXYuD ysb0KZMyrVP8AOIIjQ3TztwtvieVI6BKhcOX3oklQukKV33Fp4vUzOOpelAEbso2p/I0 JmvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=N0LQwrXsz9nTASLlx2yZmykT43EVC5VDBLpZld9Xti4=; b=LXR2ej2O6t2ukgLnAjLAwhoz0l0ohekuWIdk7Te0PzF2DXvVWzYie8CABsxaIqC5jb sRcMXfUIS3ElM3h5oeEZl+ITQRCeYUUqZ3hDe/NS0XBpqDSlq8M7+DWKFFKV2P8oM+in VnpdEF/A0cm4dVwHP5PT4IW2/mJM1HHnUCgp5LKWC37wc7WzMlDkFybKuXZpTbM+rytq GGA/t8CAzaGI1PWZbt9SkNJVdWxGnPttonng6OybW2EqFauJA2+9HrNbRkTmIpQKao/L liXiAWCQ13dqKgsqGmLIIrXAfO6Z5XL4QoYCbu9hYIj6gUSMbHUxsH/1gwbd8yyzBXm0 +f6w== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=fipipyU2; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d2si17444585pln.785.2017.07.31.10.54.21; Mon, 31 Jul 2017 10:54:21 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=fipipyU2; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751106AbdGaRyT (ORCPT + 6 others); Mon, 31 Jul 2017 13:54:19 -0400 Received: from mail-pf0-f169.google.com ([209.85.192.169]:36549 "EHLO mail-pf0-f169.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750940AbdGaRyR (ORCPT ); Mon, 31 Jul 2017 13:54:17 -0400 Received: by mail-pf0-f169.google.com with SMTP id z129so84365589pfb.3 for ; Mon, 31 Jul 2017 10:54:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=N0LQwrXsz9nTASLlx2yZmykT43EVC5VDBLpZld9Xti4=; b=fipipyU2r/mDo2Qa0lOabIKRf3aX5Sq6zVGs6qG8SLiUbkOOq/unqJC0SohJxPn/mf OCtudQQAOep64Evs9ghoKRMpVQkX59K+Grcy7iPwDMjWj9XqfGFe843VXLu07rnEDON7 GAzYd+0Mo+QwQ9+jLCEJ3J/6MXu7CaiuRtqh0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=N0LQwrXsz9nTASLlx2yZmykT43EVC5VDBLpZld9Xti4=; b=QEV3tGxAKJKOjp14X9fqx0BFYjI4tXUEYmC4AQxYBvMX4W0IOcEoAoK+TPjV6pVn92 RAlHP6TSHvOgchuSFhJgqUG+24Ntjn34jWEg5pOBuHxE4jAgfsSn4UqJSCZTXHknbsyO pmY6vlI0o7iLnHngRhHQOxbNM/DkfQHY98dGjGIm/vS1VaznuCcUDhZ7C+mvuFLVYNFP bs49QFgbvfbg6jsUS1pzNXhJwqO8vv7LRTkOUN7Uj6/S3z6KEfoazP/onJxT3YT997u1 1AcDr1ww8cP1H3Fn6RQE9r1q4zDVBjcIoE1guUKvVyYqGzePPPdsgK8v/UMwS0uT0iWN DWYg== X-Gm-Message-State: AIVw110Lgxd6peOxm0On9hSDmKKH6x0tIMUNyYbTvoCF+zuBqPzel7OL qYtdeaFQ8J33mcheUlsggw== X-Received: by 10.99.102.68 with SMTP id a65mr16137644pgc.252.1501523656077; Mon, 31 Jul 2017 10:54:16 -0700 (PDT) Received: from phantom.lan ([106.51.116.52]) by smtp.gmail.com with ESMTPSA id j29sm62148749pfj.68.2017.07.31.10.54.13 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 31 Jul 2017 10:54:14 -0700 (PDT) From: Sumit Semwal To: stable@vger.kernel.org Cc: Linus Torvalds , Sumit Semwal Subject: [PATCH for-4.4 2/3] /proc/iomem: only expose physical resource addresses to privileged users Date: Mon, 31 Jul 2017 23:23:30 +0530 Message-Id: <1501523611-18222-3-git-send-email-sumit.semwal@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501523611-18222-1-git-send-email-sumit.semwal@linaro.org> References: <1501523611-18222-1-git-send-email-sumit.semwal@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Linus Torvalds Commit 34dbbcdbf63360661ff7bda6c5f52f99ac515f92 upstream. In commit c4004b02f8e5b ("x86: remove the kernel code/data/bss resources from /proc/iomem") I was hoping to remove the phyiscal kernel address data from /proc/iomem entirely, but that had to be reverted because some system programs actually use it. This limits all the detailed resource information to properly credentialed users instead. [sumits: this is used in Ubuntu as a fix for CVE-2015-8944] Signed-off-by: Linus Torvalds Signed-off-by: Sumit Semwal --- kernel/resource.c | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) -- 2.7.4 diff --git a/kernel/resource.c b/kernel/resource.c index 249b1eb1e6e1..a4a94e700fb9 100644 --- a/kernel/resource.c +++ b/kernel/resource.c @@ -105,16 +105,25 @@ static int r_show(struct seq_file *m, void *v) { struct resource *root = m->private; struct resource *r = v, *p; + unsigned long long start, end; int width = root->end < 0x10000 ? 4 : 8; int depth; for (depth = 0, p = r; depth < MAX_IORES_LEVEL; depth++, p = p->parent) if (p->parent == root) break; + + if (file_ns_capable(m->file, &init_user_ns, CAP_SYS_ADMIN)) { + start = r->start; + end = r->end; + } else { + start = end = 0; + } + seq_printf(m, "%*s%0*llx-%0*llx : %s\n", depth * 2, "", - width, (unsigned long long) r->start, - width, (unsigned long long) r->end, + width, start, + width, end, r->name ? r->name : ""); return 0; } From patchwork Mon Jul 31 17:53:31 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sumit Semwal X-Patchwork-Id: 109041 Delivered-To: patch@linaro.org Received: by 10.140.101.6 with SMTP id t6csp495068qge; Mon, 31 Jul 2017 10:54:27 -0700 (PDT) X-Received: by 10.84.224.134 with SMTP id s6mr18259154plj.4.1501523666932; Mon, 31 Jul 2017 10:54:26 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1501523666; cv=none; d=google.com; s=arc-20160816; b=SmEpmoLkLg/iPUZU8Xi2uLqOrmSqJNPAm/jFl88TjwiZ4RflT0EoQRT4oeQeHxRCV/ +VLYT7WbLSX8EsK8yrUN2/MCBEiUU6t95aCzlAZRRrr+X/JQOsvkRc1ILv4kfOLnNoe/ 6MiwtNugXXRmhYTxQnLAKhfaKiPyqu2+CVA2OkRZZJn0+X+GZaHr2vBmZ4JLTxQzaA+E cr5FcGx1kz+zVTT1O+c3NFB+4gMSLVET2SdIDMIqqwhx/17FsdA7KsExIbNsFbp0kY17 9jpz93WspmBKSQ1sUZ0O2cVLcCkGJfbaUoNCH3388MgTmbdk5+ewiZDsTNQFdYhjy9Uf RiuA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=4rskKmvpmqzfu1wfXAapOBcW12fp+S+nn0/h7WUFWzE=; b=umBHm9P4G+qxIQGZB7BYznFgFw/5Kl/1niFTFGgZpCD8bP9L1Ysb8fGiwgYJNbT/l8 ZJHZNWvhxGNKCiRifEAGmohsYneuaTTYRHr3xEXSRyAz3hBW7kmjlsiFLCjmevllMlAn iWr9Ahe5G7x0eK9AqLgXu5YlMlvMOSeGjndp9BOFFWgUL6cJcqW1wLyLqBg64EEwQkWg 5ZCF5noUHQ29wmZ0r1y3J4o3AElbGfLH+ZekJg+zjwZIJCsIsh+Xez1mp9mP+J3JRzd9 IlqxNbQGDyjG+7AevkqBjmA2Fsj16vRIxXnl4ENVpBLz7G5FMuCg5gyudEAWkBnfQ4Dt 1bWQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linaro.org header.b=VgI/R6NU; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d2si17444585pln.785.2017.07.31.10.54.26; Mon, 31 Jul 2017 10:54:26 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linaro.org header.b=VgI/R6NU; spf=pass (google.com: best guess record for domain of stable-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=stable-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751563AbdGaRyZ (ORCPT + 6 others); Mon, 31 Jul 2017 13:54:25 -0400 Received: from mail-pg0-f42.google.com ([74.125.83.42]:35275 "EHLO mail-pg0-f42.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751533AbdGaRyX (ORCPT ); Mon, 31 Jul 2017 13:54:23 -0400 Received: by mail-pg0-f42.google.com with SMTP id v189so11772391pgd.2 for ; Mon, 31 Jul 2017 10:54:22 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=4rskKmvpmqzfu1wfXAapOBcW12fp+S+nn0/h7WUFWzE=; b=VgI/R6NUt/+GicWxMAqBp7A5DWowA+t2pN41u37GdZ7Yl8e3xiZIQQUwB15T5uc+Er Icj7GYclims8vUWflSRBulRJDIRjXfZdtjR5BIxzWHyN0wuD0DLsyiIb0uqdpbXpVBnW +jnpByQGVxJtocCuCUVvtK/SQcb4i4RqrYRUA= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=4rskKmvpmqzfu1wfXAapOBcW12fp+S+nn0/h7WUFWzE=; b=lHTohePcJSTQvhagKap13CMLsNJgeiO4JEXAJ3Wd25TZtU3eXjx5tRgkzKg7F7d0sX WfmJ1pDqujS77TdF2BOd6KTy1UBD9sQXwii1isCfi6Dx7/a459QYqzUqCiPKAktNW4mH Oq3Xd/1WBrkomKxnJ4R4ZjuXd/erAse5jvpzPlnu5Iapr7lRjmKSf96oKL/WKd7YFK5C j1KJwT//dxK/fzR9jXvVE5fdZhCnDtPcJcHH59kHxlvu8UThBQXAvAGL2bt2pQRvZCFR k0qnbjSrEUBYy4ByYoqGd3/GLn2TXgypnihM6t79satwgcqea7uMjbyddglc1fYa5GOT Jbgw== X-Gm-Message-State: AIVw110rl6M18Rv1bQGFohZdZIYDZ8f5+Bvut+fAtWh3Ddl5L/K0H+Xk FCVGxmRIVrC5tDNkW2R0tA== X-Received: by 10.99.180.8 with SMTP id s8mr2293808pgf.166.1501523661872; Mon, 31 Jul 2017 10:54:21 -0700 (PDT) Received: from phantom.lan ([106.51.116.52]) by smtp.gmail.com with ESMTPSA id j29sm62148749pfj.68.2017.07.31.10.54.19 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 31 Jul 2017 10:54:20 -0700 (PDT) From: Sumit Semwal To: stable@vger.kernel.org Cc: Mike Manning , "David S . Miller" , Sumit Semwal Subject: [PATCH for-4.4 3/3] vlan: Propagate MAC address to VLANs Date: Mon, 31 Jul 2017 23:23:31 +0530 Message-Id: <1501523611-18222-4-git-send-email-sumit.semwal@linaro.org> X-Mailer: git-send-email 2.7.4 In-Reply-To: <1501523611-18222-1-git-send-email-sumit.semwal@linaro.org> References: <1501523611-18222-1-git-send-email-sumit.semwal@linaro.org> Sender: stable-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: stable@vger.kernel.org From: Mike Manning Commit 308453aa9156a3b8ee382c0949befb507a32b0c1 Upstream. The MAC address of the physical interface is only copied to the VLAN when it is first created, resulting in an inconsistency after MAC address changes of only newly created VLANs having an up-to-date MAC. The VLANs should continue inheriting the MAC address of the physical interface until the VLAN MAC address is explicitly set to any value. This allows IPv6 EUI64 addresses for the VLAN to reflect any changes to the MAC of the physical interface and thus for DAD to behave as expected. Signed-off-by: Mike Manning Signed-off-by: David S. Miller Signed-off-by: Sumit Semwal --- net/8021q/vlan.c | 5 +++++ net/8021q/vlan.h | 2 ++ net/8021q/vlan_dev.c | 20 +++++++++++++++++--- 3 files changed, 24 insertions(+), 3 deletions(-) -- 2.7.4 diff --git a/net/8021q/vlan.c b/net/8021q/vlan.c index e20ae2d3c498..5e4199d5a388 100644 --- a/net/8021q/vlan.c +++ b/net/8021q/vlan.c @@ -292,6 +292,10 @@ static void vlan_sync_address(struct net_device *dev, if (ether_addr_equal(vlan->real_dev_addr, dev->dev_addr)) return; + /* vlan continues to inherit address of lower device */ + if (vlan_dev_inherit_address(vlandev, dev)) + goto out; + /* vlan address was different from the old address and is equal to * the new address */ if (!ether_addr_equal(vlandev->dev_addr, vlan->real_dev_addr) && @@ -304,6 +308,7 @@ static void vlan_sync_address(struct net_device *dev, !ether_addr_equal(vlandev->dev_addr, dev->dev_addr)) dev_uc_add(dev, vlandev->dev_addr); +out: ether_addr_copy(vlan->real_dev_addr, dev->dev_addr); } diff --git a/net/8021q/vlan.h b/net/8021q/vlan.h index 9d010a09ab98..cc1557978066 100644 --- a/net/8021q/vlan.h +++ b/net/8021q/vlan.h @@ -109,6 +109,8 @@ int vlan_check_real_dev(struct net_device *real_dev, void vlan_setup(struct net_device *dev); int register_vlan_dev(struct net_device *dev); void unregister_vlan_dev(struct net_device *dev, struct list_head *head); +bool vlan_dev_inherit_address(struct net_device *dev, + struct net_device *real_dev); static inline u32 vlan_get_ingress_priority(struct net_device *dev, u16 vlan_tci) diff --git a/net/8021q/vlan_dev.c b/net/8021q/vlan_dev.c index fded86508117..ca4dc9031073 100644 --- a/net/8021q/vlan_dev.c +++ b/net/8021q/vlan_dev.c @@ -244,6 +244,17 @@ void vlan_dev_get_realdev_name(const struct net_device *dev, char *result) strncpy(result, vlan_dev_priv(dev)->real_dev->name, 23); } +bool vlan_dev_inherit_address(struct net_device *dev, + struct net_device *real_dev) +{ + if (dev->addr_assign_type != NET_ADDR_STOLEN) + return false; + + ether_addr_copy(dev->dev_addr, real_dev->dev_addr); + call_netdevice_notifiers(NETDEV_CHANGEADDR, dev); + return true; +} + static int vlan_dev_open(struct net_device *dev) { struct vlan_dev_priv *vlan = vlan_dev_priv(dev); @@ -254,7 +265,8 @@ static int vlan_dev_open(struct net_device *dev) !(vlan->flags & VLAN_FLAG_LOOSE_BINDING)) return -ENETDOWN; - if (!ether_addr_equal(dev->dev_addr, real_dev->dev_addr)) { + if (!ether_addr_equal(dev->dev_addr, real_dev->dev_addr) && + !vlan_dev_inherit_address(dev, real_dev)) { err = dev_uc_add(real_dev, dev->dev_addr); if (err < 0) goto out; @@ -558,8 +570,10 @@ static int vlan_dev_init(struct net_device *dev) /* ipv6 shared card related stuff */ dev->dev_id = real_dev->dev_id; - if (is_zero_ether_addr(dev->dev_addr)) - eth_hw_addr_inherit(dev, real_dev); + if (is_zero_ether_addr(dev->dev_addr)) { + ether_addr_copy(dev->dev_addr, real_dev->dev_addr); + dev->addr_assign_type = NET_ADDR_STOLEN; + } if (is_zero_ether_addr(dev->broadcast)) memcpy(dev->broadcast, real_dev->broadcast, dev->addr_len);