ipv6: invert flowlabel sharing check in process and user mode [Linux 3.16.72]

This Linux kernel change "ipv6: invert flowlabel sharing check in process and user mode" is included in the Linux 3.16.72 release. This change is authored by Willem de Bruijn <willemb [at] google.com> on Thu Apr 25 12:06:54 2019 -0400. The commit for this change in Linux stable tree is 9fd1512 (patch) which is from upstream commit 95c1692. The same Linux upstream change may have been applied to various maintained Linux releases and you can find all Linux releases containing changes from upstream 95c1692.

ipv6: invert flowlabel sharing check in process and user mode

commit 95c169251bf734aa555a1e8043e4d88ec97a04ec upstream.

A request for a flowlabel fails in process or user exclusive mode must
fail if the caller pid or uid does not match. Invert the test.

Previously, the test was unsafe wrt PID recycling, but indeed tested
for inequality: fl1->owner != fl->owner

Fixes: 4f82f45730c68 ("net ip6 flowlabel: Make owner a union of struct pid* and kuid_t")
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>

There are 4 lines of Linux source code added/deleted in this change. Code changes to Linux kernel are as follows.

 net/ipv6/ip6_flowlabel.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
index f40ba68..7144773 100644
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -630,9 +630,9 @@ int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
                if (fl1->share == IPV6_FL_S_EXCL ||
                    fl1->share != fl->share ||
                    ((fl1->share == IPV6_FL_S_PROCESS) &&
-                    (fl1->owner.pid == fl->owner.pid)) ||
+                    (fl1->owner.pid != fl->owner.pid)) ||
                    ((fl1->share == IPV6_FL_S_USER) &&
-                    uid_eq(fl1->owner.uid, fl->owner.uid)))
+                    !uid_eq(fl1->owner.uid, fl->owner.uid)))
                    goto release;

                err = -ENOMEM;

Leave a Reply

Your email address will not be published. Required fields are marked *