net: bridge: Set strict_start_type at two policies

Make any attributes newly-added to br_port_policy or vlan_tunnel_policy
parsed strictly, to prevent userspace from passing garbage. Note that this
patchset only touches the former policy. The latter was adjusted for
completeness' sake. There do not appear to be other _deprecated calls
with non-NULL policies.

Suggested-by: Ido Schimmel <idosch@nvidia.com>
Signed-off-by: Petr Machata <petrm@nvidia.com>
Reviewed-by: Ido Schimmel <idosch@nvidia.com>
Acked-by: Nikolay Aleksandrov <razor@blackwall.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index 4316cc82ae1716e5e96413af53b635574e142bc3..a6133d4698854154d26ad44c9f3270b9ec6b6c08 100644 (file)
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -858,6 +858,8 @@ static int br_afspec(struct net_bridge *br,
 }
 
 static const struct nla_policy br_port_policy[IFLA_BRPORT_MAX + 1] = {
+       [IFLA_BRPORT_UNSPEC]    = { .strict_start_type =
+                                       IFLA_BRPORT_MCAST_EHT_HOSTS_LIMIT + 1 },
        [IFLA_BRPORT_STATE]     = { .type = NLA_U8 },
        [IFLA_BRPORT_COST]      = { .type = NLA_U32 },
        [IFLA_BRPORT_PRIORITY]  = { .type = NLA_U16 },

diff --git a/net/bridge/br_netlink_tunnel.c b/net/bridge/br_netlink_tunnel.c
index 8914290c75d480b28643bf99cec555569f9ae7e2..17abf092f7cac1fd1ba2b0e3818ae0fc210e00b3 100644 (file)
--- a/net/bridge/br_netlink_tunnel.c
+++ b/net/bridge/br_netlink_tunnel.c
@@ -188,6 +188,9 @@ initvars:
 }
 
 static const struct nla_policy vlan_tunnel_policy[IFLA_BRIDGE_VLAN_TUNNEL_MAX + 1] = {
+       [IFLA_BRIDGE_VLAN_TUNNEL_UNSPEC] = {
+               .strict_start_type = IFLA_BRIDGE_VLAN_TUNNEL_FLAGS + 1
+       },
        [IFLA_BRIDGE_VLAN_TUNNEL_ID] = { .type = NLA_U32 },
        [IFLA_BRIDGE_VLAN_TUNNEL_VID] = { .type = NLA_U16 },
        [IFLA_BRIDGE_VLAN_TUNNEL_FLAGS] = { .type = NLA_U16 },