hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I9K8D1 -------------------------------- Fix kabi change in struct genl_multicast_group. Fixes: 015870c10c45 ("genetlink: add CAP_NET_ADMIN test for multicast bind") Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com> --- include/net/genetlink.h | 7 ------- net/core/drop_monitor.c | 2 +- net/netlink/genetlink.c | 16 +++++++++++++--- net/psample/psample.c | 3 +-- 4 files changed, 15 insertions(+), 13 deletions(-) diff --git a/include/net/genetlink.h b/include/net/genetlink.h index ce3e670a7458..f927ba671e4b 100644 --- a/include/net/genetlink.h +++ b/include/net/genetlink.h @@ -9,19 +9,12 @@ #define GENLMSG_DEFAULT_SIZE (NLMSG_DEFAULT_SIZE - GENL_HDRLEN) -/* Binding to multicast group requires %CAP_NET_ADMIN */ -#define GENL_MCAST_CAP_NET_ADMIN BIT(0) -/* Binding to multicast group requires %CAP_SYS_ADMIN */ -#define GENL_MCAST_CAP_SYS_ADMIN BIT(1) - /** * struct genl_multicast_group - generic netlink multicast group * @name: name of the multicast group, names are per-family - * @flags: GENL_MCAST_* flags */ struct genl_multicast_group { char name[GENL_NAMSIZ]; - u8 flags; }; struct genl_ops; diff --git a/net/core/drop_monitor.c b/net/core/drop_monitor.c index 8bdebb4e15f4..a3412464cbd3 100644 --- a/net/core/drop_monitor.c +++ b/net/core/drop_monitor.c @@ -183,7 +183,7 @@ static struct sk_buff *reset_per_cpu_data(struct per_cpu_dm_data *data) } static const struct genl_multicast_group dropmon_mcgrps[] = { - { .name = "events", .flags = GENL_MCAST_CAP_SYS_ADMIN, }, + { .name = "events" }, }; static void send_dm_alert(struct work_struct *work) diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c index 508c954a3747..418abf25bca6 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c @@ -1366,6 +1366,7 @@ static struct genl_family genl_ctrl __ro_after_init = { static int genl_bind(struct net *net, int group) { + bool check_sys_admin, check_net_admin; const struct genl_family *family; unsigned int id; int ret = 0; @@ -1382,12 +1383,21 @@ static int genl_bind(struct net *net, int group) i = group - family->mcgrp_offset; if (i < 0 || i >= family->n_mcgrps) continue; - + check_sys_admin = false; + check_net_admin = false; grp = &family->mcgrps[i]; - if ((grp->flags & GENL_MCAST_CAP_NET_ADMIN) && + if (!strcmp(family->name, "NET_DM")) { + if (!strcmp(grp->name, "events")) + check_sys_admin = true; + } else if (!strcmp(family->name, "psample")) { + if (!strcmp(grp->name, "packets")) + check_net_admin = true; + } + + if (check_net_admin && !ns_capable(net->user_ns, CAP_NET_ADMIN)) ret = -EPERM; - if ((grp->flags & GENL_MCAST_CAP_SYS_ADMIN) && + if (check_sys_admin && !ns_capable(net->user_ns, CAP_SYS_ADMIN)) ret = -EPERM; diff --git a/net/psample/psample.c b/net/psample/psample.c index 8fa4aad44737..482c07f2766b 100644 --- a/net/psample/psample.c +++ b/net/psample/psample.c @@ -30,8 +30,7 @@ enum psample_nl_multicast_groups { static const struct genl_multicast_group psample_nl_mcgrps[] = { [PSAMPLE_NL_MCGRP_CONFIG] = { .name = PSAMPLE_NL_MCGRP_CONFIG_NAME }, - [PSAMPLE_NL_MCGRP_SAMPLE] = { .name = PSAMPLE_NL_MCGRP_SAMPLE_NAME, - .flags = GENL_MCAST_CAP_NET_ADMIN,}, + [PSAMPLE_NL_MCGRP_SAMPLE] = { .name = PSAMPLE_NL_MCGRP_SAMPLE_NAME }, }; static struct genl_family psample_nl_family __ro_after_init; -- 2.34.1