From: Lin Ma linma@zju.edu.cn
mainline inclusion from mainline-v5.16-rc1 commit aedddb4e45b34426cfbfa84454b6f203712733c5 category: bugfix bugzilla: NA CVE: CVE-2021-4202
--------------------------------
The CAP_NET_ADMIN checks are needed to prevent attackers faking a device under NCIUARTSETDRIVER and exploit privileged commands.
This patch add GENL_ADMIN_PERM flags in genl_ops to fulfill the check. Except for commands like NFC_CMD_GET_DEVICE, NFC_CMD_GET_TARGET, NFC_CMD_LLC_GET_PARAMS, and NFC_CMD_GET_SE, which are mainly information- read operations.
Signed-off-by: Lin Ma linma@zju.edu.cn Signed-off-by: David S. Miller davem@davemloft.net Conflicts: net/nfc/netlink.c Signed-off-by: Yang Yingliang yangyingliang@huawei.com Reviewed-by: Xiu Jianfeng xiujianfeng@huawei.com Reviewed-by: Yue Haibing yuehaibing@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- net/nfc/netlink.c | 15 +++++++++++++++ 1 file changed, 15 insertions(+)
diff --git a/net/nfc/netlink.c b/net/nfc/netlink.c index 30938854bb8d2..5fa4fee173653 100644 --- a/net/nfc/netlink.c +++ b/net/nfc/netlink.c @@ -1677,31 +1677,37 @@ static const struct genl_ops nfc_genl_ops[] = { .cmd = NFC_CMD_DEV_UP, .doit = nfc_genl_dev_up, .policy = nfc_genl_policy, + .flags = GENL_ADMIN_PERM, }, { .cmd = NFC_CMD_DEV_DOWN, .doit = nfc_genl_dev_down, .policy = nfc_genl_policy, + .flags = GENL_ADMIN_PERM, }, { .cmd = NFC_CMD_START_POLL, .doit = nfc_genl_start_poll, .policy = nfc_genl_policy, + .flags = GENL_ADMIN_PERM, }, { .cmd = NFC_CMD_STOP_POLL, .doit = nfc_genl_stop_poll, .policy = nfc_genl_policy, + .flags = GENL_ADMIN_PERM, }, { .cmd = NFC_CMD_DEP_LINK_UP, .doit = nfc_genl_dep_link_up, .policy = nfc_genl_policy, + .flags = GENL_ADMIN_PERM, }, { .cmd = NFC_CMD_DEP_LINK_DOWN, .doit = nfc_genl_dep_link_down, .policy = nfc_genl_policy, + .flags = GENL_ADMIN_PERM, }, { .cmd = NFC_CMD_GET_TARGET, @@ -1718,26 +1724,31 @@ static const struct genl_ops nfc_genl_ops[] = { .cmd = NFC_CMD_LLC_SET_PARAMS, .doit = nfc_genl_llc_set_params, .policy = nfc_genl_policy, + .flags = GENL_ADMIN_PERM, }, { .cmd = NFC_CMD_LLC_SDREQ, .doit = nfc_genl_llc_sdreq, .policy = nfc_genl_policy, + .flags = GENL_ADMIN_PERM, }, { .cmd = NFC_CMD_FW_DOWNLOAD, .doit = nfc_genl_fw_download, .policy = nfc_genl_policy, + .flags = GENL_ADMIN_PERM, }, { .cmd = NFC_CMD_ENABLE_SE, .doit = nfc_genl_enable_se, .policy = nfc_genl_policy, + .flags = GENL_ADMIN_PERM, }, { .cmd = NFC_CMD_DISABLE_SE, .doit = nfc_genl_disable_se, .policy = nfc_genl_policy, + .flags = GENL_ADMIN_PERM, }, { .cmd = NFC_CMD_GET_SE, @@ -1749,21 +1760,25 @@ static const struct genl_ops nfc_genl_ops[] = { .cmd = NFC_CMD_SE_IO, .doit = nfc_genl_se_io, .policy = nfc_genl_policy, + .flags = GENL_ADMIN_PERM, }, { .cmd = NFC_CMD_ACTIVATE_TARGET, .doit = nfc_genl_activate_target, .policy = nfc_genl_policy, + .flags = GENL_ADMIN_PERM, }, { .cmd = NFC_CMD_VENDOR, .doit = nfc_genl_vendor_cmd, .policy = nfc_genl_policy, + .flags = GENL_ADMIN_PERM, }, { .cmd = NFC_CMD_DEACTIVATE_TARGET, .doit = nfc_genl_deactivate_target, .policy = nfc_genl_policy, + .flags = GENL_ADMIN_PERM, }, };