From: Nikolay Aleksandrov Date: Sun, 11 Oct 2015 10:49:56 +0000 (+0200) Subject: bridge: vlan: enforce no pvid flag in vlan ranges X-Git-Tag: firefly_0821_release~176^2~818^2~149 X-Git-Url: http://demsky.eecs.uci.edu/git/?a=commitdiff_plain;h=6623c60dc28ee966cd85c6f12aa2fc3c952d0179;p=firefly-linux-kernel-4.4.55.git bridge: vlan: enforce no pvid flag in vlan ranges Currently it's possible for someone to send a vlan range to the kernel with the pvid flag set which will result in the pvid bouncing from a vlan to vlan and isn't correct, it also introduces problems for hardware where it doesn't make sense having more than 1 pvid. iproute2 already enforces this, so let's enforce it on kernel-side as well. Reported-by: Elad Raz Signed-off-by: Nikolay Aleksandrov Acked-by: Jiri Pirko Signed-off-by: David S. Miller --- diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c index 544ab966d477..d792d1a848ad 100644 --- a/net/bridge/br_netlink.c +++ b/net/bridge/br_netlink.c @@ -524,6 +524,9 @@ static int br_afspec(struct net_bridge *br, if (vinfo_start) return -EINVAL; vinfo_start = vinfo; + /* don't allow range of pvids */ + if (vinfo_start->flags & BRIDGE_VLAN_INFO_PVID) + return -EINVAL; continue; }