diff options
| author | Alok Tiwari <alok.a.tiwari@oracle.com> | 2025-09-05 06:57:27 -0700 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2025-09-19 16:35:48 +0200 |
| commit | 98c9d884047a3051c203708914a874dece3cbe54 (patch) | |
| tree | 2cbeb9e823b3d268e52210af9e74a1a52e0d26d1 /include/net/aligned_data.h | |
| parent | 4fe53aaa4271a72fe5fe3e88a45ce01646b68dc5 (diff) | |
genetlink: fix genl_bind() invoking bind() after -EPERM
[ Upstream commit 1dbfb0363224f6da56f6655d596dc5097308d6f5 ]
Per family bind/unbind callbacks were introduced to allow families
to track multicast group consumer presence, e.g. to start or stop
producing events depending on listeners.
However, in genl_bind() the bind() callback was invoked even if
capability checks failed and ret was set to -EPERM. This means that
callbacks could run on behalf of unauthorized callers while the
syscall still returned failure to user space.
Fix this by only invoking bind() after "if (ret) break;" check
i.e. after permission checks have succeeded.
Fixes: 3de21a8990d3 ("genetlink: Add per family bind/unbind callbacks")
Signed-off-by: Alok Tiwari <alok.a.tiwari@oracle.com>
Link: https://patch.msgid.link/20250905135731.3026965-1-alok.a.tiwari@oracle.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'include/net/aligned_data.h')
0 files changed, 0 insertions, 0 deletions