| br_ioctl.c (94bd217e2d683719ab21a4ac117d8a1b91cbedc9) | br_ioctl.c (cb99050305f0ffed0d0ee0d95f1d6645af4d3237) |
|---|---|
| 1/* 2 * Ioctl handler 3 * Linux ethernet bridge 4 * 5 * Authors: 6 * Lennert Buytenhek <buytenh@gnu.org> 7 * 8 * This program is free software; you can redistribute it and/or --- 71 unchanged lines hidden (view full) --- 80 kfree(buf); 81 82 return num; 83} 84 85/* called with RTNL */ 86static int add_del_if(struct net_bridge *br, int ifindex, int isadd) 87{ | 1/* 2 * Ioctl handler 3 * Linux ethernet bridge 4 * 5 * Authors: 6 * Lennert Buytenhek <buytenh@gnu.org> 7 * 8 * This program is free software; you can redistribute it and/or --- 71 unchanged lines hidden (view full) --- 80 kfree(buf); 81 82 return num; 83} 84 85/* called with RTNL */ 86static int add_del_if(struct net_bridge *br, int ifindex, int isadd) 87{ |
| 88 struct net *net = dev_net(br->dev); |
|
| 88 struct net_device *dev; 89 int ret; 90 | 89 struct net_device *dev; 90 int ret; 91 |
| 91 if (!capable(CAP_NET_ADMIN)) | 92 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) |
| 92 return -EPERM; 93 | 93 return -EPERM; 94 |
| 94 dev = __dev_get_by_index(dev_net(br->dev), ifindex); | 95 dev = __dev_get_by_index(net, ifindex); |
| 95 if (dev == NULL) 96 return -EINVAL; 97 98 if (isadd) 99 ret = br_add_if(br, dev); 100 else 101 ret = br_del_if(br, dev); 102 --- 70 unchanged lines hidden (view full) --- 173 get_port_ifindices(br, indices, num); 174 if (copy_to_user((void __user *)args[1], indices, num*sizeof(int))) 175 num = -EFAULT; 176 kfree(indices); 177 return num; 178 } 179 180 case BRCTL_SET_BRIDGE_FORWARD_DELAY: | 96 if (dev == NULL) 97 return -EINVAL; 98 99 if (isadd) 100 ret = br_add_if(br, dev); 101 else 102 ret = br_del_if(br, dev); 103 --- 70 unchanged lines hidden (view full) --- 174 get_port_ifindices(br, indices, num); 175 if (copy_to_user((void __user *)args[1], indices, num*sizeof(int))) 176 num = -EFAULT; 177 kfree(indices); 178 return num; 179 } 180 181 case BRCTL_SET_BRIDGE_FORWARD_DELAY: |
| 181 if (!capable(CAP_NET_ADMIN)) | 182 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) |
| 182 return -EPERM; 183 184 return br_set_forward_delay(br, args[1]); 185 186 case BRCTL_SET_BRIDGE_HELLO_TIME: | 183 return -EPERM; 184 185 return br_set_forward_delay(br, args[1]); 186 187 case BRCTL_SET_BRIDGE_HELLO_TIME: |
| 187 if (!capable(CAP_NET_ADMIN)) | 188 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) |
| 188 return -EPERM; 189 190 return br_set_hello_time(br, args[1]); 191 192 case BRCTL_SET_BRIDGE_MAX_AGE: | 189 return -EPERM; 190 191 return br_set_hello_time(br, args[1]); 192 193 case BRCTL_SET_BRIDGE_MAX_AGE: |
| 193 if (!capable(CAP_NET_ADMIN)) | 194 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) |
| 194 return -EPERM; 195 196 return br_set_max_age(br, args[1]); 197 198 case BRCTL_SET_AGEING_TIME: | 195 return -EPERM; 196 197 return br_set_max_age(br, args[1]); 198 199 case BRCTL_SET_AGEING_TIME: |
| 199 if (!capable(CAP_NET_ADMIN)) | 200 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) |
| 200 return -EPERM; 201 202 br->ageing_time = clock_t_to_jiffies(args[1]); 203 return 0; 204 205 case BRCTL_GET_PORT_INFO: 206 { 207 struct __port_info p; --- 23 unchanged lines hidden (view full) --- 231 232 if (copy_to_user((void __user *)args[1], &p, sizeof(p))) 233 return -EFAULT; 234 235 return 0; 236 } 237 238 case BRCTL_SET_BRIDGE_STP_STATE: | 201 return -EPERM; 202 203 br->ageing_time = clock_t_to_jiffies(args[1]); 204 return 0; 205 206 case BRCTL_GET_PORT_INFO: 207 { 208 struct __port_info p; --- 23 unchanged lines hidden (view full) --- 232 233 if (copy_to_user((void __user *)args[1], &p, sizeof(p))) 234 return -EFAULT; 235 236 return 0; 237 } 238 239 case BRCTL_SET_BRIDGE_STP_STATE: |
| 239 if (!capable(CAP_NET_ADMIN)) | 240 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) |
| 240 return -EPERM; 241 242 br_stp_set_enabled(br, args[1]); 243 return 0; 244 245 case BRCTL_SET_BRIDGE_PRIORITY: | 241 return -EPERM; 242 243 br_stp_set_enabled(br, args[1]); 244 return 0; 245 246 case BRCTL_SET_BRIDGE_PRIORITY: |
| 246 if (!capable(CAP_NET_ADMIN)) | 247 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) |
| 247 return -EPERM; 248 249 spin_lock_bh(&br->lock); 250 br_stp_set_bridge_priority(br, args[1]); 251 spin_unlock_bh(&br->lock); 252 return 0; 253 254 case BRCTL_SET_PORT_PRIORITY: 255 { 256 struct net_bridge_port *p; 257 int ret; 258 | 248 return -EPERM; 249 250 spin_lock_bh(&br->lock); 251 br_stp_set_bridge_priority(br, args[1]); 252 spin_unlock_bh(&br->lock); 253 return 0; 254 255 case BRCTL_SET_PORT_PRIORITY: 256 { 257 struct net_bridge_port *p; 258 int ret; 259 |
| 259 if (!capable(CAP_NET_ADMIN)) | 260 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) |
| 260 return -EPERM; 261 262 spin_lock_bh(&br->lock); 263 if ((p = br_get_port(br, args[1])) == NULL) 264 ret = -EINVAL; 265 else 266 ret = br_stp_set_port_priority(p, args[2]); 267 spin_unlock_bh(&br->lock); 268 return ret; 269 } 270 271 case BRCTL_SET_PATH_COST: 272 { 273 struct net_bridge_port *p; 274 int ret; 275 | 261 return -EPERM; 262 263 spin_lock_bh(&br->lock); 264 if ((p = br_get_port(br, args[1])) == NULL) 265 ret = -EINVAL; 266 else 267 ret = br_stp_set_port_priority(p, args[2]); 268 spin_unlock_bh(&br->lock); 269 return ret; 270 } 271 272 case BRCTL_SET_PATH_COST: 273 { 274 struct net_bridge_port *p; 275 int ret; 276 |
| 276 if (!capable(CAP_NET_ADMIN)) | 277 if (!ns_capable(dev_net(dev)->user_ns, CAP_NET_ADMIN)) |
| 277 return -EPERM; 278 279 spin_lock_bh(&br->lock); 280 if ((p = br_get_port(br, args[1])) == NULL) 281 ret = -EINVAL; 282 else 283 ret = br_stp_set_path_cost(p, args[2]); 284 spin_unlock_bh(&br->lock); --- 40 unchanged lines hidden (view full) --- 325 return ret; 326 } 327 328 case BRCTL_ADD_BRIDGE: 329 case BRCTL_DEL_BRIDGE: 330 { 331 char buf[IFNAMSIZ]; 332 | 278 return -EPERM; 279 280 spin_lock_bh(&br->lock); 281 if ((p = br_get_port(br, args[1])) == NULL) 282 ret = -EINVAL; 283 else 284 ret = br_stp_set_path_cost(p, args[2]); 285 spin_unlock_bh(&br->lock); --- 40 unchanged lines hidden (view full) --- 326 return ret; 327 } 328 329 case BRCTL_ADD_BRIDGE: 330 case BRCTL_DEL_BRIDGE: 331 { 332 char buf[IFNAMSIZ]; 333 |
| 333 if (!capable(CAP_NET_ADMIN)) | 334 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) |
| 334 return -EPERM; 335 336 if (copy_from_user(buf, (void __user *)args[1], IFNAMSIZ)) 337 return -EFAULT; 338 339 buf[IFNAMSIZ-1] = 0; 340 341 if (args[0] == BRCTL_ADD_BRIDGE) --- 13 unchanged lines hidden (view full) --- 355 case SIOCSIFBR: 356 return old_deviceless(net, uarg); 357 358 case SIOCBRADDBR: 359 case SIOCBRDELBR: 360 { 361 char buf[IFNAMSIZ]; 362 | 335 return -EPERM; 336 337 if (copy_from_user(buf, (void __user *)args[1], IFNAMSIZ)) 338 return -EFAULT; 339 340 buf[IFNAMSIZ-1] = 0; 341 342 if (args[0] == BRCTL_ADD_BRIDGE) --- 13 unchanged lines hidden (view full) --- 356 case SIOCSIFBR: 357 return old_deviceless(net, uarg); 358 359 case SIOCBRADDBR: 360 case SIOCBRDELBR: 361 { 362 char buf[IFNAMSIZ]; 363 |
| 363 if (!capable(CAP_NET_ADMIN)) | 364 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) |
| 364 return -EPERM; 365 366 if (copy_from_user(buf, uarg, IFNAMSIZ)) 367 return -EFAULT; 368 369 buf[IFNAMSIZ-1] = 0; 370 if (cmd == SIOCBRADDBR) 371 return br_add_bridge(net, buf); --- 24 unchanged lines hidden --- | 365 return -EPERM; 366 367 if (copy_from_user(buf, uarg, IFNAMSIZ)) 368 return -EFAULT; 369 370 buf[IFNAMSIZ-1] = 0; 371 if (cmd == SIOCBRADDBR) 372 return br_add_bridge(net, buf); --- 24 unchanged lines hidden --- |