git.baikalelectronics.ru Git - kernel.git/commit

author	Eugene Syromiatnikov <esyr@redhat.com>
	Sun, 12 Sep 2021 12:22:34 +0000 (14:22 +0200)
committer	Steffen Klassert <steffen.klassert@secunet.com>
	Tue, 14 Sep 2021 08:31:35 +0000 (10:31 +0200)
commit	a66f0470760c0e5a3dc7534b683199ad0d70ecc2
tree	eaf192e17d2a8ffab56001de13d31d163bf3664d	tree \| snapshot
parent	f5c8254fe299c04d15483c145720985e2a857f26	commit \| diff

include/uapi/linux/xfrm.h: Fix XFRM_MSG_MAPPING ABI breakage

Commit 2623135c3771 ("xfrm: Add possibility to set the default to block
if we have no policy") broke ABI by changing the value of the XFRM_MSG_MAPPING
enum item, thus also evading the build-time check
in security/selinux/nlmsgtab.c:selinux_nlmsg_lookup for presence of proper
security permission checks in nlmsg_xfrm_perms. Fix it by placing
XFRM_MSG_SETDEFAULT/XFRM_MSG_GETDEFAULT to the end of the enum, right before
__XFRM_MSG_MAX, and updating the nlmsg_xfrm_perms accordingly.

Fixes: 2623135c3771 ("xfrm: Add possibility to set the default to block if we have no policy")
References: https://lore.kernel.org/netdev/20210901151402.GA2557@altlinux.org/
Signed-off-by: Eugene Syromiatnikov <esyr@redhat.com>
Acked-by: Antony Antony <antony.antony@secunet.com>
Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>

include/uapi/linux/xfrm.h		diff \| blob \| history
security/selinux/nlmsgtab.c		diff \| blob \| history