Commit b06d072c authored by Willem de Bruijn's avatar Willem de Bruijn Committed by David S. Miller

macsec: restrict to ethernet devices

Only attach macsec to ethernet devices.

Syzbot was able to trigger a KMSAN warning in macsec_handle_frame
by attaching to a phonet device.

Macvlan has a similar check in macvlan_port_create.

v1->v2
  - fix commit message typo
Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
Signed-off-by: default avatarWillem de Bruijn <willemb@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 55b474c4
...@@ -19,6 +19,7 @@ ...@@ -19,6 +19,7 @@
#include <net/gro_cells.h> #include <net/gro_cells.h>
#include <net/macsec.h> #include <net/macsec.h>
#include <linux/phy.h> #include <linux/phy.h>
#include <linux/if_arp.h>
#include <uapi/linux/if_macsec.h> #include <uapi/linux/if_macsec.h>
...@@ -3665,6 +3666,8 @@ static int macsec_newlink(struct net *net, struct net_device *dev, ...@@ -3665,6 +3666,8 @@ static int macsec_newlink(struct net *net, struct net_device *dev,
real_dev = __dev_get_by_index(net, nla_get_u32(tb[IFLA_LINK])); real_dev = __dev_get_by_index(net, nla_get_u32(tb[IFLA_LINK]));
if (!real_dev) if (!real_dev)
return -ENODEV; return -ENODEV;
if (real_dev->type != ARPHRD_ETHER)
return -EINVAL;
dev->priv_flags |= IFF_MACSEC; dev->priv_flags |= IFF_MACSEC;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment