bridge: vlan: enforce no pvid flag in vlan ranges

Currently it's possible for someone to send a vlan range to the kernel
with the pvid flag set which will result in the pvid bouncing from a
vlan to vlan and isn't correct, it also introduces problems for hardware
where it doesn't make sense having more than 1 pvid. iproute2 already
enforces this, so let's enforce it on kernel-side as well.

Reported-by: Elad Raz <eladr@mellanox.com>
Signed-off-by: Nikolay Aleksandrov <nikolay@cumulusnetworks.com>
Acked-by: Jiri Pirko <jiri@mellanox.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Nikolay Aleksandrov 2015-10-11 12:49:56 +02:00 committed by David S. Miller
parent cbb41b91e6
commit 6623c60dc2
1 changed files with 3 additions and 0 deletions

View File

@ -524,6 +524,9 @@ static int br_afspec(struct net_bridge *br,
if (vinfo_start) if (vinfo_start)
return -EINVAL; return -EINVAL;
vinfo_start = vinfo; vinfo_start = vinfo;
/* don't allow range of pvids */
if (vinfo_start->flags & BRIDGE_VLAN_INFO_PVID)
return -EINVAL;
continue; continue;
} }