xfrm: interface with if_id 0 should return error

[ Upstream commit 8dce43919566f06e865f7e8949f5c10d8c2493f5 ]

xfrm interface if_id = 0 would cause xfrm policy lookup errors since
Commit 9f8550e4bd9d.

Now explicitly fail to create an xfrm interface when if_id = 0

With this commit:
 ip link add ipsec0  type xfrm dev lo  if_id 0
 Error: if_id must be non zero.

v1->v2 change:
 - add Fixes: tag

Fixes: 9f8550e4bd9d ("xfrm: fix disable_xfrm sysctl when used on xfrm interfaces")
Signed-off-by: Antony Antony <antony.antony@secunet.com>
Reviewed-by: Eyal Birger <eyal.birger@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/xfrm/xfrm_interface.c b/net/xfrm/xfrm_interface.c
index 41de46b..57448fc 100644 (file)
--- a/net/xfrm/xfrm_interface.c
+++ b/net/xfrm/xfrm_interface.c
@@ -637,11 +637,16 @@ static int xfrmi_newlink(struct net *src_net, struct net_device *dev,
                        struct netlink_ext_ack *extack)
 {
        struct net *net = dev_net(dev);
-       struct xfrm_if_parms p;
+       struct xfrm_if_parms p = {};
        struct xfrm_if *xi;
        int err;
 
        xfrmi_netlink_parms(data, &p);
+       if (!p.if_id) {
+               NL_SET_ERR_MSG(extack, "if_id must be non zero");
+               return -EINVAL;
+       }
+
        xi = xfrmi_locate(net, &p);
        if (xi)
                return -EEXIST;
@@ -666,7 +671,12 @@ static int xfrmi_changelink(struct net_device *dev, struct nlattr *tb[],
 {
        struct xfrm_if *xi = netdev_priv(dev);
        struct net *net = xi->net;
-       struct xfrm_if_parms p;
+       struct xfrm_if_parms p = {};
+
+       if (!p.if_id) {
+               NL_SET_ERR_MSG(extack, "if_id must be non zero");
+               return -EINVAL;
+       }
 
        xfrmi_netlink_parms(data, &p);
        xi = xfrmi_locate(net, &p);