Commit b06d072c authored by Willem de Bruijn's avatar Willem de Bruijn Committed by David S. Miller
Browse files

macsec: restrict to ethernet devices 



Only attach macsec to ethernet devices.

Syzbot was able to trigger a KMSAN warning in macsec_handle_frame
by attaching to a phonet device.

Macvlan has a similar check in macvlan_port_create.

v1->v2
  - fix commit message typo

Reported-by: default avatarsyzbot <syzkaller@googlegroups.com>
Signed-off-by: default avatarWillem de Bruijn <willemb@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 55b474c4

drivers/net/macsec.c

+3 −0
Original line number Diff line number Diff line
@@ -19,6 +19,7 @@ 
#include <net/gro_cells.h>

#include <net/macsec.h>

#include <linux/phy.h>

#include <linux/if_arp.h>



#include <uapi/linux/if_macsec.h>
@@ -3665,6 +3666,8 @@ static int macsec_newlink(struct net *net, struct net_device *dev, 
	real_dev = __dev_get_by_index(net, nla_get_u32(tb[IFLA_LINK]));

	if (!real_dev)

		return -ENODEV;

	if (real_dev->type != ARPHRD_ETHER)

		return -EINVAL;



	dev->priv_flags |= IFF_MACSEC;

CRA Git | Maintained and supported by SUSTech CRA and CCSE