Commit 98c9d884 authored Sep 05, 2025 by Alok Tiwari Committed by Greg Kroah-Hartman Sep 19, 2025

genetlink: fix genl_bind() invoking bind() after -EPERM



[ Upstream commit 1dbfb036 ]

Per family bind/unbind callbacks were introduced to allow families
to track multicast group consumer presence, e.g. to start or stop
producing events depending on listeners.

However, in genl_bind() the bind() callback was invoked even if
capability checks failed and ret was set to -EPERM. This means that
callbacks could run on behalf of unauthorized callers while the
syscall still returned failure to user space.

Fix this by only invoking bind() after "if (ret) break;" check
i.e. after permission checks have succeeded.

Fixes: 3de21a89 ("genetlink: Add per family bind/unbind callbacks")
Signed-off-by: Alok Tiwari <alok.a.tiwari@oracle.com>
Link: https://patch.msgid.link/20250905135731.3026965-1-alok.a.tiwari@oracle.com


Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 4fe53aaa

Show whitespace changes

Inline Side-by-side

CodeLinaro @codelinaro
mentioned in commit a34fd739
· Nov 05, 2025

mentioned in commit a34fd739

mentioned in commit a34fd73937bb6e8b14551acc04bec53239d354f7

Toggle commit list
CodeLinaro @codelinaro
mentioned in commit bdc81b76
· Nov 05, 2025

mentioned in commit bdc81b76

mentioned in commit bdc81b76cc3e91b2a805bff546c72244ef2504fd

Toggle commit list

Please to comment