From: Santosh Shilimkar <santosh.shilimkar@oracle.com>
Date: Thu, 15 Dec 2016 21:12:16 +0000 (-0800)
Subject: RDS: restrict socket connection reset to CAP_NET_ADMIN
X-Git-Tag: v4.1.12-92~19^2~1
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=7692cb81d72fc94380e9984e002edfee3d3aeea0;p=users%2Fjedix%2Flinux-maple.git

RDS: restrict socket connection reset to CAP_NET_ADMIN

Normal users not suppose to need/have access to the transport
connection reset.

Orabug:25393611
Reviewed-by: Sowmini Varadhan <sowmini.varadhan@oracle.com>
Signed-off-by: Santosh Shilimkar <santosh.shilimkar@oracle.com>
---

diff --git a/net/rds/af_rds.c b/net/rds/af_rds.c
index 7843f0a0a4bd2..894b0b23831ed 100644
--- a/net/rds/af_rds.c
+++ b/net/rds/af_rds.c
@@ -440,6 +440,7 @@ static int rds_setsockopt(struct socket *sock, int level, int optname,
 			  char __user *optval, unsigned int optlen)
 {
 	struct rds_sock *rs = rds_sk_to_rs(sock->sk);
+	struct net *net = sock_net(sock->sk);
 	int ret;
 
 	if (level != SOL_RDS) {
@@ -467,6 +468,10 @@ static int rds_setsockopt(struct socket *sock, int level, int optname,
 		ret = rds_cong_monitor(rs, optval, optlen);
 		break;
 	case RDS_CONN_RESET:
+		if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) {
+			ret =  -EACCES;
+			break;
+		}
 		ret = rds_user_reset(rs, optval, optlen);
 		break;
 	case SO_RDS_TRANSPORT: