1 files changed, 7 insertions, 3 deletions

diff --git a/drivers/net/ipvlan/ipvlan_main.c b/drivers/net/ipvlan/ipvlan_main.c
index 19bdde60680c..07e41c42bcf5 100644
--- a/drivers/net/ipvlan/ipvlan_main.c
+++ b/drivers/net/ipvlan/ipvlan_main.c
@@ -100,12 +100,12 @@ static int ipvlan_set_port_mode(struct ipvl_port *port, u16 nval,
                         err = ipvlan_register_nf_hook(read_pnet(&port->pnet));
                         if (!err) {
                                 mdev->l3mdev_ops = &ipvl_l3mdev_ops;
-                                mdev->priv_flags |= IFF_L3MDEV_MASTER;
+                                mdev->priv_flags |= IFF_L3MDEV_RX_HANDLER;
                         } else
                                 goto fail;
                 } else if (port->mode == IPVLAN_MODE_L3S) {
                         /* Old mode was L3S */
-                        mdev->priv_flags &= ~IFF_L3MDEV_MASTER;
+                        mdev->priv_flags &= ~IFF_L3MDEV_RX_HANDLER;
                         ipvlan_unregister_nf_hook(read_pnet(&port->pnet));
                         mdev->l3mdev_ops = NULL;
                 }
@@ -167,7 +167,7 @@ static void ipvlan_port_destroy(struct net_device *dev)
         struct sk_buff *skb;
 
         if (port->mode == IPVLAN_MODE_L3S) {
-                dev->priv_flags &= ~IFF_L3MDEV_MASTER;
+                dev->priv_flags &= ~IFF_L3MDEV_RX_HANDLER;
                 ipvlan_unregister_nf_hook(dev_net(dev));
                 dev->l3mdev_ops = NULL;
         }
@@ -499,6 +499,8 @@ static int ipvlan_nl_changelink(struct net_device *dev,
 
         if (!data)
                 return 0;
+        if (!ns_capable(dev_net(ipvlan->phy_dev)->user_ns, CAP_NET_ADMIN))
+                return -EPERM;
 
         if (data[IFLA_IPVLAN_MODE]) {
                 u16 nmode = nla_get_u16(data[IFLA_IPVLAN_MODE]);
@@ -601,6 +603,8 @@ int ipvlan_link_new(struct net *src_net, struct net_device *dev,
                 struct ipvl_dev *tmp = netdev_priv(phy_dev);
 
                 phy_dev = tmp->phy_dev;
+                if (!ns_capable(dev_net(phy_dev)->user_ns, CAP_NET_ADMIN))
+                        return -EPERM;
         } else if (!netif_is_ipvlan_port(phy_dev)) {
                 /* Exit early if the underlying link is invalid or busy */
                 if (phy_dev->type != ARPHRD_ETHER ||