tipc: fix message importance range check

Commit 3b4f302d8578 ("tipc: eliminate
redundant locking") introduced a bug by removing the sanity check
for message importance, allowing programs to assign any value to
the msg_user field. This will mess up the packet reception logic
and may cause random link resets.

Signed-off-by: Erik Hugne <erik.hugne@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

2 files changed, 4 insertions, 2 deletions

diff --git a/net/tipc/port.h b/net/tipc/port.h
index 3f93454592b6..a69118ff018b 100644
--- a/net/tipc/port.h
+++ b/net/tipc/port.h
@@ -179,8 +179,10 @@ static inline int tipc_port_importance(struct tipc_port *port)
         return msg_importance(&port->phdr);
 }
 
-static inline void tipc_port_set_importance(struct tipc_port *port, int imp)
+static inline int tipc_port_set_importance(struct tipc_port *port, int imp)
 {
+        if (imp > TIPC_CRITICAL_IMPORTANCE)
+                return -EINVAL
         msg_set_importance(&port->phdr, (u32)imp);
 }
 
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 7d423ee10897..ff8c8118d56e 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -1973,7 +1973,7 @@ static int tipc_setsockopt(struct socket *sock, int lvl, int opt,
 
         switch (opt) {
         case TIPC_IMPORTANCE:
-                tipc_port_set_importance(port, value);
+                res = tipc_port_set_importance(port, value);
                 break;
         case TIPC_SRC_DROPPABLE:
                 if (sock->type != SOCK_STREAM)