genetlink: fix genl_bind() invoking bind() after -EPERM

Per family bind/unbind callbacks were introduced to allow families to track multicast group consumer presence, e.g. to start or stop producing events depending on listeners. However, in genl_bind() the bind() callback was invoked even if capability checks failed and ret was set to -EPERM. This means that callbacks could run on behalf of unauthorized callers while the syscall still returned failure to user space. Fix this by only invoking bind() after "if (ret) break;" check i.e. after permission checks have succeeded. Fixes: 3de21a8990d3 ("genetlink: Add per family bind/unbind callbacks") Signed-off-by: Alok Tiwari <alok.a.tiwari@oracle.com> Link: https://patch.msgid.link/20250905135731.3026965-1-alok.a.tiwari@oracle.com Signed-off-by: Jakub Kicinski <kuba@kernel.org>
author: Alok Tiwari <alok.a.tiwari@oracle.com> 2025-09-05 06:57:27 -0700
committer: Jakub Kicinski <kuba@kernel.org> 2025-09-08 17:50:36 -0700
commit: 1dbfb0363224f6da56f6655d596dc5097308d6f5 (patch)
tree: f454799d23cdc482f42d6622e967b9f1a2996864
parent: e2a10daba84968f6b5777d150985fd7d6abc9c84 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
index 104732d34543..978c129c6095 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -1836,6 +1836,9 @@ static int genl_bind(struct net *net, int group)
 		    !ns_capable(net->user_ns, CAP_SYS_ADMIN))
 			ret = -EPERM;
 
+		if (ret)
+			break;
+
 		if (family->bind)
 			family->bind(i);
author	Alok Tiwari <alok.a.tiwari@oracle.com>	2025-09-05 06:57:27 -0700
committer	Jakub Kicinski <kuba@kernel.org>	2025-09-08 17:50:36 -0700
commit	1dbfb0363224f6da56f6655d596dc5097308d6f5 (patch)
tree	f454799d23cdc482f42d6622e967b9f1a2996864
parent	e2a10daba84968f6b5777d150985fd7d6abc9c84 (diff)