From 7012b9001a3ebf3231b41163e60c7b4c2e894c4e Mon Sep 17 00:00:00 2001
From: Thomas Haller <thaller@redhat.com>
Date: Thu, 12 May 2022 10:02:18 +0200
Subject: [PATCH] libnm: reject infiniband.p-key set to 0, 0x8000

Kernel does not allow this ([1], [2]).

Usually tightening the verification is a break of API. But in this case,
no user had a working configuration that is breaking. At worst, they
had a broken profile that no longer loads.

We also filter those from _infiniband_add_add_or_delete(), since [3].

[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/infiniband/ulp/ipoib/ipoib_main.c?id=f443e374ae131c168a065ea1748feac6b2e76613#n2394
[2] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/infiniband/ulp/ipoib/ipoib_vlan.c?id=f443e374ae131c168a065ea1748feac6b2e76613#n116
[3] https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/eab817d34a38227a79b10e9c52d450bb8c7fa907
---
 src/libnm-core-impl/nm-setting-infiniband.c | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/src/libnm-core-impl/nm-setting-infiniband.c b/src/libnm-core-impl/nm-setting-infiniband.c
index 6bd1956176..787b838b76 100644
--- a/src/libnm-core-impl/nm-setting-infiniband.c
+++ b/src/libnm-core-impl/nm-setting-infiniband.c
@@ -241,6 +241,14 @@ verify(NMSetting *setting, NMConnection *connection, GError **error)
             g_prefix_error(error, "%s: ", NM_SETTING_INFINIBAND_PARENT);
             return FALSE;
         }
+        if (NM_IN_SET(priv->p_key, 0, 0x8000)) {
+            g_set_error_literal(error,
+                                NM_CONNECTION_ERROR,
+                                NM_CONNECTION_ERROR_INVALID_PROPERTY,
+                                _("the values 0 and 0x8000 are not allowed"));
+            g_prefix_error(error, "%s: ", NM_SETTING_INFINIBAND_P_KEY);
+            return FALSE;
+        }
     }
 
     if (connection)