net, neigh: Add build-time assertion to avoid neigh->flags overflow

Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2193175

commit 507c2f1
Author: Daniel Borkmann <daniel@iogearbox.net>
Date:   Wed Oct 13 15:21:38 2021 +0200

    net, neigh: Add build-time assertion to avoid neigh->flags overflow

    Currently, NDA_FLAGS_EXT flags allow a maximum of 24 bits to be used for
    extended neighbor flags. These are eventually fed into neigh->flags by
    shifting with NTF_EXT_SHIFT as per commit 2c611ad ("net, neigh:
    Extend neigh->flags to 32 bit to allow for extensions").

    If really ever needed in future, the full 32 bits from NDA_FLAGS_EXT can
    be used, it would only require to move neigh->flags from u32 to u64 inside
    the kernel.

    Add a build-time assertion such that when extending the NTF_EXT_MASK with
    new bits, we'll trigger an error once we surpass the 24th bit. This assumes
    that no bit holes in new NTF_EXT_* flags will slip in from UAPI, but I
    think this is reasonable to assume.

    Suggested-by: David Ahern <dsahern@kernel.org>
    Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
    Reviewed-by: David Ahern <dsahern@kernel.org>
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Signed-off-by: Ivan Vecera <ivecera@redhat.com>

Author: ivecera

net/core/neighbour.c

@@ -1939,6 +1939,9 @@ static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh,
 			NL_SET_ERR_MSG(extack, "Invalid extended flags");
 			goto out;
 		}
+		BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE <
+			     (sizeof(ndm->ndm_flags) * BITS_PER_BYTE +
+			      hweight32(NTF_EXT_MASK)));
 		ndm_flags |= (ext << NTF_EXT_SHIFT);
 	}
 	if (ndm->ndm_ifindex) {