From: Christoph Hellwig <hch@lst.de>
To: "David S. Miller" <davem@davemloft.net>
Cc: Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Chas Williams <3chas3@gmail.com>,
Pablo Neira Ayuso <pablo@netfilter.org>,
Jozsef Kadlecsik <kadlec@netfilter.org>,
Florian Westphal <fw@strlen.de>,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
linux-kernel@vger.kernel.org, netdev@vger.kernel.org,
bpf@vger.kernel.org, netfilter-devel@vger.kernel.org,
linux-sctp@vger.kernel.org, linux-arch@vger.kernel.org,
linux-bluetooth@vger.kernel.org,
bridge@lists.linux-foundation.org, linux-can@vger.kernel.org,
dccp@vger.kernel.org, linux-wpan@vger.kernel.org,
mptcp@lists.01.org
Subject: [PATCH 10/22] netfilter/ebtables: clean up compat {get,set}sockopt handling
Date: Fri, 17 Jul 2020 08:23:19 +0200 [thread overview]
Message-ID: <20200717062331.691152-11-hch@lst.de> (raw)
In-Reply-To: <20200717062331.691152-1-hch@lst.de>
Merge the native and compat {get,set}sockopt handlers using
in_compat_syscall(). Note that this required moving a fair
amout of code around to be done sanely.
Signed-off-by: Christoph Hellwig <hch@lst.de>
---
net/bridge/netfilter/ebtables.c | 214 +++++++++++++++-----------------
1 file changed, 98 insertions(+), 116 deletions(-)
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index c83ffe9121639c..fe13108af1f542 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -1451,86 +1451,6 @@ static int copy_everything_to_user(struct ebt_table *t, void __user *user,
ebt_entry_to_user, entries, tmp.entries);
}
-static int do_ebt_set_ctl(struct sock *sk,
- int cmd, void __user *user, unsigned int len)
-{
- int ret;
- struct net *net = sock_net(sk);
-
- if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
- return -EPERM;
-
- switch (cmd) {
- case EBT_SO_SET_ENTRIES:
- ret = do_replace(net, user, len);
- break;
- case EBT_SO_SET_COUNTERS:
- ret = update_counters(net, user, len);
- break;
- default:
- ret = -EINVAL;
- }
- return ret;
-}
-
-static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
-{
- int ret;
- struct ebt_replace tmp;
- struct ebt_table *t;
- struct net *net = sock_net(sk);
-
- if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
- return -EPERM;
-
- if (copy_from_user(&tmp, user, sizeof(tmp)))
- return -EFAULT;
-
- tmp.name[sizeof(tmp.name) - 1] = '\0';
-
- t = find_table_lock(net, tmp.name, &ret, &ebt_mutex);
- if (!t)
- return ret;
-
- switch (cmd) {
- case EBT_SO_GET_INFO:
- case EBT_SO_GET_INIT_INFO:
- if (*len != sizeof(struct ebt_replace)) {
- ret = -EINVAL;
- mutex_unlock(&ebt_mutex);
- break;
- }
- if (cmd == EBT_SO_GET_INFO) {
- tmp.nentries = t->private->nentries;
- tmp.entries_size = t->private->entries_size;
- tmp.valid_hooks = t->valid_hooks;
- } else {
- tmp.nentries = t->table->nentries;
- tmp.entries_size = t->table->entries_size;
- tmp.valid_hooks = t->table->valid_hooks;
- }
- mutex_unlock(&ebt_mutex);
- if (copy_to_user(user, &tmp, *len) != 0) {
- ret = -EFAULT;
- break;
- }
- ret = 0;
- break;
-
- case EBT_SO_GET_ENTRIES:
- case EBT_SO_GET_INIT_ENTRIES:
- ret = copy_everything_to_user(t, user, len, cmd);
- mutex_unlock(&ebt_mutex);
- break;
-
- default:
- mutex_unlock(&ebt_mutex);
- ret = -EINVAL;
- }
-
- return ret;
-}
-
#ifdef CONFIG_COMPAT
/* 32 bit-userspace compatibility definitions. */
struct compat_ebt_replace {
@@ -2314,28 +2234,6 @@ static int compat_update_counters(struct net *net, void __user *user,
hlp.num_counters, user, len);
}
-static int compat_do_ebt_set_ctl(struct sock *sk,
- int cmd, void __user *user, unsigned int len)
-{
- int ret;
- struct net *net = sock_net(sk);
-
- if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
- return -EPERM;
-
- switch (cmd) {
- case EBT_SO_SET_ENTRIES:
- ret = compat_do_replace(net, user, len);
- break;
- case EBT_SO_SET_COUNTERS:
- ret = compat_update_counters(net, user, len);
- break;
- default:
- ret = -EINVAL;
- }
- return ret;
-}
-
static int compat_do_ebt_get_ctl(struct sock *sk, int cmd,
void __user *user, int *len)
{
@@ -2344,14 +2242,6 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd,
struct ebt_table *t;
struct net *net = sock_net(sk);
- if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
- return -EPERM;
-
- /* try real handler in case userland supplied needed padding */
- if ((cmd == EBT_SO_GET_INFO ||
- cmd == EBT_SO_GET_INIT_INFO) && *len != sizeof(tmp))
- return do_ebt_get_ctl(sk, cmd, user, len);
-
if (copy_from_user(&tmp, user, sizeof(tmp)))
return -EFAULT;
@@ -2413,20 +2303,112 @@ static int compat_do_ebt_get_ctl(struct sock *sk, int cmd,
}
#endif
+static int do_ebt_get_ctl(struct sock *sk, int cmd, void __user *user, int *len)
+{
+ struct net *net = sock_net(sk);
+ struct ebt_replace tmp;
+ struct ebt_table *t;
+ int ret;
+
+ if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
+ return -EPERM;
+
+#ifdef CONFIG_COMPAT
+ /* try real handler in case userland supplied needed padding */
+ if (in_compat_syscall() &&
+ ((cmd != EBT_SO_GET_INFO && cmd != EBT_SO_GET_INIT_INFO) ||
+ *len != sizeof(tmp)))
+ return compat_do_ebt_get_ctl(sk, cmd, user, len);
+#endif
+
+ if (copy_from_user(&tmp, user, sizeof(tmp)))
+ return -EFAULT;
+
+ tmp.name[sizeof(tmp.name) - 1] = '\0';
+
+ t = find_table_lock(net, tmp.name, &ret, &ebt_mutex);
+ if (!t)
+ return ret;
+
+ switch (cmd) {
+ case EBT_SO_GET_INFO:
+ case EBT_SO_GET_INIT_INFO:
+ if (*len != sizeof(struct ebt_replace)) {
+ ret = -EINVAL;
+ mutex_unlock(&ebt_mutex);
+ break;
+ }
+ if (cmd == EBT_SO_GET_INFO) {
+ tmp.nentries = t->private->nentries;
+ tmp.entries_size = t->private->entries_size;
+ tmp.valid_hooks = t->valid_hooks;
+ } else {
+ tmp.nentries = t->table->nentries;
+ tmp.entries_size = t->table->entries_size;
+ tmp.valid_hooks = t->table->valid_hooks;
+ }
+ mutex_unlock(&ebt_mutex);
+ if (copy_to_user(user, &tmp, *len) != 0) {
+ ret = -EFAULT;
+ break;
+ }
+ ret = 0;
+ break;
+
+ case EBT_SO_GET_ENTRIES:
+ case EBT_SO_GET_INIT_ENTRIES:
+ ret = copy_everything_to_user(t, user, len, cmd);
+ mutex_unlock(&ebt_mutex);
+ break;
+
+ default:
+ mutex_unlock(&ebt_mutex);
+ ret = -EINVAL;
+ }
+
+ return ret;
+}
+
+static int do_ebt_set_ctl(struct sock *sk, int cmd, void __user *user,
+ unsigned int len)
+{
+ struct net *net = sock_net(sk);
+ int ret;
+
+ if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
+ return -EPERM;
+
+ switch (cmd) {
+ case EBT_SO_SET_ENTRIES:
+#ifdef CONFIG_COMPAT
+ if (in_compat_syscall())
+ ret = compat_do_replace(net, user, len);
+ else
+#endif
+ ret = do_replace(net, user, len);
+ break;
+ case EBT_SO_SET_COUNTERS:
+#ifdef CONFIG_COMPAT
+ if (in_compat_syscall())
+ ret = compat_update_counters(net, user, len);
+ else
+#endif
+ ret = update_counters(net, user, len);
+ break;
+ default:
+ ret = -EINVAL;
+ }
+ return ret;
+}
+
static struct nf_sockopt_ops ebt_sockopts = {
.pf = PF_INET,
.set_optmin = EBT_BASE_CTL,
.set_optmax = EBT_SO_SET_MAX + 1,
.set = do_ebt_set_ctl,
-#ifdef CONFIG_COMPAT
- .compat_set = compat_do_ebt_set_ctl,
-#endif
.get_optmin = EBT_BASE_CTL,
.get_optmax = EBT_SO_GET_MAX + 1,
.get = do_ebt_get_ctl,
-#ifdef CONFIG_COMPAT
- .compat_get = compat_do_ebt_get_ctl,
-#endif
.owner = THIS_MODULE,
};
--
2.27.0
next prev parent reply other threads:[~2020-07-17 6:26 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-17 6:23 sockopt cleanups Christoph Hellwig
2020-07-17 6:23 ` [PATCH 01/22] net/atm: remove the atmdev_ops {get,set}sockopt methods Christoph Hellwig
2020-07-17 6:23 ` [PATCH 02/22] net: streamline __sys_setsockopt Christoph Hellwig
2020-07-17 6:23 ` [PATCH 03/22] net: streamline __sys_getsockopt Christoph Hellwig
2020-07-17 6:23 ` [PATCH 04/22] net: simplify cBPF setsockopt compat handling Christoph Hellwig
2020-07-17 6:23 ` [PATCH 05/22] net: remove compat_sock_common_{get,set}sockopt Christoph Hellwig
2020-07-17 9:18 ` [MPTCP] " Matthieu Baerts
2020-07-17 9:26 ` Stefan Schmidt
2020-07-17 6:23 ` [PATCH 06/22] net: remove compat_sys_{get,set}sockopt Christoph Hellwig
2020-07-17 6:23 ` [PATCH 07/22] netfilter/arp_tables: clean up compat {get,set}sockopt handling Christoph Hellwig
2020-07-17 6:23 ` [PATCH 08/22] netfilter/ip_tables: " Christoph Hellwig
2020-07-17 6:23 ` [PATCH 09/22] netfilter/ip6_tables: " Christoph Hellwig
2020-07-17 6:23 ` Christoph Hellwig [this message]
2020-07-17 6:23 ` [PATCH 11/22] netfilter: remove the compat_{get,set} methods Christoph Hellwig
2020-07-17 6:23 ` [PATCH 12/22] netfilter: remove the compat argument to xt_copy_counters_from_user Christoph Hellwig
2020-07-17 6:23 ` [PATCH 13/22] netfilter: split nf_sockopt Christoph Hellwig
2020-07-17 6:23 ` [PATCH 14/22] net/ipv4: factor out MCAST_MSFILTER getsockopt helpers Christoph Hellwig
2020-07-17 6:23 ` [PATCH 15/22] net/ipv4: factor out MCAST_MSFILTER setsockopt helpers Christoph Hellwig
2020-07-17 6:23 ` [PATCH 16/22] net/ipv4: factor out mcast join/leave " Christoph Hellwig
2020-07-17 6:23 ` [PATCH 17/22] net/ipv4: remove compat_ip_{get,set}sockopt Christoph Hellwig
2020-07-17 6:23 ` [PATCH 18/22] net/ipv6: factor out MCAST_MSFILTER getsockopt helpers Christoph Hellwig
2020-07-17 6:23 ` [PATCH 19/22] net/ipv6: factor out MCAST_MSFILTER setsockopt helpers Christoph Hellwig
2020-07-17 6:23 ` [PATCH 20/22] net/ipv6: factor out mcast join/leave " Christoph Hellwig
2020-07-17 6:23 ` [PATCH 21/22] net/ipv6: remove compat_ipv6_{get,set}sockopt Christoph Hellwig
2020-07-17 6:23 ` [PATCH 22/22] net: make ->{get,set}sockopt in proto_ops optional Christoph Hellwig
2020-07-17 8:01 ` Marc Kleine-Budde
2020-07-20 1:16 ` sockopt cleanups David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200717062331.691152-11-hch@lst.de \
--to=hch@lst.de \
--cc=3chas3@gmail.com \
--cc=ast@kernel.org \
--cc=bpf@vger.kernel.org \
--cc=bridge@lists.linux-foundation.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dccp@vger.kernel.org \
--cc=fw@strlen.de \
--cc=kadlec@netfilter.org \
--cc=kuznet@ms2.inr.ac.ru \
--cc=linux-arch@vger.kernel.org \
--cc=linux-bluetooth@vger.kernel.org \
--cc=linux-can@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-sctp@vger.kernel.org \
--cc=linux-wpan@vger.kernel.org \
--cc=mptcp@lists.01.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
--cc=yoshfuji@linux-ipv6.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).