From: Hannes Frederic Sowa <hannes@stressinduktion.org>
To: Huw Davies <huw@codeweavers.com>,
netdev@vger.kernel.org, linux-security-module@vger.kernel.org,
selinux@tycho.nsa.gov
Cc: Paul Moore <pmoore@redhat.com>
Subject: Re: [RFC PATCH 08/17] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.
Date: Tue, 22 Dec 2015 14:28:03 +0100 [thread overview]
Message-ID: <56794FE3.7050507@stressinduktion.org> (raw)
In-Reply-To: <1450784813-18304-9-git-send-email-huw@codeweavers.com>
On 22.12.2015 12:46, Huw Davies wrote:
> The functionality is equivalent to ipv6_renew_options() except
> that the newopt pointer is in kernel, not user, memory
>
> The kernel memory implementation will be used by the CALIPSO network
> labelling engine, which needs to be able to set IPv6 hop-by-hop
> options.
>
> Signed-off-by: Huw Davies <huw@codeweavers.com>
> ---
> include/net/ipv6.h | 6 +++
> net/ipv6/exthdrs.c | 131 ++++++++++++++++++++++++++++++++++++++++++++++++-----
> 2 files changed, 125 insertions(+), 12 deletions(-)
>
> diff --git a/include/net/ipv6.h b/include/net/ipv6.h
> index 9a5c9f0..5a72ffd 100644
> --- a/include/net/ipv6.h
> +++ b/include/net/ipv6.h
> @@ -304,6 +304,12 @@ struct ipv6_txoptions *ipv6_renew_options(struct sock *sk,
> int newtype,
> struct ipv6_opt_hdr __user *newopt,
> int newoptlen);
> +struct ipv6_txoptions *
> +ipv6_renew_options_kern(struct sock *sk,
> + struct ipv6_txoptions *opt,
> + int newtype,
> + struct ipv6_opt_hdr *newopt,
> + int newoptlen);
> struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
> struct ipv6_txoptions *opt);
>
> diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c
> index ea7c4d6..9426b26 100644
> --- a/net/ipv6/exthdrs.c
> +++ b/net/ipv6/exthdrs.c
> @@ -734,11 +734,16 @@ ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt)
> EXPORT_SYMBOL_GPL(ipv6_dup_options);
>
> static int ipv6_renew_option(void *ohdr,
> - struct ipv6_opt_hdr __user *newopt, int newoptlen,
> + struct ipv6_opt_hdr __user *newopt_user,
> + struct ipv6_opt_hdr *newopt,
> + int newoptlen,
> int inherit,
> struct ipv6_opt_hdr **hdr,
> char **p)
This looks quite ugly to me.
Wouldn't it be possible to do something like this:
ipv6_renew_option_kern(...)
{
int ret;
const mm_segment_t old_fs = get_fs();
set_fs(KERNEL_DS);
ret = ipv6_renew_option(...); // maybe you need to forcefully cast the
user away here
set_fs(old_fs);
return ret;
}
Bye,
Hannes
WARNING: multiple messages have this Message-ID (diff)
From: Hannes Frederic Sowa <hannes@stressinduktion.org>
To: Huw Davies <huw@codeweavers.com>,
netdev@vger.kernel.org, linux-security-module@vger.kernel.org,
selinux@tycho.nsa.gov
Subject: Re: [RFC PATCH 08/17] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.
Date: Tue, 22 Dec 2015 14:28:03 +0100 [thread overview]
Message-ID: <56794FE3.7050507@stressinduktion.org> (raw)
In-Reply-To: <1450784813-18304-9-git-send-email-huw@codeweavers.com>
On 22.12.2015 12:46, Huw Davies wrote:
> The functionality is equivalent to ipv6_renew_options() except
> that the newopt pointer is in kernel, not user, memory
>
> The kernel memory implementation will be used by the CALIPSO network
> labelling engine, which needs to be able to set IPv6 hop-by-hop
> options.
>
> Signed-off-by: Huw Davies <huw@codeweavers.com>
> ---
> include/net/ipv6.h | 6 +++
> net/ipv6/exthdrs.c | 131 ++++++++++++++++++++++++++++++++++++++++++++++++-----
> 2 files changed, 125 insertions(+), 12 deletions(-)
>
> diff --git a/include/net/ipv6.h b/include/net/ipv6.h
> index 9a5c9f0..5a72ffd 100644
> --- a/include/net/ipv6.h
> +++ b/include/net/ipv6.h
> @@ -304,6 +304,12 @@ struct ipv6_txoptions *ipv6_renew_options(struct sock *sk,
> int newtype,
> struct ipv6_opt_hdr __user *newopt,
> int newoptlen);
> +struct ipv6_txoptions *
> +ipv6_renew_options_kern(struct sock *sk,
> + struct ipv6_txoptions *opt,
> + int newtype,
> + struct ipv6_opt_hdr *newopt,
> + int newoptlen);
> struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
> struct ipv6_txoptions *opt);
>
> diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c
> index ea7c4d6..9426b26 100644
> --- a/net/ipv6/exthdrs.c
> +++ b/net/ipv6/exthdrs.c
> @@ -734,11 +734,16 @@ ipv6_dup_options(struct sock *sk, struct ipv6_txoptions *opt)
> EXPORT_SYMBOL_GPL(ipv6_dup_options);
>
> static int ipv6_renew_option(void *ohdr,
> - struct ipv6_opt_hdr __user *newopt, int newoptlen,
> + struct ipv6_opt_hdr __user *newopt_user,
> + struct ipv6_opt_hdr *newopt,
> + int newoptlen,
> int inherit,
> struct ipv6_opt_hdr **hdr,
> char **p)
This looks quite ugly to me.
Wouldn't it be possible to do something like this:
ipv6_renew_option_kern(...)
{
int ret;
const mm_segment_t old_fs = get_fs();
set_fs(KERNEL_DS);
ret = ipv6_renew_option(...); // maybe you need to forcefully cast the
user away here
set_fs(old_fs);
return ret;
}
Bye,
Hannes
next prev parent reply other threads:[~2015-12-22 13:37 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-22 11:46 [RFC PATCH 08/17] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer Huw Davies
2015-12-22 11:46 ` Huw Davies
2015-12-22 13:28 ` Hannes Frederic Sowa [this message]
2015-12-22 13:28 ` Hannes Frederic Sowa
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=56794FE3.7050507@stressinduktion.org \
--to=hannes@stressinduktion.org \
--cc=huw@codeweavers.com \
--cc=linux-security-module@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pmoore@redhat.com \
--cc=selinux@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.