From: Jason A. Donenfeld <Jason at zx2c4.com>
To: mptcp at lists.01.org
Subject: [MPTCP] Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t
Date: Mon, 27 Jul 2020 18:21:21 +0200 [thread overview]
Message-ID: <CAHmME9oU9+5Pbm6pUkOqaxQyYLr9JhAkwV55+P7AWR601WW-nA@mail.gmail.com> (raw)
In-Reply-To: 20200727161615.GB7817@lst.de
[-- Attachment #1: Type: text/plain, Size: 14295 bytes --]
> From cce2d2e1b43ecee5f4af7cf116808b74b330080f Mon Sep 17 00:00:00 2001
> From: Christoph Hellwig <hch(a)lst.de>
> Date: Mon, 27 Jul 2020 17:42:27 +0200
> Subject: net: remove sockptr_advance
>
> sockptr_advance never properly worked. Replace it with _offset variants
> of copy_from_sockptr and copy_to_sockptr.
>
> Fixes: ba423fdaa589 ("net: add a new sockptr_t type")
> Reported-by: Jason A. Donenfeld <Jason(a)zx2c4.com>
> Reported-by: Ido Schimmel <idosch(a)idosch.org>
> Signed-off-by: Christoph Hellwig <hch(a)lst.de>
> ---
> drivers/crypto/chelsio/chtls/chtls_main.c | 12 +++++-----
> include/linux/sockptr.h | 27 +++++++++++------------
> net/dccp/proto.c | 5 ++---
> net/ipv4/netfilter/arp_tables.c | 8 +++----
> net/ipv4/netfilter/ip_tables.c | 8 +++----
> net/ipv4/tcp.c | 5 +++--
> net/ipv6/ip6_flowlabel.c | 11 ++++-----
> net/ipv6/netfilter/ip6_tables.c | 8 +++----
> net/netfilter/x_tables.c | 7 +++---
> net/tls/tls_main.c | 6 ++---
> 10 files changed, 49 insertions(+), 48 deletions(-)
>
> diff --git a/drivers/crypto/chelsio/chtls/chtls_main.c b/drivers/crypto/chelsio/chtls/chtls_main.c
> index c3058dcdb33c5c..66d247efd5615b 100644
> --- a/drivers/crypto/chelsio/chtls/chtls_main.c
> +++ b/drivers/crypto/chelsio/chtls/chtls_main.c
> @@ -525,9 +525,9 @@ static int do_chtls_setsockopt(struct sock *sk, int optname,
> /* Obtain version and type from previous copy */
> crypto_info[0] = tmp_crypto_info;
> /* Now copy the following data */
> - sockptr_advance(optval, sizeof(*crypto_info));
> - rc = copy_from_sockptr((char *)crypto_info + sizeof(*crypto_info),
> - optval,
> + rc = copy_from_sockptr_offset((char *)crypto_info +
> + sizeof(*crypto_info),
> + optval, sizeof(*crypto_info),
> sizeof(struct tls12_crypto_info_aes_gcm_128)
> - sizeof(*crypto_info));
>
> @@ -542,9 +542,9 @@ static int do_chtls_setsockopt(struct sock *sk, int optname,
> }
> case TLS_CIPHER_AES_GCM_256: {
> crypto_info[0] = tmp_crypto_info;
> - sockptr_advance(optval, sizeof(*crypto_info));
> - rc = copy_from_sockptr((char *)crypto_info + sizeof(*crypto_info),
> - optval,
> + rc = copy_from_sockptr_offset((char *)crypto_info +
> + sizeof(*crypto_info),
> + optval, sizeof(*crypto_info),
> sizeof(struct tls12_crypto_info_aes_gcm_256)
> - sizeof(*crypto_info));
>
> diff --git a/include/linux/sockptr.h b/include/linux/sockptr.h
> index b13ea1422f93a5..9e6c81d474cba8 100644
> --- a/include/linux/sockptr.h
> +++ b/include/linux/sockptr.h
> @@ -69,19 +69,26 @@ static inline bool sockptr_is_null(sockptr_t sockptr)
> return !sockptr.user;
> }
>
> -static inline int copy_from_sockptr(void *dst, sockptr_t src, size_t size)
> +static inline int copy_from_sockptr_offset(void *dst, sockptr_t src,
> + size_t offset, size_t size)
> {
> if (!sockptr_is_kernel(src))
> - return copy_from_user(dst, src.user, size);
> - memcpy(dst, src.kernel, size);
> + return copy_from_user(dst, src.user + offset, size);
> + memcpy(dst, src.kernel + offset, size);
> return 0;
> }
>
> -static inline int copy_to_sockptr(sockptr_t dst, const void *src, size_t size)
> +static inline int copy_from_sockptr(void *dst, sockptr_t src, size_t size)
> +{
> + return copy_from_sockptr_offset(dst, src, 0, size);
> +}
> +
> +static inline int copy_to_sockptr_offset(sockptr_t dst, size_t offset,
> + const void *src, size_t size)
> {
> if (!sockptr_is_kernel(dst))
> - return copy_to_user(dst.user, src, size);
> - memcpy(dst.kernel, src, size);
> + return copy_to_user(dst.user + offset, src, size);
> + memcpy(dst.kernel + offset, src, size);
> return 0;
> }
>
> @@ -112,14 +119,6 @@ static inline void *memdup_sockptr_nul(sockptr_t src, size_t len)
> return p;
> }
>
> -static inline void sockptr_advance(sockptr_t sockptr, size_t len)
> -{
> - if (sockptr_is_kernel(sockptr))
> - sockptr.kernel += len;
> - else
> - sockptr.user += len;
> -}
> -
> static inline long strncpy_from_sockptr(char *dst, sockptr_t src, size_t count)
> {
> if (sockptr_is_kernel(src)) {
> diff --git a/net/dccp/proto.c b/net/dccp/proto.c
> index 2e9e8449698fb4..d148ab1530e57b 100644
> --- a/net/dccp/proto.c
> +++ b/net/dccp/proto.c
> @@ -426,9 +426,8 @@ static int dccp_setsockopt_service(struct sock *sk, const __be32 service,
> return -ENOMEM;
>
> sl->dccpsl_nr = optlen / sizeof(u32) - 1;
> - sockptr_advance(optval, sizeof(service));
> - if (copy_from_sockptr(sl->dccpsl_list, optval,
> - optlen - sizeof(service)) ||
> + if (copy_from_sockptr_offset(sl->dccpsl_list, optval,
> + sizeof(service), optlen - sizeof(service)) ||
> dccp_list_has_service(sl, DCCP_SERVICE_INVALID_VALUE)) {
> kfree(sl);
> return -EFAULT;
> diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
> index 9a1567dbc022b6..d1e04d2b5170ec 100644
> --- a/net/ipv4/netfilter/arp_tables.c
> +++ b/net/ipv4/netfilter/arp_tables.c
> @@ -971,8 +971,8 @@ static int do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> @@ -1267,8 +1267,8 @@ static int compat_do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
> index f2a9680303d8c0..f15bc21d730164 100644
> --- a/net/ipv4/netfilter/ip_tables.c
> +++ b/net/ipv4/netfilter/ip_tables.c
> @@ -1126,8 +1126,8 @@ do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> @@ -1508,8 +1508,8 @@ compat_do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
> index 27de9380ed140e..4afec552f211b9 100644
> --- a/net/ipv4/tcp.c
> +++ b/net/ipv4/tcp.c
> @@ -2801,12 +2801,13 @@ static int tcp_repair_options_est(struct sock *sk, sockptr_t optbuf,
> {
> struct tcp_sock *tp = tcp_sk(sk);
> struct tcp_repair_opt opt;
> + size_t offset = 0;
>
> while (len >= sizeof(opt)) {
> - if (copy_from_sockptr(&opt, optbuf, sizeof(opt)))
> + if (copy_from_sockptr_offset(&opt, optbuf, offset, sizeof(opt)))
> return -EFAULT;
>
> - sockptr_advance(optbuf, sizeof(opt));
> + offset += sizeof(opt);
> len -= sizeof(opt);
>
> switch (opt.opt_code) {
> diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
> index 215b6f5e733ec9..2d655260dedc75 100644
> --- a/net/ipv6/ip6_flowlabel.c
> +++ b/net/ipv6/ip6_flowlabel.c
> @@ -401,8 +401,8 @@ fl_create(struct net *net, struct sock *sk, struct in6_flowlabel_req *freq,
> memset(fl->opt, 0, sizeof(*fl->opt));
> fl->opt->tot_len = sizeof(*fl->opt) + olen;
> err = -EFAULT;
> - sockptr_advance(optval, CMSG_ALIGN(sizeof(*freq)));
> - if (copy_from_sockptr(fl->opt + 1, optval, olen))
> + if (copy_from_sockptr_offset(fl->opt + 1, optval,
> + CMSG_ALIGN(sizeof(*freq)), olen))
> goto done;
>
> msg.msg_controllen = olen;
> @@ -703,9 +703,10 @@ static int ipv6_flowlabel_get(struct sock *sk, struct in6_flowlabel_req *freq,
> goto recheck;
>
> if (!freq->flr_label) {
> - sockptr_advance(optval,
> - offsetof(struct in6_flowlabel_req, flr_label));
> - if (copy_to_sockptr(optval, &fl->label, sizeof(fl->label))) {
> + size_t offset = offsetof(struct in6_flowlabel_req, flr_label);
> +
> + if (copy_to_sockptr_offset(optval, offset, &fl->label,
> + sizeof(fl->label))) {
> /* Intentionally ignore fault. */
> }
> }
> diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
> index 1d52957a413f4a..2e2119bfcf1373 100644
> --- a/net/ipv6/netfilter/ip6_tables.c
> +++ b/net/ipv6/netfilter/ip6_tables.c
> @@ -1143,8 +1143,8 @@ do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> @@ -1517,8 +1517,8 @@ compat_do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
> index b97eb4b538fd4e..91bf6635ea9ee4 100644
> --- a/net/netfilter/x_tables.c
> +++ b/net/netfilter/x_tables.c
> @@ -1050,6 +1050,7 @@ EXPORT_SYMBOL_GPL(xt_check_target);
> void *xt_copy_counters(sockptr_t arg, unsigned int len,
> struct xt_counters_info *info)
> {
> + size_t offset;
> void *mem;
> u64 size;
>
> @@ -1067,7 +1068,7 @@ void *xt_copy_counters(sockptr_t arg, unsigned int len,
>
> memcpy(info->name, compat_tmp.name, sizeof(info->name) - 1);
> info->num_counters = compat_tmp.num_counters;
> - sockptr_advance(arg, sizeof(compat_tmp));
> + offset = sizeof(compat_tmp);
> } else
> #endif
> {
> @@ -1078,7 +1079,7 @@ void *xt_copy_counters(sockptr_t arg, unsigned int len,
> if (copy_from_sockptr(info, arg, sizeof(*info)) != 0)
> return ERR_PTR(-EFAULT);
>
> - sockptr_advance(arg, sizeof(*info));
> + offset = sizeof(*info);
> }
> info->name[sizeof(info->name) - 1] = '\0';
>
> @@ -1092,7 +1093,7 @@ void *xt_copy_counters(sockptr_t arg, unsigned int len,
> if (!mem)
> return ERR_PTR(-ENOMEM);
>
> - if (copy_from_sockptr(mem, arg, len) == 0)
> + if (copy_from_sockptr_offset(mem, arg, offset, len) == 0)
> return mem;
>
> vfree(mem);
> diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
> index d77f7d821130db..bbc52b088d2968 100644
> --- a/net/tls/tls_main.c
> +++ b/net/tls/tls_main.c
> @@ -522,9 +522,9 @@ static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval,
> goto err_crypto_info;
> }
>
> - sockptr_advance(optval, sizeof(*crypto_info));
> - rc = copy_from_sockptr(crypto_info + 1, optval,
> - optlen - sizeof(*crypto_info));
> + rc = copy_from_sockptr_offset(crypto_info + 1, optval,
> + sizeof(*crypto_info),
> + optlen - sizeof(*crypto_info));
> if (rc) {
> rc = -EFAULT;
> goto err_crypto_info;
> --
> 2.27.0
Getting rid of sockptr_advance entirely seems like the right decision
here. You still might want to make sure the addition in
copy_from_sockptr_offset doesn't overflow, and return -EFAULT if it
does.
But this indeed fixes the bug, so:
Acked-by: Jason A. Donenfeld <Jason(a)zx2c4.com>
WARNING: multiple messages have this Message-ID (diff)
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Christoph Hellwig <hch@lst.de>
Cc: "David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
Eric Dumazet <edumazet@google.com>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Netdev <netdev@vger.kernel.org>,
bpf@vger.kernel.org, netfilter-devel@vger.kernel.org,
coreteam@netfilter.org, linux-sctp@vger.kernel.org,
linux-hams@vger.kernel.org, linux-bluetooth@vger.kernel.org,
bridge@lists.linux-foundation.org, linux-can@vger.kernel.org,
dccp@vger.kernel.org, linux-decnet-user@lists.sourceforge.net,
linux-wpan@vger.kernel.org, linux-s390@vger.kernel.org,
mptcp@lists.01.org, lvs-devel@vger.kernel.org,
rds-devel@oss.oracle.com, linux-afs@lists.infradead.org,
tipc-discussion@lists.sourceforge.net, linux-x25@vger.kernel.org
Subject: Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t
Date: Mon, 27 Jul 2020 18:21:21 +0200 [thread overview]
Message-ID: <CAHmME9oU9+5Pbm6pUkOqaxQyYLr9JhAkwV55+P7AWR601WW-nA@mail.gmail.com> (raw)
In-Reply-To: <20200727161615.GB7817@lst.de>
> From cce2d2e1b43ecee5f4af7cf116808b74b330080f Mon Sep 17 00:00:00 2001
> From: Christoph Hellwig <hch@lst.de>
> Date: Mon, 27 Jul 2020 17:42:27 +0200
> Subject: net: remove sockptr_advance
>
> sockptr_advance never properly worked. Replace it with _offset variants
> of copy_from_sockptr and copy_to_sockptr.
>
> Fixes: ba423fdaa589 ("net: add a new sockptr_t type")
> Reported-by: Jason A. Donenfeld <Jason@zx2c4.com>
> Reported-by: Ido Schimmel <idosch@idosch.org>
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> ---
> drivers/crypto/chelsio/chtls/chtls_main.c | 12 +++++-----
> include/linux/sockptr.h | 27 +++++++++++------------
> net/dccp/proto.c | 5 ++---
> net/ipv4/netfilter/arp_tables.c | 8 +++----
> net/ipv4/netfilter/ip_tables.c | 8 +++----
> net/ipv4/tcp.c | 5 +++--
> net/ipv6/ip6_flowlabel.c | 11 ++++-----
> net/ipv6/netfilter/ip6_tables.c | 8 +++----
> net/netfilter/x_tables.c | 7 +++---
> net/tls/tls_main.c | 6 ++---
> 10 files changed, 49 insertions(+), 48 deletions(-)
>
> diff --git a/drivers/crypto/chelsio/chtls/chtls_main.c b/drivers/crypto/chelsio/chtls/chtls_main.c
> index c3058dcdb33c5c..66d247efd5615b 100644
> --- a/drivers/crypto/chelsio/chtls/chtls_main.c
> +++ b/drivers/crypto/chelsio/chtls/chtls_main.c
> @@ -525,9 +525,9 @@ static int do_chtls_setsockopt(struct sock *sk, int optname,
> /* Obtain version and type from previous copy */
> crypto_info[0] = tmp_crypto_info;
> /* Now copy the following data */
> - sockptr_advance(optval, sizeof(*crypto_info));
> - rc = copy_from_sockptr((char *)crypto_info + sizeof(*crypto_info),
> - optval,
> + rc = copy_from_sockptr_offset((char *)crypto_info +
> + sizeof(*crypto_info),
> + optval, sizeof(*crypto_info),
> sizeof(struct tls12_crypto_info_aes_gcm_128)
> - sizeof(*crypto_info));
>
> @@ -542,9 +542,9 @@ static int do_chtls_setsockopt(struct sock *sk, int optname,
> }
> case TLS_CIPHER_AES_GCM_256: {
> crypto_info[0] = tmp_crypto_info;
> - sockptr_advance(optval, sizeof(*crypto_info));
> - rc = copy_from_sockptr((char *)crypto_info + sizeof(*crypto_info),
> - optval,
> + rc = copy_from_sockptr_offset((char *)crypto_info +
> + sizeof(*crypto_info),
> + optval, sizeof(*crypto_info),
> sizeof(struct tls12_crypto_info_aes_gcm_256)
> - sizeof(*crypto_info));
>
> diff --git a/include/linux/sockptr.h b/include/linux/sockptr.h
> index b13ea1422f93a5..9e6c81d474cba8 100644
> --- a/include/linux/sockptr.h
> +++ b/include/linux/sockptr.h
> @@ -69,19 +69,26 @@ static inline bool sockptr_is_null(sockptr_t sockptr)
> return !sockptr.user;
> }
>
> -static inline int copy_from_sockptr(void *dst, sockptr_t src, size_t size)
> +static inline int copy_from_sockptr_offset(void *dst, sockptr_t src,
> + size_t offset, size_t size)
> {
> if (!sockptr_is_kernel(src))
> - return copy_from_user(dst, src.user, size);
> - memcpy(dst, src.kernel, size);
> + return copy_from_user(dst, src.user + offset, size);
> + memcpy(dst, src.kernel + offset, size);
> return 0;
> }
>
> -static inline int copy_to_sockptr(sockptr_t dst, const void *src, size_t size)
> +static inline int copy_from_sockptr(void *dst, sockptr_t src, size_t size)
> +{
> + return copy_from_sockptr_offset(dst, src, 0, size);
> +}
> +
> +static inline int copy_to_sockptr_offset(sockptr_t dst, size_t offset,
> + const void *src, size_t size)
> {
> if (!sockptr_is_kernel(dst))
> - return copy_to_user(dst.user, src, size);
> - memcpy(dst.kernel, src, size);
> + return copy_to_user(dst.user + offset, src, size);
> + memcpy(dst.kernel + offset, src, size);
> return 0;
> }
>
> @@ -112,14 +119,6 @@ static inline void *memdup_sockptr_nul(sockptr_t src, size_t len)
> return p;
> }
>
> -static inline void sockptr_advance(sockptr_t sockptr, size_t len)
> -{
> - if (sockptr_is_kernel(sockptr))
> - sockptr.kernel += len;
> - else
> - sockptr.user += len;
> -}
> -
> static inline long strncpy_from_sockptr(char *dst, sockptr_t src, size_t count)
> {
> if (sockptr_is_kernel(src)) {
> diff --git a/net/dccp/proto.c b/net/dccp/proto.c
> index 2e9e8449698fb4..d148ab1530e57b 100644
> --- a/net/dccp/proto.c
> +++ b/net/dccp/proto.c
> @@ -426,9 +426,8 @@ static int dccp_setsockopt_service(struct sock *sk, const __be32 service,
> return -ENOMEM;
>
> sl->dccpsl_nr = optlen / sizeof(u32) - 1;
> - sockptr_advance(optval, sizeof(service));
> - if (copy_from_sockptr(sl->dccpsl_list, optval,
> - optlen - sizeof(service)) ||
> + if (copy_from_sockptr_offset(sl->dccpsl_list, optval,
> + sizeof(service), optlen - sizeof(service)) ||
> dccp_list_has_service(sl, DCCP_SERVICE_INVALID_VALUE)) {
> kfree(sl);
> return -EFAULT;
> diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
> index 9a1567dbc022b6..d1e04d2b5170ec 100644
> --- a/net/ipv4/netfilter/arp_tables.c
> +++ b/net/ipv4/netfilter/arp_tables.c
> @@ -971,8 +971,8 @@ static int do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> @@ -1267,8 +1267,8 @@ static int compat_do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
> index f2a9680303d8c0..f15bc21d730164 100644
> --- a/net/ipv4/netfilter/ip_tables.c
> +++ b/net/ipv4/netfilter/ip_tables.c
> @@ -1126,8 +1126,8 @@ do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> @@ -1508,8 +1508,8 @@ compat_do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
> index 27de9380ed140e..4afec552f211b9 100644
> --- a/net/ipv4/tcp.c
> +++ b/net/ipv4/tcp.c
> @@ -2801,12 +2801,13 @@ static int tcp_repair_options_est(struct sock *sk, sockptr_t optbuf,
> {
> struct tcp_sock *tp = tcp_sk(sk);
> struct tcp_repair_opt opt;
> + size_t offset = 0;
>
> while (len >= sizeof(opt)) {
> - if (copy_from_sockptr(&opt, optbuf, sizeof(opt)))
> + if (copy_from_sockptr_offset(&opt, optbuf, offset, sizeof(opt)))
> return -EFAULT;
>
> - sockptr_advance(optbuf, sizeof(opt));
> + offset += sizeof(opt);
> len -= sizeof(opt);
>
> switch (opt.opt_code) {
> diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
> index 215b6f5e733ec9..2d655260dedc75 100644
> --- a/net/ipv6/ip6_flowlabel.c
> +++ b/net/ipv6/ip6_flowlabel.c
> @@ -401,8 +401,8 @@ fl_create(struct net *net, struct sock *sk, struct in6_flowlabel_req *freq,
> memset(fl->opt, 0, sizeof(*fl->opt));
> fl->opt->tot_len = sizeof(*fl->opt) + olen;
> err = -EFAULT;
> - sockptr_advance(optval, CMSG_ALIGN(sizeof(*freq)));
> - if (copy_from_sockptr(fl->opt + 1, optval, olen))
> + if (copy_from_sockptr_offset(fl->opt + 1, optval,
> + CMSG_ALIGN(sizeof(*freq)), olen))
> goto done;
>
> msg.msg_controllen = olen;
> @@ -703,9 +703,10 @@ static int ipv6_flowlabel_get(struct sock *sk, struct in6_flowlabel_req *freq,
> goto recheck;
>
> if (!freq->flr_label) {
> - sockptr_advance(optval,
> - offsetof(struct in6_flowlabel_req, flr_label));
> - if (copy_to_sockptr(optval, &fl->label, sizeof(fl->label))) {
> + size_t offset = offsetof(struct in6_flowlabel_req, flr_label);
> +
> + if (copy_to_sockptr_offset(optval, offset, &fl->label,
> + sizeof(fl->label))) {
> /* Intentionally ignore fault. */
> }
> }
> diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
> index 1d52957a413f4a..2e2119bfcf1373 100644
> --- a/net/ipv6/netfilter/ip6_tables.c
> +++ b/net/ipv6/netfilter/ip6_tables.c
> @@ -1143,8 +1143,8 @@ do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> @@ -1517,8 +1517,8 @@ compat_do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
> index b97eb4b538fd4e..91bf6635ea9ee4 100644
> --- a/net/netfilter/x_tables.c
> +++ b/net/netfilter/x_tables.c
> @@ -1050,6 +1050,7 @@ EXPORT_SYMBOL_GPL(xt_check_target);
> void *xt_copy_counters(sockptr_t arg, unsigned int len,
> struct xt_counters_info *info)
> {
> + size_t offset;
> void *mem;
> u64 size;
>
> @@ -1067,7 +1068,7 @@ void *xt_copy_counters(sockptr_t arg, unsigned int len,
>
> memcpy(info->name, compat_tmp.name, sizeof(info->name) - 1);
> info->num_counters = compat_tmp.num_counters;
> - sockptr_advance(arg, sizeof(compat_tmp));
> + offset = sizeof(compat_tmp);
> } else
> #endif
> {
> @@ -1078,7 +1079,7 @@ void *xt_copy_counters(sockptr_t arg, unsigned int len,
> if (copy_from_sockptr(info, arg, sizeof(*info)) != 0)
> return ERR_PTR(-EFAULT);
>
> - sockptr_advance(arg, sizeof(*info));
> + offset = sizeof(*info);
> }
> info->name[sizeof(info->name) - 1] = '\0';
>
> @@ -1092,7 +1093,7 @@ void *xt_copy_counters(sockptr_t arg, unsigned int len,
> if (!mem)
> return ERR_PTR(-ENOMEM);
>
> - if (copy_from_sockptr(mem, arg, len) == 0)
> + if (copy_from_sockptr_offset(mem, arg, offset, len) == 0)
> return mem;
>
> vfree(mem);
> diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
> index d77f7d821130db..bbc52b088d2968 100644
> --- a/net/tls/tls_main.c
> +++ b/net/tls/tls_main.c
> @@ -522,9 +522,9 @@ static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval,
> goto err_crypto_info;
> }
>
> - sockptr_advance(optval, sizeof(*crypto_info));
> - rc = copy_from_sockptr(crypto_info + 1, optval,
> - optlen - sizeof(*crypto_info));
> + rc = copy_from_sockptr_offset(crypto_info + 1, optval,
> + sizeof(*crypto_info),
> + optlen - sizeof(*crypto_info));
> if (rc) {
> rc = -EFAULT;
> goto err_crypto_info;
> --
> 2.27.0
Getting rid of sockptr_advance entirely seems like the right decision
here. You still might want to make sure the addition in
copy_from_sockptr_offset doesn't overflow, and return -EFAULT if it
does.
But this indeed fixes the bug, so:
Acked-by: Jason A. Donenfeld <Jason@zx2c4.com>
WARNING: multiple messages have this Message-ID (diff)
From: "Jason A. Donenfeld" <Jason-OnJsPKxuuEcAvxtiuMwx3w@public.gmane.org>
To: Christoph Hellwig <hch-jcswGhMUV9g@public.gmane.org>
Cc: "David S. Miller" <davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>,
Jakub Kicinski <kuba-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Alexei Starovoitov <ast-DgEjT+Ai2ygdnm+yROfE0A@public.gmane.org>,
Daniel Borkmann <daniel-FeC+5ew28dpmcu3hnIyYJQ@public.gmane.org>,
Alexey Kuznetsov <kuznet-v/Mj1YrvjDBInbfyfbPRSQ@public.gmane.org>,
Hideaki YOSHIFUJI
<yoshfuji-VfPWfsRibaP+Ru+s062T9g@public.gmane.org>,
Eric Dumazet <edumazet-hpIqsD4AKlfQT0dZR+AlfA@public.gmane.org>,
Linux Crypto Mailing List
<linux-crypto-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
LKML <linux-kernel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
Netdev <netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org>,
bpf-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
netfilter-devel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
coreteam-Cap9r6Oaw4JrovVCs/uTlw@public.gmane.org,
linux-sctp-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-hams-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-bluetooth-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
bridge-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org,
linux-can-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
dccp-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-decnet-user-5NWGOfrQmneRv+LV9MX5uipxlwaOVQ5f@public.gmane.org,
linux-wpan-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
linux-s390-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
mptcp-hn68Rpc1hR1g9hUCZPvPmw@public.gmane.org
Subject: Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t
Date: Mon, 27 Jul 2020 18:21:21 +0200 [thread overview]
Message-ID: <CAHmME9oU9+5Pbm6pUkOqaxQyYLr9JhAkwV55+P7AWR601WW-nA@mail.gmail.com> (raw)
In-Reply-To: <20200727161615.GB7817-jcswGhMUV9g@public.gmane.org>
> From cce2d2e1b43ecee5f4af7cf116808b74b330080f Mon Sep 17 00:00:00 2001
> From: Christoph Hellwig <hch-jcswGhMUV9g@public.gmane.org>
> Date: Mon, 27 Jul 2020 17:42:27 +0200
> Subject: net: remove sockptr_advance
>
> sockptr_advance never properly worked. Replace it with _offset variants
> of copy_from_sockptr and copy_to_sockptr.
>
> Fixes: ba423fdaa589 ("net: add a new sockptr_t type")
> Reported-by: Jason A. Donenfeld <Jason-OnJsPKxuuEcAvxtiuMwx3w@public.gmane.org>
> Reported-by: Ido Schimmel <idosch-2h5rdk4LcBEdnm+yROfE0A@public.gmane.org>
> Signed-off-by: Christoph Hellwig <hch-jcswGhMUV9g@public.gmane.org>
> ---
> drivers/crypto/chelsio/chtls/chtls_main.c | 12 +++++-----
> include/linux/sockptr.h | 27 +++++++++++------------
> net/dccp/proto.c | 5 ++---
> net/ipv4/netfilter/arp_tables.c | 8 +++----
> net/ipv4/netfilter/ip_tables.c | 8 +++----
> net/ipv4/tcp.c | 5 +++--
> net/ipv6/ip6_flowlabel.c | 11 ++++-----
> net/ipv6/netfilter/ip6_tables.c | 8 +++----
> net/netfilter/x_tables.c | 7 +++---
> net/tls/tls_main.c | 6 ++---
> 10 files changed, 49 insertions(+), 48 deletions(-)
>
> diff --git a/drivers/crypto/chelsio/chtls/chtls_main.c b/drivers/crypto/chelsio/chtls/chtls_main.c
> index c3058dcdb33c5c..66d247efd5615b 100644
> --- a/drivers/crypto/chelsio/chtls/chtls_main.c
> +++ b/drivers/crypto/chelsio/chtls/chtls_main.c
> @@ -525,9 +525,9 @@ static int do_chtls_setsockopt(struct sock *sk, int optname,
> /* Obtain version and type from previous copy */
> crypto_info[0] = tmp_crypto_info;
> /* Now copy the following data */
> - sockptr_advance(optval, sizeof(*crypto_info));
> - rc = copy_from_sockptr((char *)crypto_info + sizeof(*crypto_info),
> - optval,
> + rc = copy_from_sockptr_offset((char *)crypto_info +
> + sizeof(*crypto_info),
> + optval, sizeof(*crypto_info),
> sizeof(struct tls12_crypto_info_aes_gcm_128)
> - sizeof(*crypto_info));
>
> @@ -542,9 +542,9 @@ static int do_chtls_setsockopt(struct sock *sk, int optname,
> }
> case TLS_CIPHER_AES_GCM_256: {
> crypto_info[0] = tmp_crypto_info;
> - sockptr_advance(optval, sizeof(*crypto_info));
> - rc = copy_from_sockptr((char *)crypto_info + sizeof(*crypto_info),
> - optval,
> + rc = copy_from_sockptr_offset((char *)crypto_info +
> + sizeof(*crypto_info),
> + optval, sizeof(*crypto_info),
> sizeof(struct tls12_crypto_info_aes_gcm_256)
> - sizeof(*crypto_info));
>
> diff --git a/include/linux/sockptr.h b/include/linux/sockptr.h
> index b13ea1422f93a5..9e6c81d474cba8 100644
> --- a/include/linux/sockptr.h
> +++ b/include/linux/sockptr.h
> @@ -69,19 +69,26 @@ static inline bool sockptr_is_null(sockptr_t sockptr)
> return !sockptr.user;
> }
>
> -static inline int copy_from_sockptr(void *dst, sockptr_t src, size_t size)
> +static inline int copy_from_sockptr_offset(void *dst, sockptr_t src,
> + size_t offset, size_t size)
> {
> if (!sockptr_is_kernel(src))
> - return copy_from_user(dst, src.user, size);
> - memcpy(dst, src.kernel, size);
> + return copy_from_user(dst, src.user + offset, size);
> + memcpy(dst, src.kernel + offset, size);
> return 0;
> }
>
> -static inline int copy_to_sockptr(sockptr_t dst, const void *src, size_t size)
> +static inline int copy_from_sockptr(void *dst, sockptr_t src, size_t size)
> +{
> + return copy_from_sockptr_offset(dst, src, 0, size);
> +}
> +
> +static inline int copy_to_sockptr_offset(sockptr_t dst, size_t offset,
> + const void *src, size_t size)
> {
> if (!sockptr_is_kernel(dst))
> - return copy_to_user(dst.user, src, size);
> - memcpy(dst.kernel, src, size);
> + return copy_to_user(dst.user + offset, src, size);
> + memcpy(dst.kernel + offset, src, size);
> return 0;
> }
>
> @@ -112,14 +119,6 @@ static inline void *memdup_sockptr_nul(sockptr_t src, size_t len)
> return p;
> }
>
> -static inline void sockptr_advance(sockptr_t sockptr, size_t len)
> -{
> - if (sockptr_is_kernel(sockptr))
> - sockptr.kernel += len;
> - else
> - sockptr.user += len;
> -}
> -
> static inline long strncpy_from_sockptr(char *dst, sockptr_t src, size_t count)
> {
> if (sockptr_is_kernel(src)) {
> diff --git a/net/dccp/proto.c b/net/dccp/proto.c
> index 2e9e8449698fb4..d148ab1530e57b 100644
> --- a/net/dccp/proto.c
> +++ b/net/dccp/proto.c
> @@ -426,9 +426,8 @@ static int dccp_setsockopt_service(struct sock *sk, const __be32 service,
> return -ENOMEM;
>
> sl->dccpsl_nr = optlen / sizeof(u32) - 1;
> - sockptr_advance(optval, sizeof(service));
> - if (copy_from_sockptr(sl->dccpsl_list, optval,
> - optlen - sizeof(service)) ||
> + if (copy_from_sockptr_offset(sl->dccpsl_list, optval,
> + sizeof(service), optlen - sizeof(service)) ||
> dccp_list_has_service(sl, DCCP_SERVICE_INVALID_VALUE)) {
> kfree(sl);
> return -EFAULT;
> diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
> index 9a1567dbc022b6..d1e04d2b5170ec 100644
> --- a/net/ipv4/netfilter/arp_tables.c
> +++ b/net/ipv4/netfilter/arp_tables.c
> @@ -971,8 +971,8 @@ static int do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> @@ -1267,8 +1267,8 @@ static int compat_do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
> index f2a9680303d8c0..f15bc21d730164 100644
> --- a/net/ipv4/netfilter/ip_tables.c
> +++ b/net/ipv4/netfilter/ip_tables.c
> @@ -1126,8 +1126,8 @@ do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> @@ -1508,8 +1508,8 @@ compat_do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
> index 27de9380ed140e..4afec552f211b9 100644
> --- a/net/ipv4/tcp.c
> +++ b/net/ipv4/tcp.c
> @@ -2801,12 +2801,13 @@ static int tcp_repair_options_est(struct sock *sk, sockptr_t optbuf,
> {
> struct tcp_sock *tp = tcp_sk(sk);
> struct tcp_repair_opt opt;
> + size_t offset = 0;
>
> while (len >= sizeof(opt)) {
> - if (copy_from_sockptr(&opt, optbuf, sizeof(opt)))
> + if (copy_from_sockptr_offset(&opt, optbuf, offset, sizeof(opt)))
> return -EFAULT;
>
> - sockptr_advance(optbuf, sizeof(opt));
> + offset += sizeof(opt);
> len -= sizeof(opt);
>
> switch (opt.opt_code) {
> diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
> index 215b6f5e733ec9..2d655260dedc75 100644
> --- a/net/ipv6/ip6_flowlabel.c
> +++ b/net/ipv6/ip6_flowlabel.c
> @@ -401,8 +401,8 @@ fl_create(struct net *net, struct sock *sk, struct in6_flowlabel_req *freq,
> memset(fl->opt, 0, sizeof(*fl->opt));
> fl->opt->tot_len = sizeof(*fl->opt) + olen;
> err = -EFAULT;
> - sockptr_advance(optval, CMSG_ALIGN(sizeof(*freq)));
> - if (copy_from_sockptr(fl->opt + 1, optval, olen))
> + if (copy_from_sockptr_offset(fl->opt + 1, optval,
> + CMSG_ALIGN(sizeof(*freq)), olen))
> goto done;
>
> msg.msg_controllen = olen;
> @@ -703,9 +703,10 @@ static int ipv6_flowlabel_get(struct sock *sk, struct in6_flowlabel_req *freq,
> goto recheck;
>
> if (!freq->flr_label) {
> - sockptr_advance(optval,
> - offsetof(struct in6_flowlabel_req, flr_label));
> - if (copy_to_sockptr(optval, &fl->label, sizeof(fl->label))) {
> + size_t offset = offsetof(struct in6_flowlabel_req, flr_label);
> +
> + if (copy_to_sockptr_offset(optval, offset, &fl->label,
> + sizeof(fl->label))) {
> /* Intentionally ignore fault. */
> }
> }
> diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
> index 1d52957a413f4a..2e2119bfcf1373 100644
> --- a/net/ipv6/netfilter/ip6_tables.c
> +++ b/net/ipv6/netfilter/ip6_tables.c
> @@ -1143,8 +1143,8 @@ do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> @@ -1517,8 +1517,8 @@ compat_do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
> index b97eb4b538fd4e..91bf6635ea9ee4 100644
> --- a/net/netfilter/x_tables.c
> +++ b/net/netfilter/x_tables.c
> @@ -1050,6 +1050,7 @@ EXPORT_SYMBOL_GPL(xt_check_target);
> void *xt_copy_counters(sockptr_t arg, unsigned int len,
> struct xt_counters_info *info)
> {
> + size_t offset;
> void *mem;
> u64 size;
>
> @@ -1067,7 +1068,7 @@ void *xt_copy_counters(sockptr_t arg, unsigned int len,
>
> memcpy(info->name, compat_tmp.name, sizeof(info->name) - 1);
> info->num_counters = compat_tmp.num_counters;
> - sockptr_advance(arg, sizeof(compat_tmp));
> + offset = sizeof(compat_tmp);
> } else
> #endif
> {
> @@ -1078,7 +1079,7 @@ void *xt_copy_counters(sockptr_t arg, unsigned int len,
> if (copy_from_sockptr(info, arg, sizeof(*info)) != 0)
> return ERR_PTR(-EFAULT);
>
> - sockptr_advance(arg, sizeof(*info));
> + offset = sizeof(*info);
> }
> info->name[sizeof(info->name) - 1] = '\0';
>
> @@ -1092,7 +1093,7 @@ void *xt_copy_counters(sockptr_t arg, unsigned int len,
> if (!mem)
> return ERR_PTR(-ENOMEM);
>
> - if (copy_from_sockptr(mem, arg, len) == 0)
> + if (copy_from_sockptr_offset(mem, arg, offset, len) == 0)
> return mem;
>
> vfree(mem);
> diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
> index d77f7d821130db..bbc52b088d2968 100644
> --- a/net/tls/tls_main.c
> +++ b/net/tls/tls_main.c
> @@ -522,9 +522,9 @@ static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval,
> goto err_crypto_info;
> }
>
> - sockptr_advance(optval, sizeof(*crypto_info));
> - rc = copy_from_sockptr(crypto_info + 1, optval,
> - optlen - sizeof(*crypto_info));
> + rc = copy_from_sockptr_offset(crypto_info + 1, optval,
> + sizeof(*crypto_info),
> + optlen - sizeof(*crypto_info));
> if (rc) {
> rc = -EFAULT;
> goto err_crypto_info;
> --
> 2.27.0
Getting rid of sockptr_advance entirely seems like the right decision
here. You still might want to make sure the addition in
copy_from_sockptr_offset doesn't overflow, and return -EFAULT if it
does.
But this indeed fixes the bug, so:
Acked-by: Jason A. Donenfeld <Jason-OnJsPKxuuEcAvxtiuMwx3w@public.gmane.org>
WARNING: multiple messages have this Message-ID (diff)
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Christoph Hellwig <hch@lst.de>
Cc: "David S. Miller" <davem@davemloft.net>,
Jakub Kicinski <kuba@kernel.org>,
Alexei Starovoitov <ast@kernel.org>,
Daniel Borkmann <daniel@iogearbox.net>,
Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
Eric Dumazet <edumazet@google.com>,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
LKML <linux-kernel@vger.kernel.org>,
Netdev <netdev@vger.kernel.org>,
bpf@vger.kernel.org, netfilter-devel@vger.kernel.org,
coreteam@netfilter.org, linux-sctp@vger.kernel.org,
linux-hams@vger.kernel.org, linux-bluetooth@vger.kernel.org,
bridge@lists.linux-foundation.org, linux-can@vger.kernel.org,
dccp@vger.kernel.org, linux-decnet-user@lists.sourceforge.net,
linux-wpan@vger.kernel.org, linux-s390@vger.kernel.org,
mptcp@lists.01.org, lvs-devel@vger.kernel.org,
rds-devel@oss.oracle.com, linux-afs@lists.infradead.org,
tipc-discussion@lists.sourceforge.net, linux-x25@vger.kernel.org
Subject: Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t
Date: Mon, 27 Jul 2020 16:21:21 +0000 [thread overview]
Message-ID: <CAHmME9oU9+5Pbm6pUkOqaxQyYLr9JhAkwV55+P7AWR601WW-nA@mail.gmail.com> (raw)
In-Reply-To: <20200727161615.GB7817@lst.de>
> From cce2d2e1b43ecee5f4af7cf116808b74b330080f Mon Sep 17 00:00:00 2001
> From: Christoph Hellwig <hch@lst.de>
> Date: Mon, 27 Jul 2020 17:42:27 +0200
> Subject: net: remove sockptr_advance
>
> sockptr_advance never properly worked. Replace it with _offset variants
> of copy_from_sockptr and copy_to_sockptr.
>
> Fixes: ba423fdaa589 ("net: add a new sockptr_t type")
> Reported-by: Jason A. Donenfeld <Jason@zx2c4.com>
> Reported-by: Ido Schimmel <idosch@idosch.org>
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> ---
> drivers/crypto/chelsio/chtls/chtls_main.c | 12 +++++-----
> include/linux/sockptr.h | 27 +++++++++++------------
> net/dccp/proto.c | 5 ++---
> net/ipv4/netfilter/arp_tables.c | 8 +++----
> net/ipv4/netfilter/ip_tables.c | 8 +++----
> net/ipv4/tcp.c | 5 +++--
> net/ipv6/ip6_flowlabel.c | 11 ++++-----
> net/ipv6/netfilter/ip6_tables.c | 8 +++----
> net/netfilter/x_tables.c | 7 +++---
> net/tls/tls_main.c | 6 ++---
> 10 files changed, 49 insertions(+), 48 deletions(-)
>
> diff --git a/drivers/crypto/chelsio/chtls/chtls_main.c b/drivers/crypto/chelsio/chtls/chtls_main.c
> index c3058dcdb33c5c..66d247efd5615b 100644
> --- a/drivers/crypto/chelsio/chtls/chtls_main.c
> +++ b/drivers/crypto/chelsio/chtls/chtls_main.c
> @@ -525,9 +525,9 @@ static int do_chtls_setsockopt(struct sock *sk, int optname,
> /* Obtain version and type from previous copy */
> crypto_info[0] = tmp_crypto_info;
> /* Now copy the following data */
> - sockptr_advance(optval, sizeof(*crypto_info));
> - rc = copy_from_sockptr((char *)crypto_info + sizeof(*crypto_info),
> - optval,
> + rc = copy_from_sockptr_offset((char *)crypto_info +
> + sizeof(*crypto_info),
> + optval, sizeof(*crypto_info),
> sizeof(struct tls12_crypto_info_aes_gcm_128)
> - sizeof(*crypto_info));
>
> @@ -542,9 +542,9 @@ static int do_chtls_setsockopt(struct sock *sk, int optname,
> }
> case TLS_CIPHER_AES_GCM_256: {
> crypto_info[0] = tmp_crypto_info;
> - sockptr_advance(optval, sizeof(*crypto_info));
> - rc = copy_from_sockptr((char *)crypto_info + sizeof(*crypto_info),
> - optval,
> + rc = copy_from_sockptr_offset((char *)crypto_info +
> + sizeof(*crypto_info),
> + optval, sizeof(*crypto_info),
> sizeof(struct tls12_crypto_info_aes_gcm_256)
> - sizeof(*crypto_info));
>
> diff --git a/include/linux/sockptr.h b/include/linux/sockptr.h
> index b13ea1422f93a5..9e6c81d474cba8 100644
> --- a/include/linux/sockptr.h
> +++ b/include/linux/sockptr.h
> @@ -69,19 +69,26 @@ static inline bool sockptr_is_null(sockptr_t sockptr)
> return !sockptr.user;
> }
>
> -static inline int copy_from_sockptr(void *dst, sockptr_t src, size_t size)
> +static inline int copy_from_sockptr_offset(void *dst, sockptr_t src,
> + size_t offset, size_t size)
> {
> if (!sockptr_is_kernel(src))
> - return copy_from_user(dst, src.user, size);
> - memcpy(dst, src.kernel, size);
> + return copy_from_user(dst, src.user + offset, size);
> + memcpy(dst, src.kernel + offset, size);
> return 0;
> }
>
> -static inline int copy_to_sockptr(sockptr_t dst, const void *src, size_t size)
> +static inline int copy_from_sockptr(void *dst, sockptr_t src, size_t size)
> +{
> + return copy_from_sockptr_offset(dst, src, 0, size);
> +}
> +
> +static inline int copy_to_sockptr_offset(sockptr_t dst, size_t offset,
> + const void *src, size_t size)
> {
> if (!sockptr_is_kernel(dst))
> - return copy_to_user(dst.user, src, size);
> - memcpy(dst.kernel, src, size);
> + return copy_to_user(dst.user + offset, src, size);
> + memcpy(dst.kernel + offset, src, size);
> return 0;
> }
>
> @@ -112,14 +119,6 @@ static inline void *memdup_sockptr_nul(sockptr_t src, size_t len)
> return p;
> }
>
> -static inline void sockptr_advance(sockptr_t sockptr, size_t len)
> -{
> - if (sockptr_is_kernel(sockptr))
> - sockptr.kernel += len;
> - else
> - sockptr.user += len;
> -}
> -
> static inline long strncpy_from_sockptr(char *dst, sockptr_t src, size_t count)
> {
> if (sockptr_is_kernel(src)) {
> diff --git a/net/dccp/proto.c b/net/dccp/proto.c
> index 2e9e8449698fb4..d148ab1530e57b 100644
> --- a/net/dccp/proto.c
> +++ b/net/dccp/proto.c
> @@ -426,9 +426,8 @@ static int dccp_setsockopt_service(struct sock *sk, const __be32 service,
> return -ENOMEM;
>
> sl->dccpsl_nr = optlen / sizeof(u32) - 1;
> - sockptr_advance(optval, sizeof(service));
> - if (copy_from_sockptr(sl->dccpsl_list, optval,
> - optlen - sizeof(service)) ||
> + if (copy_from_sockptr_offset(sl->dccpsl_list, optval,
> + sizeof(service), optlen - sizeof(service)) ||
> dccp_list_has_service(sl, DCCP_SERVICE_INVALID_VALUE)) {
> kfree(sl);
> return -EFAULT;
> diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
> index 9a1567dbc022b6..d1e04d2b5170ec 100644
> --- a/net/ipv4/netfilter/arp_tables.c
> +++ b/net/ipv4/netfilter/arp_tables.c
> @@ -971,8 +971,8 @@ static int do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> @@ -1267,8 +1267,8 @@ static int compat_do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
> index f2a9680303d8c0..f15bc21d730164 100644
> --- a/net/ipv4/netfilter/ip_tables.c
> +++ b/net/ipv4/netfilter/ip_tables.c
> @@ -1126,8 +1126,8 @@ do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> @@ -1508,8 +1508,8 @@ compat_do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
> index 27de9380ed140e..4afec552f211b9 100644
> --- a/net/ipv4/tcp.c
> +++ b/net/ipv4/tcp.c
> @@ -2801,12 +2801,13 @@ static int tcp_repair_options_est(struct sock *sk, sockptr_t optbuf,
> {
> struct tcp_sock *tp = tcp_sk(sk);
> struct tcp_repair_opt opt;
> + size_t offset = 0;
>
> while (len >= sizeof(opt)) {
> - if (copy_from_sockptr(&opt, optbuf, sizeof(opt)))
> + if (copy_from_sockptr_offset(&opt, optbuf, offset, sizeof(opt)))
> return -EFAULT;
>
> - sockptr_advance(optbuf, sizeof(opt));
> + offset += sizeof(opt);
> len -= sizeof(opt);
>
> switch (opt.opt_code) {
> diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
> index 215b6f5e733ec9..2d655260dedc75 100644
> --- a/net/ipv6/ip6_flowlabel.c
> +++ b/net/ipv6/ip6_flowlabel.c
> @@ -401,8 +401,8 @@ fl_create(struct net *net, struct sock *sk, struct in6_flowlabel_req *freq,
> memset(fl->opt, 0, sizeof(*fl->opt));
> fl->opt->tot_len = sizeof(*fl->opt) + olen;
> err = -EFAULT;
> - sockptr_advance(optval, CMSG_ALIGN(sizeof(*freq)));
> - if (copy_from_sockptr(fl->opt + 1, optval, olen))
> + if (copy_from_sockptr_offset(fl->opt + 1, optval,
> + CMSG_ALIGN(sizeof(*freq)), olen))
> goto done;
>
> msg.msg_controllen = olen;
> @@ -703,9 +703,10 @@ static int ipv6_flowlabel_get(struct sock *sk, struct in6_flowlabel_req *freq,
> goto recheck;
>
> if (!freq->flr_label) {
> - sockptr_advance(optval,
> - offsetof(struct in6_flowlabel_req, flr_label));
> - if (copy_to_sockptr(optval, &fl->label, sizeof(fl->label))) {
> + size_t offset = offsetof(struct in6_flowlabel_req, flr_label);
> +
> + if (copy_to_sockptr_offset(optval, offset, &fl->label,
> + sizeof(fl->label))) {
> /* Intentionally ignore fault. */
> }
> }
> diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
> index 1d52957a413f4a..2e2119bfcf1373 100644
> --- a/net/ipv6/netfilter/ip6_tables.c
> +++ b/net/ipv6/netfilter/ip6_tables.c
> @@ -1143,8 +1143,8 @@ do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> @@ -1517,8 +1517,8 @@ compat_do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
> index b97eb4b538fd4e..91bf6635ea9ee4 100644
> --- a/net/netfilter/x_tables.c
> +++ b/net/netfilter/x_tables.c
> @@ -1050,6 +1050,7 @@ EXPORT_SYMBOL_GPL(xt_check_target);
> void *xt_copy_counters(sockptr_t arg, unsigned int len,
> struct xt_counters_info *info)
> {
> + size_t offset;
> void *mem;
> u64 size;
>
> @@ -1067,7 +1068,7 @@ void *xt_copy_counters(sockptr_t arg, unsigned int len,
>
> memcpy(info->name, compat_tmp.name, sizeof(info->name) - 1);
> info->num_counters = compat_tmp.num_counters;
> - sockptr_advance(arg, sizeof(compat_tmp));
> + offset = sizeof(compat_tmp);
> } else
> #endif
> {
> @@ -1078,7 +1079,7 @@ void *xt_copy_counters(sockptr_t arg, unsigned int len,
> if (copy_from_sockptr(info, arg, sizeof(*info)) != 0)
> return ERR_PTR(-EFAULT);
>
> - sockptr_advance(arg, sizeof(*info));
> + offset = sizeof(*info);
> }
> info->name[sizeof(info->name) - 1] = '\0';
>
> @@ -1092,7 +1093,7 @@ void *xt_copy_counters(sockptr_t arg, unsigned int len,
> if (!mem)
> return ERR_PTR(-ENOMEM);
>
> - if (copy_from_sockptr(mem, arg, len) = 0)
> + if (copy_from_sockptr_offset(mem, arg, offset, len) = 0)
> return mem;
>
> vfree(mem);
> diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
> index d77f7d821130db..bbc52b088d2968 100644
> --- a/net/tls/tls_main.c
> +++ b/net/tls/tls_main.c
> @@ -522,9 +522,9 @@ static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval,
> goto err_crypto_info;
> }
>
> - sockptr_advance(optval, sizeof(*crypto_info));
> - rc = copy_from_sockptr(crypto_info + 1, optval,
> - optlen - sizeof(*crypto_info));
> + rc = copy_from_sockptr_offset(crypto_info + 1, optval,
> + sizeof(*crypto_info),
> + optlen - sizeof(*crypto_info));
> if (rc) {
> rc = -EFAULT;
> goto err_crypto_info;
> --
> 2.27.0
Getting rid of sockptr_advance entirely seems like the right decision
here. You still might want to make sure the addition in
copy_from_sockptr_offset doesn't overflow, and return -EFAULT if it
does.
But this indeed fixes the bug, so:
Acked-by: Jason A. Donenfeld <Jason@zx2c4.com>
WARNING: multiple messages have this Message-ID (diff)
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: dccp@vger.kernel.org
Subject: Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t
Date: Mon, 27 Jul 2020 16:21:21 +0000 [thread overview]
Message-ID: <CAHmME9oU9+5Pbm6pUkOqaxQyYLr9JhAkwV55+P7AWR601WW-nA@mail.gmail.com> (raw)
In-Reply-To: <20200723060908.50081-13-hch@lst.de>
> From cce2d2e1b43ecee5f4af7cf116808b74b330080f Mon Sep 17 00:00:00 2001
> From: Christoph Hellwig <hch@lst.de>
> Date: Mon, 27 Jul 2020 17:42:27 +0200
> Subject: net: remove sockptr_advance
>
> sockptr_advance never properly worked. Replace it with _offset variants
> of copy_from_sockptr and copy_to_sockptr.
>
> Fixes: ba423fdaa589 ("net: add a new sockptr_t type")
> Reported-by: Jason A. Donenfeld <Jason@zx2c4.com>
> Reported-by: Ido Schimmel <idosch@idosch.org>
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> ---
> drivers/crypto/chelsio/chtls/chtls_main.c | 12 +++++-----
> include/linux/sockptr.h | 27 +++++++++++------------
> net/dccp/proto.c | 5 ++---
> net/ipv4/netfilter/arp_tables.c | 8 +++----
> net/ipv4/netfilter/ip_tables.c | 8 +++----
> net/ipv4/tcp.c | 5 +++--
> net/ipv6/ip6_flowlabel.c | 11 ++++-----
> net/ipv6/netfilter/ip6_tables.c | 8 +++----
> net/netfilter/x_tables.c | 7 +++---
> net/tls/tls_main.c | 6 ++---
> 10 files changed, 49 insertions(+), 48 deletions(-)
>
> diff --git a/drivers/crypto/chelsio/chtls/chtls_main.c b/drivers/crypto/chelsio/chtls/chtls_main.c
> index c3058dcdb33c5c..66d247efd5615b 100644
> --- a/drivers/crypto/chelsio/chtls/chtls_main.c
> +++ b/drivers/crypto/chelsio/chtls/chtls_main.c
> @@ -525,9 +525,9 @@ static int do_chtls_setsockopt(struct sock *sk, int optname,
> /* Obtain version and type from previous copy */
> crypto_info[0] = tmp_crypto_info;
> /* Now copy the following data */
> - sockptr_advance(optval, sizeof(*crypto_info));
> - rc = copy_from_sockptr((char *)crypto_info + sizeof(*crypto_info),
> - optval,
> + rc = copy_from_sockptr_offset((char *)crypto_info +
> + sizeof(*crypto_info),
> + optval, sizeof(*crypto_info),
> sizeof(struct tls12_crypto_info_aes_gcm_128)
> - sizeof(*crypto_info));
>
> @@ -542,9 +542,9 @@ static int do_chtls_setsockopt(struct sock *sk, int optname,
> }
> case TLS_CIPHER_AES_GCM_256: {
> crypto_info[0] = tmp_crypto_info;
> - sockptr_advance(optval, sizeof(*crypto_info));
> - rc = copy_from_sockptr((char *)crypto_info + sizeof(*crypto_info),
> - optval,
> + rc = copy_from_sockptr_offset((char *)crypto_info +
> + sizeof(*crypto_info),
> + optval, sizeof(*crypto_info),
> sizeof(struct tls12_crypto_info_aes_gcm_256)
> - sizeof(*crypto_info));
>
> diff --git a/include/linux/sockptr.h b/include/linux/sockptr.h
> index b13ea1422f93a5..9e6c81d474cba8 100644
> --- a/include/linux/sockptr.h
> +++ b/include/linux/sockptr.h
> @@ -69,19 +69,26 @@ static inline bool sockptr_is_null(sockptr_t sockptr)
> return !sockptr.user;
> }
>
> -static inline int copy_from_sockptr(void *dst, sockptr_t src, size_t size)
> +static inline int copy_from_sockptr_offset(void *dst, sockptr_t src,
> + size_t offset, size_t size)
> {
> if (!sockptr_is_kernel(src))
> - return copy_from_user(dst, src.user, size);
> - memcpy(dst, src.kernel, size);
> + return copy_from_user(dst, src.user + offset, size);
> + memcpy(dst, src.kernel + offset, size);
> return 0;
> }
>
> -static inline int copy_to_sockptr(sockptr_t dst, const void *src, size_t size)
> +static inline int copy_from_sockptr(void *dst, sockptr_t src, size_t size)
> +{
> + return copy_from_sockptr_offset(dst, src, 0, size);
> +}
> +
> +static inline int copy_to_sockptr_offset(sockptr_t dst, size_t offset,
> + const void *src, size_t size)
> {
> if (!sockptr_is_kernel(dst))
> - return copy_to_user(dst.user, src, size);
> - memcpy(dst.kernel, src, size);
> + return copy_to_user(dst.user + offset, src, size);
> + memcpy(dst.kernel + offset, src, size);
> return 0;
> }
>
> @@ -112,14 +119,6 @@ static inline void *memdup_sockptr_nul(sockptr_t src, size_t len)
> return p;
> }
>
> -static inline void sockptr_advance(sockptr_t sockptr, size_t len)
> -{
> - if (sockptr_is_kernel(sockptr))
> - sockptr.kernel += len;
> - else
> - sockptr.user += len;
> -}
> -
> static inline long strncpy_from_sockptr(char *dst, sockptr_t src, size_t count)
> {
> if (sockptr_is_kernel(src)) {
> diff --git a/net/dccp/proto.c b/net/dccp/proto.c
> index 2e9e8449698fb4..d148ab1530e57b 100644
> --- a/net/dccp/proto.c
> +++ b/net/dccp/proto.c
> @@ -426,9 +426,8 @@ static int dccp_setsockopt_service(struct sock *sk, const __be32 service,
> return -ENOMEM;
>
> sl->dccpsl_nr = optlen / sizeof(u32) - 1;
> - sockptr_advance(optval, sizeof(service));
> - if (copy_from_sockptr(sl->dccpsl_list, optval,
> - optlen - sizeof(service)) ||
> + if (copy_from_sockptr_offset(sl->dccpsl_list, optval,
> + sizeof(service), optlen - sizeof(service)) ||
> dccp_list_has_service(sl, DCCP_SERVICE_INVALID_VALUE)) {
> kfree(sl);
> return -EFAULT;
> diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
> index 9a1567dbc022b6..d1e04d2b5170ec 100644
> --- a/net/ipv4/netfilter/arp_tables.c
> +++ b/net/ipv4/netfilter/arp_tables.c
> @@ -971,8 +971,8 @@ static int do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> @@ -1267,8 +1267,8 @@ static int compat_do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
> index f2a9680303d8c0..f15bc21d730164 100644
> --- a/net/ipv4/netfilter/ip_tables.c
> +++ b/net/ipv4/netfilter/ip_tables.c
> @@ -1126,8 +1126,8 @@ do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> @@ -1508,8 +1508,8 @@ compat_do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
> index 27de9380ed140e..4afec552f211b9 100644
> --- a/net/ipv4/tcp.c
> +++ b/net/ipv4/tcp.c
> @@ -2801,12 +2801,13 @@ static int tcp_repair_options_est(struct sock *sk, sockptr_t optbuf,
> {
> struct tcp_sock *tp = tcp_sk(sk);
> struct tcp_repair_opt opt;
> + size_t offset = 0;
>
> while (len >= sizeof(opt)) {
> - if (copy_from_sockptr(&opt, optbuf, sizeof(opt)))
> + if (copy_from_sockptr_offset(&opt, optbuf, offset, sizeof(opt)))
> return -EFAULT;
>
> - sockptr_advance(optbuf, sizeof(opt));
> + offset += sizeof(opt);
> len -= sizeof(opt);
>
> switch (opt.opt_code) {
> diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
> index 215b6f5e733ec9..2d655260dedc75 100644
> --- a/net/ipv6/ip6_flowlabel.c
> +++ b/net/ipv6/ip6_flowlabel.c
> @@ -401,8 +401,8 @@ fl_create(struct net *net, struct sock *sk, struct in6_flowlabel_req *freq,
> memset(fl->opt, 0, sizeof(*fl->opt));
> fl->opt->tot_len = sizeof(*fl->opt) + olen;
> err = -EFAULT;
> - sockptr_advance(optval, CMSG_ALIGN(sizeof(*freq)));
> - if (copy_from_sockptr(fl->opt + 1, optval, olen))
> + if (copy_from_sockptr_offset(fl->opt + 1, optval,
> + CMSG_ALIGN(sizeof(*freq)), olen))
> goto done;
>
> msg.msg_controllen = olen;
> @@ -703,9 +703,10 @@ static int ipv6_flowlabel_get(struct sock *sk, struct in6_flowlabel_req *freq,
> goto recheck;
>
> if (!freq->flr_label) {
> - sockptr_advance(optval,
> - offsetof(struct in6_flowlabel_req, flr_label));
> - if (copy_to_sockptr(optval, &fl->label, sizeof(fl->label))) {
> + size_t offset = offsetof(struct in6_flowlabel_req, flr_label);
> +
> + if (copy_to_sockptr_offset(optval, offset, &fl->label,
> + sizeof(fl->label))) {
> /* Intentionally ignore fault. */
> }
> }
> diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
> index 1d52957a413f4a..2e2119bfcf1373 100644
> --- a/net/ipv6/netfilter/ip6_tables.c
> +++ b/net/ipv6/netfilter/ip6_tables.c
> @@ -1143,8 +1143,8 @@ do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> @@ -1517,8 +1517,8 @@ compat_do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
> index b97eb4b538fd4e..91bf6635ea9ee4 100644
> --- a/net/netfilter/x_tables.c
> +++ b/net/netfilter/x_tables.c
> @@ -1050,6 +1050,7 @@ EXPORT_SYMBOL_GPL(xt_check_target);
> void *xt_copy_counters(sockptr_t arg, unsigned int len,
> struct xt_counters_info *info)
> {
> + size_t offset;
> void *mem;
> u64 size;
>
> @@ -1067,7 +1068,7 @@ void *xt_copy_counters(sockptr_t arg, unsigned int len,
>
> memcpy(info->name, compat_tmp.name, sizeof(info->name) - 1);
> info->num_counters = compat_tmp.num_counters;
> - sockptr_advance(arg, sizeof(compat_tmp));
> + offset = sizeof(compat_tmp);
> } else
> #endif
> {
> @@ -1078,7 +1079,7 @@ void *xt_copy_counters(sockptr_t arg, unsigned int len,
> if (copy_from_sockptr(info, arg, sizeof(*info)) != 0)
> return ERR_PTR(-EFAULT);
>
> - sockptr_advance(arg, sizeof(*info));
> + offset = sizeof(*info);
> }
> info->name[sizeof(info->name) - 1] = '\0';
>
> @@ -1092,7 +1093,7 @@ void *xt_copy_counters(sockptr_t arg, unsigned int len,
> if (!mem)
> return ERR_PTR(-ENOMEM);
>
> - if (copy_from_sockptr(mem, arg, len) = 0)
> + if (copy_from_sockptr_offset(mem, arg, offset, len) = 0)
> return mem;
>
> vfree(mem);
> diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
> index d77f7d821130db..bbc52b088d2968 100644
> --- a/net/tls/tls_main.c
> +++ b/net/tls/tls_main.c
> @@ -522,9 +522,9 @@ static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval,
> goto err_crypto_info;
> }
>
> - sockptr_advance(optval, sizeof(*crypto_info));
> - rc = copy_from_sockptr(crypto_info + 1, optval,
> - optlen - sizeof(*crypto_info));
> + rc = copy_from_sockptr_offset(crypto_info + 1, optval,
> + sizeof(*crypto_info),
> + optlen - sizeof(*crypto_info));
> if (rc) {
> rc = -EFAULT;
> goto err_crypto_info;
> --
> 2.27.0
Getting rid of sockptr_advance entirely seems like the right decision
here. You still might want to make sure the addition in
copy_from_sockptr_offset doesn't overflow, and return -EFAULT if it
does.
But this indeed fixes the bug, so:
Acked-by: Jason A. Donenfeld <Jason@zx2c4.com>
WARNING: multiple messages have this Message-ID (diff)
From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Christoph Hellwig <hch@lst.de>
Cc: Alexei Starovoitov <ast@kernel.org>,
linux-sctp@vger.kernel.org, linux-afs@lists.infradead.org,
linux-s390@vger.kernel.org, rds-devel@oss.oracle.com,
Daniel Borkmann <daniel@iogearbox.net>,
dccp@vger.kernel.org, bridge@lists.linux-foundation.org,
lvs-devel@vger.kernel.org, coreteam@netfilter.org,
mptcp@lists.01.org, Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>,
linux-can@vger.kernel.org, Jakub Kicinski <kuba@kernel.org>,
linux-hams@vger.kernel.org,
tipc-discussion@lists.sourceforge.net, linux-x25@vger.kernel.org,
Eric Dumazet <edumazet@google.com>,
Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>,
Netdev <netdev@vger.kernel.org>,
linux-decnet-user@lists.sourceforge.net,
LKML <linux-kernel@vger.kernel.org>,
linux-bluetooth@vger.kernel.org, netfilter-devel@vger.kernel.org,
Linux Crypto Mailing List <linux-crypto@vger.kernel.org>,
bpf@vger.kernel.org, linux-wpan@vger.kernel.org,
"David S. Miller" <davem@davemloft.net>
Subject: Re: [Bridge] [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t
Date: Mon, 27 Jul 2020 18:21:21 +0200 [thread overview]
Message-ID: <CAHmME9oU9+5Pbm6pUkOqaxQyYLr9JhAkwV55+P7AWR601WW-nA@mail.gmail.com> (raw)
In-Reply-To: <20200727161615.GB7817@lst.de>
> From cce2d2e1b43ecee5f4af7cf116808b74b330080f Mon Sep 17 00:00:00 2001
> From: Christoph Hellwig <hch@lst.de>
> Date: Mon, 27 Jul 2020 17:42:27 +0200
> Subject: net: remove sockptr_advance
>
> sockptr_advance never properly worked. Replace it with _offset variants
> of copy_from_sockptr and copy_to_sockptr.
>
> Fixes: ba423fdaa589 ("net: add a new sockptr_t type")
> Reported-by: Jason A. Donenfeld <Jason@zx2c4.com>
> Reported-by: Ido Schimmel <idosch@idosch.org>
> Signed-off-by: Christoph Hellwig <hch@lst.de>
> ---
> drivers/crypto/chelsio/chtls/chtls_main.c | 12 +++++-----
> include/linux/sockptr.h | 27 +++++++++++------------
> net/dccp/proto.c | 5 ++---
> net/ipv4/netfilter/arp_tables.c | 8 +++----
> net/ipv4/netfilter/ip_tables.c | 8 +++----
> net/ipv4/tcp.c | 5 +++--
> net/ipv6/ip6_flowlabel.c | 11 ++++-----
> net/ipv6/netfilter/ip6_tables.c | 8 +++----
> net/netfilter/x_tables.c | 7 +++---
> net/tls/tls_main.c | 6 ++---
> 10 files changed, 49 insertions(+), 48 deletions(-)
>
> diff --git a/drivers/crypto/chelsio/chtls/chtls_main.c b/drivers/crypto/chelsio/chtls/chtls_main.c
> index c3058dcdb33c5c..66d247efd5615b 100644
> --- a/drivers/crypto/chelsio/chtls/chtls_main.c
> +++ b/drivers/crypto/chelsio/chtls/chtls_main.c
> @@ -525,9 +525,9 @@ static int do_chtls_setsockopt(struct sock *sk, int optname,
> /* Obtain version and type from previous copy */
> crypto_info[0] = tmp_crypto_info;
> /* Now copy the following data */
> - sockptr_advance(optval, sizeof(*crypto_info));
> - rc = copy_from_sockptr((char *)crypto_info + sizeof(*crypto_info),
> - optval,
> + rc = copy_from_sockptr_offset((char *)crypto_info +
> + sizeof(*crypto_info),
> + optval, sizeof(*crypto_info),
> sizeof(struct tls12_crypto_info_aes_gcm_128)
> - sizeof(*crypto_info));
>
> @@ -542,9 +542,9 @@ static int do_chtls_setsockopt(struct sock *sk, int optname,
> }
> case TLS_CIPHER_AES_GCM_256: {
> crypto_info[0] = tmp_crypto_info;
> - sockptr_advance(optval, sizeof(*crypto_info));
> - rc = copy_from_sockptr((char *)crypto_info + sizeof(*crypto_info),
> - optval,
> + rc = copy_from_sockptr_offset((char *)crypto_info +
> + sizeof(*crypto_info),
> + optval, sizeof(*crypto_info),
> sizeof(struct tls12_crypto_info_aes_gcm_256)
> - sizeof(*crypto_info));
>
> diff --git a/include/linux/sockptr.h b/include/linux/sockptr.h
> index b13ea1422f93a5..9e6c81d474cba8 100644
> --- a/include/linux/sockptr.h
> +++ b/include/linux/sockptr.h
> @@ -69,19 +69,26 @@ static inline bool sockptr_is_null(sockptr_t sockptr)
> return !sockptr.user;
> }
>
> -static inline int copy_from_sockptr(void *dst, sockptr_t src, size_t size)
> +static inline int copy_from_sockptr_offset(void *dst, sockptr_t src,
> + size_t offset, size_t size)
> {
> if (!sockptr_is_kernel(src))
> - return copy_from_user(dst, src.user, size);
> - memcpy(dst, src.kernel, size);
> + return copy_from_user(dst, src.user + offset, size);
> + memcpy(dst, src.kernel + offset, size);
> return 0;
> }
>
> -static inline int copy_to_sockptr(sockptr_t dst, const void *src, size_t size)
> +static inline int copy_from_sockptr(void *dst, sockptr_t src, size_t size)
> +{
> + return copy_from_sockptr_offset(dst, src, 0, size);
> +}
> +
> +static inline int copy_to_sockptr_offset(sockptr_t dst, size_t offset,
> + const void *src, size_t size)
> {
> if (!sockptr_is_kernel(dst))
> - return copy_to_user(dst.user, src, size);
> - memcpy(dst.kernel, src, size);
> + return copy_to_user(dst.user + offset, src, size);
> + memcpy(dst.kernel + offset, src, size);
> return 0;
> }
>
> @@ -112,14 +119,6 @@ static inline void *memdup_sockptr_nul(sockptr_t src, size_t len)
> return p;
> }
>
> -static inline void sockptr_advance(sockptr_t sockptr, size_t len)
> -{
> - if (sockptr_is_kernel(sockptr))
> - sockptr.kernel += len;
> - else
> - sockptr.user += len;
> -}
> -
> static inline long strncpy_from_sockptr(char *dst, sockptr_t src, size_t count)
> {
> if (sockptr_is_kernel(src)) {
> diff --git a/net/dccp/proto.c b/net/dccp/proto.c
> index 2e9e8449698fb4..d148ab1530e57b 100644
> --- a/net/dccp/proto.c
> +++ b/net/dccp/proto.c
> @@ -426,9 +426,8 @@ static int dccp_setsockopt_service(struct sock *sk, const __be32 service,
> return -ENOMEM;
>
> sl->dccpsl_nr = optlen / sizeof(u32) - 1;
> - sockptr_advance(optval, sizeof(service));
> - if (copy_from_sockptr(sl->dccpsl_list, optval,
> - optlen - sizeof(service)) ||
> + if (copy_from_sockptr_offset(sl->dccpsl_list, optval,
> + sizeof(service), optlen - sizeof(service)) ||
> dccp_list_has_service(sl, DCCP_SERVICE_INVALID_VALUE)) {
> kfree(sl);
> return -EFAULT;
> diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
> index 9a1567dbc022b6..d1e04d2b5170ec 100644
> --- a/net/ipv4/netfilter/arp_tables.c
> +++ b/net/ipv4/netfilter/arp_tables.c
> @@ -971,8 +971,8 @@ static int do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> @@ -1267,8 +1267,8 @@ static int compat_do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> diff --git a/net/ipv4/netfilter/ip_tables.c b/net/ipv4/netfilter/ip_tables.c
> index f2a9680303d8c0..f15bc21d730164 100644
> --- a/net/ipv4/netfilter/ip_tables.c
> +++ b/net/ipv4/netfilter/ip_tables.c
> @@ -1126,8 +1126,8 @@ do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> @@ -1508,8 +1508,8 @@ compat_do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> diff --git a/net/ipv4/tcp.c b/net/ipv4/tcp.c
> index 27de9380ed140e..4afec552f211b9 100644
> --- a/net/ipv4/tcp.c
> +++ b/net/ipv4/tcp.c
> @@ -2801,12 +2801,13 @@ static int tcp_repair_options_est(struct sock *sk, sockptr_t optbuf,
> {
> struct tcp_sock *tp = tcp_sk(sk);
> struct tcp_repair_opt opt;
> + size_t offset = 0;
>
> while (len >= sizeof(opt)) {
> - if (copy_from_sockptr(&opt, optbuf, sizeof(opt)))
> + if (copy_from_sockptr_offset(&opt, optbuf, offset, sizeof(opt)))
> return -EFAULT;
>
> - sockptr_advance(optbuf, sizeof(opt));
> + offset += sizeof(opt);
> len -= sizeof(opt);
>
> switch (opt.opt_code) {
> diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
> index 215b6f5e733ec9..2d655260dedc75 100644
> --- a/net/ipv6/ip6_flowlabel.c
> +++ b/net/ipv6/ip6_flowlabel.c
> @@ -401,8 +401,8 @@ fl_create(struct net *net, struct sock *sk, struct in6_flowlabel_req *freq,
> memset(fl->opt, 0, sizeof(*fl->opt));
> fl->opt->tot_len = sizeof(*fl->opt) + olen;
> err = -EFAULT;
> - sockptr_advance(optval, CMSG_ALIGN(sizeof(*freq)));
> - if (copy_from_sockptr(fl->opt + 1, optval, olen))
> + if (copy_from_sockptr_offset(fl->opt + 1, optval,
> + CMSG_ALIGN(sizeof(*freq)), olen))
> goto done;
>
> msg.msg_controllen = olen;
> @@ -703,9 +703,10 @@ static int ipv6_flowlabel_get(struct sock *sk, struct in6_flowlabel_req *freq,
> goto recheck;
>
> if (!freq->flr_label) {
> - sockptr_advance(optval,
> - offsetof(struct in6_flowlabel_req, flr_label));
> - if (copy_to_sockptr(optval, &fl->label, sizeof(fl->label))) {
> + size_t offset = offsetof(struct in6_flowlabel_req, flr_label);
> +
> + if (copy_to_sockptr_offset(optval, offset, &fl->label,
> + sizeof(fl->label))) {
> /* Intentionally ignore fault. */
> }
> }
> diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
> index 1d52957a413f4a..2e2119bfcf1373 100644
> --- a/net/ipv6/netfilter/ip6_tables.c
> +++ b/net/ipv6/netfilter/ip6_tables.c
> @@ -1143,8 +1143,8 @@ do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> @@ -1517,8 +1517,8 @@ compat_do_replace(struct net *net, sockptr_t arg, unsigned int len)
> return -ENOMEM;
>
> loc_cpu_entry = newinfo->entries;
> - sockptr_advance(arg, sizeof(tmp));
> - if (copy_from_sockptr(loc_cpu_entry, arg, tmp.size) != 0) {
> + if (copy_from_sockptr_offset(loc_cpu_entry, arg, sizeof(tmp),
> + tmp.size) != 0) {
> ret = -EFAULT;
> goto free_newinfo;
> }
> diff --git a/net/netfilter/x_tables.c b/net/netfilter/x_tables.c
> index b97eb4b538fd4e..91bf6635ea9ee4 100644
> --- a/net/netfilter/x_tables.c
> +++ b/net/netfilter/x_tables.c
> @@ -1050,6 +1050,7 @@ EXPORT_SYMBOL_GPL(xt_check_target);
> void *xt_copy_counters(sockptr_t arg, unsigned int len,
> struct xt_counters_info *info)
> {
> + size_t offset;
> void *mem;
> u64 size;
>
> @@ -1067,7 +1068,7 @@ void *xt_copy_counters(sockptr_t arg, unsigned int len,
>
> memcpy(info->name, compat_tmp.name, sizeof(info->name) - 1);
> info->num_counters = compat_tmp.num_counters;
> - sockptr_advance(arg, sizeof(compat_tmp));
> + offset = sizeof(compat_tmp);
> } else
> #endif
> {
> @@ -1078,7 +1079,7 @@ void *xt_copy_counters(sockptr_t arg, unsigned int len,
> if (copy_from_sockptr(info, arg, sizeof(*info)) != 0)
> return ERR_PTR(-EFAULT);
>
> - sockptr_advance(arg, sizeof(*info));
> + offset = sizeof(*info);
> }
> info->name[sizeof(info->name) - 1] = '\0';
>
> @@ -1092,7 +1093,7 @@ void *xt_copy_counters(sockptr_t arg, unsigned int len,
> if (!mem)
> return ERR_PTR(-ENOMEM);
>
> - if (copy_from_sockptr(mem, arg, len) == 0)
> + if (copy_from_sockptr_offset(mem, arg, offset, len) == 0)
> return mem;
>
> vfree(mem);
> diff --git a/net/tls/tls_main.c b/net/tls/tls_main.c
> index d77f7d821130db..bbc52b088d2968 100644
> --- a/net/tls/tls_main.c
> +++ b/net/tls/tls_main.c
> @@ -522,9 +522,9 @@ static int do_tls_setsockopt_conf(struct sock *sk, sockptr_t optval,
> goto err_crypto_info;
> }
>
> - sockptr_advance(optval, sizeof(*crypto_info));
> - rc = copy_from_sockptr(crypto_info + 1, optval,
> - optlen - sizeof(*crypto_info));
> + rc = copy_from_sockptr_offset(crypto_info + 1, optval,
> + sizeof(*crypto_info),
> + optlen - sizeof(*crypto_info));
> if (rc) {
> rc = -EFAULT;
> goto err_crypto_info;
> --
> 2.27.0
Getting rid of sockptr_advance entirely seems like the right decision
here. You still might want to make sure the addition in
copy_from_sockptr_offset doesn't overflow, and return -EFAULT if it
does.
But this indeed fixes the bug, so:
Acked-by: Jason A. Donenfeld <Jason@zx2c4.com>
next reply other threads:[~2020-07-27 16:21 UTC|newest]
Thread overview: 656+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-27 16:21 Jason A. Donenfeld [this message]
2020-07-27 16:21 ` [Bridge] [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t Jason A. Donenfeld
2020-07-27 16:21 ` Jason A. Donenfeld
2020-07-27 16:21 ` Jason A. Donenfeld
2020-07-27 16:21 ` Jason A. Donenfeld
2020-07-27 16:21 ` Jason A. Donenfeld
-- strict thread matches above, loose matches on Subject: below --
2020-08-08 13:54 [MPTCP] Re: [PATCH 25/26] net: pass a sockptr_t into ->setsockopt David Laight
2020-08-08 13:54 ` [Bridge] " David Laight
2020-08-08 13:54 ` David Laight
2020-08-08 13:54 ` David Laight
2020-08-08 13:54 ` David Laight
2020-08-08 13:54 ` David Laight
2020-08-08 13:54 ` David Laight
2020-08-07 18:29 [MPTCP] " Eric Dumazet
2020-08-07 18:29 ` [Bridge] " Eric Dumazet
2020-08-07 18:29 ` Eric Dumazet
2020-08-07 18:29 ` Eric Dumazet
2020-08-07 18:29 ` Eric Dumazet
2020-08-07 18:29 ` Eric Dumazet
2020-08-07 18:29 ` Eric Dumazet
2020-08-07 9:18 [MPTCP] " David Laight
2020-08-07 9:18 ` [Bridge] " David Laight
2020-08-07 9:18 ` David Laight
2020-08-07 9:18 ` David Laight
2020-08-07 9:18 ` David Laight
2020-08-07 9:18 ` David Laight
2020-08-07 9:18 ` David Laight
2020-08-07 7:21 [MPTCP] " Christoph Hellwig
2020-08-07 7:21 ` [Bridge] " Christoph Hellwig
2020-08-07 7:21 ` Christoph Hellwig
2020-08-07 7:21 ` Christoph Hellwig
2020-08-07 7:21 ` Christoph Hellwig
2020-08-07 7:21 ` Christoph Hellwig
2020-08-07 7:21 ` Christoph Hellwig
2020-08-06 22:21 [MPTCP] " Eric Dumazet
2020-08-06 22:21 ` [Bridge] " Eric Dumazet
2020-08-06 22:21 ` Eric Dumazet
2020-08-06 22:21 ` Eric Dumazet
2020-08-06 22:21 ` Eric Dumazet
2020-07-28 8:17 [MPTCP] Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t Jason A. Donenfeld
2020-07-28 8:17 ` [Bridge] " Jason A. Donenfeld
2020-07-28 8:17 ` Jason A. Donenfeld
2020-07-28 8:17 ` Jason A. Donenfeld
2020-07-28 8:17 ` Jason A. Donenfeld
2020-07-28 8:17 ` Jason A. Donenfeld
2020-07-28 8:17 ` Jason A. Donenfeld
2020-07-28 8:17 ` Jason A. Donenfeld
2020-07-28 8:17 ` Jason A. Donenfeld
2020-07-28 8:07 [MPTCP] " David Laight
2020-07-28 8:07 ` [Bridge] " David Laight
2020-07-28 8:07 ` David Laight
2020-07-28 8:07 ` David Laight
2020-07-28 8:07 ` David Laight
2020-07-28 8:07 ` David Laight
2020-07-27 18:22 [MPTCP] Re: [PATCH 19/26] net/ipv6: switch ipv6_flowlabel_opt " Ido Schimmel
2020-07-27 18:22 ` [Bridge] " Ido Schimmel
2020-07-27 18:22 ` Ido Schimmel
2020-07-27 18:22 ` Ido Schimmel
2020-07-27 18:22 ` Ido Schimmel
2020-07-27 18:22 ` Ido Schimmel
2020-07-27 16:23 [MPTCP] Re: [PATCH 12/26] netfilter: switch nf_setsockopt " Christoph Hellwig
2020-07-27 16:23 ` [Bridge] " Christoph Hellwig
2020-07-27 16:23 ` Christoph Hellwig
2020-07-27 16:23 ` Christoph Hellwig
2020-07-27 16:23 ` Christoph Hellwig
2020-07-27 16:23 ` Christoph Hellwig
2020-07-27 16:16 [MPTCP] " Jason A. Donenfeld
2020-07-27 16:16 ` [Bridge] " Jason A. Donenfeld
2020-07-27 16:16 ` Jason A. Donenfeld
2020-07-27 16:16 ` Jason A. Donenfeld
2020-07-27 16:16 ` Jason A. Donenfeld
2020-07-27 16:16 ` Jason A. Donenfeld
2020-07-27 16:16 ` Jason A. Donenfeld
2020-07-27 16:16 [MPTCP] " Christoph Hellwig
2020-07-27 16:16 ` [Bridge] " Christoph Hellwig
2020-07-27 16:16 ` Christoph Hellwig
2020-07-27 16:16 ` Christoph Hellwig
2020-07-27 16:16 ` Christoph Hellwig
2020-07-27 16:16 ` Christoph Hellwig
2020-07-27 16:16 ` Christoph Hellwig
2020-07-27 16:15 [MPTCP] Re: [PATCH 19/26] net/ipv6: switch ipv6_flowlabel_opt " Christoph Hellwig
2020-07-27 16:15 ` [Bridge] " Christoph Hellwig
2020-07-27 16:15 ` Christoph Hellwig
2020-07-27 16:15 ` Christoph Hellwig
2020-07-27 16:15 ` Christoph Hellwig
2020-07-27 16:15 ` Christoph Hellwig
2020-07-27 16:15 ` Christoph Hellwig
2020-07-27 15:06 [MPTCP] Re: [PATCH 12/26] netfilter: switch nf_setsockopt " Christoph Hellwig
2020-07-27 15:06 ` [Bridge] " Christoph Hellwig
2020-07-27 15:06 ` Christoph Hellwig
2020-07-27 15:06 ` Christoph Hellwig
2020-07-27 15:06 ` Christoph Hellwig
2020-07-27 15:06 ` Christoph Hellwig
2020-07-27 15:06 ` Christoph Hellwig
2020-07-27 15:03 [MPTCP] " Jason A. Donenfeld
2020-07-27 15:03 ` [Bridge] " Jason A. Donenfeld
2020-07-27 15:03 ` Jason A. Donenfeld
2020-07-27 15:03 ` Jason A. Donenfeld
2020-07-27 15:03 ` Jason A. Donenfeld
2020-07-27 15:03 ` Jason A. Donenfeld
2020-07-27 14:09 [MPTCP] Re: get rid of the address_space override in setsockopt v2 David Laight
2020-07-27 14:09 ` [Bridge] " David Laight
2020-07-27 14:09 ` David Laight
2020-07-27 14:09 ` David Laight
2020-07-27 14:09 ` David Laight
2020-07-27 14:09 ` David Laight
2020-07-27 13:33 [MPTCP] Re: [PATCH 19/26] net/ipv6: switch ipv6_flowlabel_opt to sockptr_t Ido Schimmel
2020-07-27 13:33 ` [Bridge] " Ido Schimmel
2020-07-27 13:33 ` Ido Schimmel
2020-07-27 13:33 ` Ido Schimmel
2020-07-27 13:33 ` Ido Schimmel
2020-07-27 13:33 ` Ido Schimmel
2020-07-27 13:24 [MPTCP] " David Laight
2020-07-27 13:24 ` [Bridge] " David Laight
2020-07-27 13:24 ` David Laight
2020-07-27 13:24 ` David Laight
2020-07-27 13:24 ` David Laight
2020-07-27 13:24 ` David Laight
2020-07-27 13:00 [MPTCP] " Christoph Hellwig
2020-07-27 13:00 ` [Bridge] " Christoph Hellwig
2020-07-27 13:00 ` Christoph Hellwig
2020-07-27 13:00 ` Christoph Hellwig
2020-07-27 13:00 ` Christoph Hellwig
2020-07-27 13:00 ` Christoph Hellwig
2020-07-27 13:00 ` Christoph Hellwig
2020-07-27 12:15 [MPTCP] " Ido Schimmel
2020-07-27 12:15 ` [Bridge] " Ido Schimmel
2020-07-27 12:15 ` Ido Schimmel
2020-07-27 12:15 ` Ido Schimmel
2020-07-27 12:15 ` Ido Schimmel
2020-07-27 12:15 ` Ido Schimmel
2020-07-26 7:46 [MPTCP] Re: get rid of the address_space override in setsockopt v2 David Miller
2020-07-26 7:46 ` [Bridge] " David Miller
2020-07-26 7:46 ` David Miller
2020-07-26 7:46 ` David Miller
2020-07-26 7:46 ` David Miller
2020-07-23 16:44 [MPTCP] Re: [PATCH 04/26] net: add a new sockptr_t type Christoph Hellwig
2020-07-23 16:44 ` [Bridge] " Christoph Hellwig
2020-07-23 16:44 ` Christoph Hellwig
2020-07-23 16:44 ` Christoph Hellwig
2020-07-23 16:44 ` Christoph Hellwig
2020-07-23 16:44 ` Christoph Hellwig
2020-07-23 16:44 ` Christoph Hellwig
2020-07-23 16:40 [MPTCP] " Eric Dumazet
2020-07-23 16:40 ` [Bridge] " Eric Dumazet
2020-07-23 16:40 ` Eric Dumazet
2020-07-23 16:40 ` Eric Dumazet
2020-07-23 16:40 ` Eric Dumazet
2020-07-23 16:40 ` Eric Dumazet
2020-07-23 16:40 ` Eric Dumazet
2020-07-23 14:56 [MPTCP] Re: [PATCH 03/26] bpfilter: reject kernel addresses David Laight
2020-07-23 14:56 ` [Bridge] " David Laight
2020-07-23 14:56 ` David Laight
2020-07-23 14:56 ` David Laight
2020-07-23 14:56 ` David Laight
2020-07-23 14:56 ` David Laight
2020-07-23 14:44 [MPTCP] " 'Christoph Hellwig'
2020-07-23 14:44 ` [Bridge] " 'Christoph Hellwig'
2020-07-23 14:44 ` 'Christoph Hellwig'
2020-07-23 14:44 ` 'Christoph Hellwig'
2020-07-23 14:44 ` 'Christoph Hellwig'
2020-07-23 14:44 ` 'Christoph Hellwig'
2020-07-23 14:44 ` 'Christoph Hellwig'
2020-07-23 14:42 [MPTCP] " David Laight
2020-07-23 14:42 ` [Bridge] " David Laight
2020-07-23 14:42 ` David Laight
2020-07-23 14:42 ` David Laight
2020-07-23 14:42 ` David Laight
2020-07-23 14:42 ` David Laight
2020-07-23 11:44 [MPTCP] Re: [PATCH 13/26] bpfilter: switch bpfilter_ip_set_sockopt to sockptr_t 'Christoph Hellwig'
2020-07-23 11:44 ` [Bridge] " 'Christoph Hellwig'
2020-07-23 11:44 ` 'Christoph Hellwig'
2020-07-23 11:44 ` 'Christoph Hellwig'
2020-07-23 11:44 ` 'Christoph Hellwig'
2020-07-23 11:44 ` 'Christoph Hellwig'
2020-07-23 11:44 ` 'Christoph Hellwig'
2020-07-23 11:16 [MPTCP] " David Laight
2020-07-23 11:16 ` [Bridge] " David Laight
2020-07-23 11:16 ` David Laight
2020-07-23 11:16 ` David Laight
2020-07-23 11:16 ` David Laight
2020-07-23 11:16 ` David Laight
2020-07-23 11:14 [MPTCP] Re: [PATCH 01/26] bpfilter: fix up a sparse annotation Luc Van Oostenryck
2020-07-23 11:14 ` [Bridge] " Luc Van Oostenryck
2020-07-23 11:14 ` Luc Van Oostenryck
2020-07-23 11:14 ` Luc Van Oostenryck
2020-07-23 11:14 ` Luc Van Oostenryck
2020-07-23 11:14 ` Luc Van Oostenryck
2020-07-23 8:39 [MPTCP] Re: [PATCH 25/26] net: pass a sockptr_t into ->setsockopt Matthieu Baerts
2020-07-23 8:39 ` [Bridge] [MPTCP] " Matthieu Baerts
2020-07-23 8:39 ` Matthieu Baerts
2020-07-23 8:39 ` Matthieu Baerts
2020-07-23 8:39 ` Matthieu Baerts
2020-07-23 8:39 [MPTCP] Re: [PATCH 08/26] net: switch sock_set_timeout to sockptr_t Matthieu Baerts
2020-07-23 8:39 ` [Bridge] [MPTCP] " Matthieu Baerts
2020-07-23 8:39 ` Matthieu Baerts
2020-07-23 8:39 ` Matthieu Baerts
2020-07-23 8:39 ` Matthieu Baerts
2020-07-23 6:09 [MPTCP] [PATCH 26/26] net: optimize the sockptr_t for unified kernel/user address spaces Christoph Hellwig
2020-07-23 6:09 ` [Bridge] " Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 [MPTCP] [PATCH 25/26] net: pass a sockptr_t into ->setsockopt Christoph Hellwig
2020-07-23 6:09 ` [Bridge] " Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 [MPTCP] [PATCH 24/26] net/tcp: switch do_tcp_setsockopt to sockptr_t Christoph Hellwig
2020-07-23 6:09 ` [Bridge] " Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 [MPTCP] [PATCH 23/26] net/tcp: switch ->md5_parse " Christoph Hellwig
2020-07-23 6:09 ` [Bridge] " Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 [MPTCP] [PATCH 22/26] net/udp: switch udp_lib_setsockopt " Christoph Hellwig
2020-07-23 6:09 ` [Bridge] " Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 [MPTCP] [PATCH 21/26] net/ipv6: switch do_ipv6_setsockopt " Christoph Hellwig
2020-07-23 6:09 ` [Bridge] " Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 [MPTCP] [PATCH 20/26] net/ipv6: factor out a ipv6_set_opt_hdr helper Christoph Hellwig
2020-07-23 6:09 ` [Bridge] " Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 [MPTCP] [PATCH 19/26] net/ipv6: switch ipv6_flowlabel_opt to sockptr_t Christoph Hellwig
2020-07-23 6:09 ` [Bridge] " Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 [MPTCP] [PATCH 18/26] net/ipv6: split up ipv6_flowlabel_opt Christoph Hellwig
2020-07-23 6:09 ` [Bridge] " Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:09 ` Christoph Hellwig
2020-07-23 6:08 [MPTCP] [PATCH 17/26] net/ipv6: switch ip6_mroute_setsockopt to sockptr_t Christoph Hellwig
2020-07-23 6:08 ` [Bridge] " Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 [MPTCP] [PATCH 16/26] net/ipv4: switch do_ip_setsockopt " Christoph Hellwig
2020-07-23 6:08 ` [Bridge] " Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 [MPTCP] [PATCH 15/26] net/ipv4: merge ip_options_get and ip_options_get_from_user Christoph Hellwig
2020-07-23 6:08 ` [Bridge] " Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 [MPTCP] [PATCH 14/26] net/ipv4: switch ip_mroute_setsockopt to sockptr_t Christoph Hellwig
2020-07-23 6:08 ` [Bridge] " Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 [MPTCP] [PATCH 13/26] bpfilter: switch bpfilter_ip_set_sockopt " Christoph Hellwig
2020-07-23 6:08 ` [Bridge] " Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 [MPTCP] [PATCH 12/26] netfilter: switch nf_setsockopt " Christoph Hellwig
2020-07-23 6:08 ` [Bridge] " Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 [MPTCP] [PATCH 11/26] netfilter: switch xt_copy_counters " Christoph Hellwig
2020-07-23 6:08 ` [Bridge] " Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 [MPTCP] [PATCH 10/26] netfilter: remove the unused user argument to do_update_counters Christoph Hellwig
2020-07-23 6:08 ` [Bridge] " Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 [MPTCP] [PATCH 09/26] net/xfrm: switch xfrm_user_policy to sockptr_t Christoph Hellwig
2020-07-23 6:08 ` [Bridge] " Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 [MPTCP] [PATCH 08/26] net: switch sock_set_timeout " Christoph Hellwig
2020-07-23 6:08 ` [Bridge] " Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 [MPTCP] [PATCH 07/26] " Christoph Hellwig
2020-07-23 6:08 ` [Bridge] " Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 [MPTCP] [PATCH 06/26] net: switch sock_setbindtodevice " Christoph Hellwig
2020-07-23 6:08 ` [Bridge] " Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 [MPTCP] [PATCH 05/26] net: switch copy_bpf_fprog_from_user " Christoph Hellwig
2020-07-23 6:08 ` [Bridge] " Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 [MPTCP] [PATCH 03/26] bpfilter: reject kernel addresses Christoph Hellwig
2020-07-23 6:08 ` [Bridge] " Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 [MPTCP] [PATCH 02/26] net/bpfilter: split __bpfilter_process_sockopt Christoph Hellwig
2020-07-23 6:08 ` [Bridge] " Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 [MPTCP] [PATCH 01/26] bpfilter: fix up a sparse annotation Christoph Hellwig
2020-07-23 6:08 ` [Bridge] " Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 [MPTCP] get rid of the address_space override in setsockopt v2 Christoph Hellwig
2020-07-23 6:08 ` [Bridge] " Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` [MPTCP] [PATCH 04/26] net: add a new sockptr_t type Christoph Hellwig
2020-07-23 6:08 ` [Bridge] " Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 6:08 ` Christoph Hellwig
2020-07-23 15:40 ` Jan Engelhardt
2020-07-23 15:40 ` [Bridge] " Jan Engelhardt
2020-07-23 15:40 ` Jan Engelhardt
2020-07-23 15:40 ` Jan Engelhardt
2020-07-23 15:40 ` Jan Engelhardt
2020-07-23 15:40 ` Jan Engelhardt
2020-07-24 22:43 ` [MPTCP] Re: get rid of the address_space override in setsockopt v2 David Miller
2020-07-24 22:43 ` [Bridge] " David Miller
2020-07-24 22:43 ` David Miller
2020-07-24 22:43 ` David Miller
2020-07-24 22:43 ` David Miller
2020-07-26 7:03 ` [MPTCP] " Christoph Hellwig
2020-07-26 7:03 ` [Bridge] " Christoph Hellwig
2020-07-26 7:03 ` Christoph Hellwig
2020-07-26 7:03 ` Christoph Hellwig
2020-07-26 7:03 ` Christoph Hellwig
2020-07-26 7:08 ` Andreas Schwab
2020-07-26 7:18 ` [Bridge] " Andreas Schwab
2020-07-26 7:08 ` Andreas Schwab
2020-07-26 7:08 ` Andreas Schwab
2020-07-27 9:51 ` [MPTCP] " David Laight
2020-07-27 9:51 ` [Bridge] " David Laight
2020-07-27 9:51 ` David Laight
2020-07-27 9:51 ` David Laight
2020-07-27 9:51 ` David Laight
2020-07-27 9:51 ` David Laight
2020-07-27 13:48 ` Al Viro
2020-07-27 13:48 ` [Bridge] " Al Viro
2020-07-27 13:48 ` Al Viro
2020-07-27 13:48 ` Al Viro
2020-07-27 13:48 ` Al Viro
2020-07-27 13:48 ` Al Viro
2020-07-22 17:09 [MPTCP] Re: get rid of the address_space override in setsockopt Alexei Starovoitov
2020-07-22 17:09 ` [Bridge] " Alexei Starovoitov
2020-07-22 17:09 ` Alexei Starovoitov
2020-07-22 17:09 ` Alexei Starovoitov
2020-07-22 17:09 ` Alexei Starovoitov
2020-07-22 17:09 ` Alexei Starovoitov
2020-07-22 8:26 [MPTCP] Re: [PATCH 24/24] net: pass a sockptr_t into ->setsockopt Matthieu Baerts
2020-07-22 8:26 ` [Bridge] [MPTCP] " Matthieu Baerts
2020-07-22 8:26 ` Matthieu Baerts
2020-07-22 8:26 ` Matthieu Baerts
2020-07-22 8:26 ` Matthieu Baerts
2020-07-22 8:26 ` Matthieu Baerts
2020-07-22 8:21 [MPTCP] Re: get rid of the address_space override in setsockopt David Laight
2020-07-22 8:21 ` [Bridge] " David Laight
2020-07-22 8:21 ` David Laight
2020-07-22 8:21 ` David Laight
2020-07-22 8:21 ` David Laight
2020-07-22 8:21 ` David Laight
2020-07-22 8:07 [MPTCP] " 'Christoph Hellwig'
2020-07-22 8:07 ` [Bridge] " 'Christoph Hellwig'
2020-07-22 8:07 ` 'Christoph Hellwig'
2020-07-22 8:07 ` 'Christoph Hellwig'
2020-07-22 8:07 ` 'Christoph Hellwig'
2020-07-22 8:07 ` 'Christoph Hellwig'
2020-07-22 8:07 ` 'Christoph Hellwig'
2020-07-22 8:06 [MPTCP] " 'Christoph Hellwig'
2020-07-22 8:06 ` [Bridge] " 'Christoph Hellwig'
2020-07-22 8:06 ` 'Christoph Hellwig'
2020-07-22 8:06 ` 'Christoph Hellwig'
2020-07-22 8:06 ` 'Christoph Hellwig'
2020-07-22 8:06 ` 'Christoph Hellwig'
2020-07-22 8:06 ` 'Christoph Hellwig'
2020-07-22 8:01 [MPTCP] Re: [PATCH 12/24] bpfilter: switch bpfilter_ip_set_sockopt to sockptr_t 'Christoph Hellwig'
2020-07-22 8:01 ` [Bridge] " 'Christoph Hellwig'
2020-07-22 8:01 ` 'Christoph Hellwig'
2020-07-22 8:01 ` 'Christoph Hellwig'
2020-07-22 8:01 ` 'Christoph Hellwig'
2020-07-22 8:01 ` 'Christoph Hellwig'
2020-07-22 8:01 ` 'Christoph Hellwig'
2020-07-22 8:00 [MPTCP] " 'Christoph Hellwig'
2020-07-22 8:00 ` [Bridge] " 'Christoph Hellwig'
2020-07-22 8:00 ` 'Christoph Hellwig'
2020-07-22 8:00 ` 'Christoph Hellwig'
2020-07-22 8:00 ` 'Christoph Hellwig'
2020-07-22 8:00 ` 'Christoph Hellwig'
2020-07-22 8:00 ` 'Christoph Hellwig'
2020-07-22 7:56 [MPTCP] Re: get rid of the address_space override in setsockopt Christoph Hellwig
2020-07-22 7:56 ` [Bridge] " Christoph Hellwig
2020-07-22 7:56 ` Christoph Hellwig
2020-07-22 7:56 ` Christoph Hellwig
2020-07-22 7:56 ` Christoph Hellwig
2020-07-22 7:56 ` Christoph Hellwig
2020-07-22 7:56 ` Christoph Hellwig
2020-07-22 7:56 [MPTCP] Re: [PATCH 03/24] net: add a new sockptr_t type Christoph Hellwig
2020-07-22 7:56 ` [Bridge] " Christoph Hellwig
2020-07-22 7:56 ` Christoph Hellwig
2020-07-22 7:56 ` Christoph Hellwig
2020-07-22 7:56 ` Christoph Hellwig
2020-07-22 7:56 ` Christoph Hellwig
2020-07-22 7:56 ` Christoph Hellwig
2020-07-21 10:26 [MPTCP] Re: get rid of the address_space override in setsockopt David Laight
2020-07-21 10:26 ` [Bridge] " David Laight
2020-07-21 10:26 ` David Laight
2020-07-21 10:26 ` David Laight
2020-07-21 10:26 ` David Laight
2020-07-21 10:26 ` David Laight
2020-07-21 10:14 [MPTCP] Re: [PATCH 03/24] net: add a new sockptr_t type David Laight
2020-07-21 10:14 ` [Bridge] " David Laight
2020-07-21 10:14 ` David Laight
2020-07-21 10:14 ` David Laight
2020-07-21 10:14 ` David Laight
2020-07-21 10:14 ` David Laight
2020-07-21 9:55 [MPTCP] " David Laight
2020-07-21 9:55 ` [Bridge] " David Laight
2020-07-21 9:55 ` David Laight
2020-07-21 9:55 ` David Laight
2020-07-21 9:55 ` David Laight
2020-07-21 9:55 ` David Laight
2020-07-21 9:38 [MPTCP] Re: get rid of the address_space override in setsockopt David Laight
2020-07-21 9:38 ` [Bridge] " David Laight
2020-07-21 9:38 ` David Laight
2020-07-21 9:38 ` David Laight
2020-07-21 9:38 ` David Laight
2020-07-21 9:38 ` David Laight
2020-07-21 8:36 [MPTCP] Re: [PATCH 12/24] bpfilter: switch bpfilter_ip_set_sockopt to sockptr_t David Laight
2020-07-21 8:36 ` [Bridge] " David Laight
2020-07-21 8:36 ` David Laight
2020-07-21 8:36 ` David Laight
2020-07-21 8:36 ` David Laight
2020-07-21 8:36 ` David Laight
2020-07-21 5:28 [MPTCP] Re: [PATCH 02/24] bpfilter: fix up a sparse annotation Al Viro
2020-07-21 5:28 ` [Bridge] " Al Viro
2020-07-21 5:28 ` Al Viro
2020-07-21 5:28 ` Al Viro
2020-07-21 5:28 ` Al Viro
2020-07-21 5:28 ` Al Viro
2020-07-21 5:23 [MPTCP] " Christoph Hellwig
2020-07-21 5:23 ` [Bridge] " Christoph Hellwig
2020-07-21 5:23 ` Christoph Hellwig
2020-07-21 5:23 ` Christoph Hellwig
2020-07-21 5:23 ` Christoph Hellwig
2020-07-21 5:23 ` Christoph Hellwig
2020-07-21 5:23 ` Christoph Hellwig
2020-07-21 2:40 [MPTCP] " Luc Van Oostenryck
2020-07-21 2:40 ` [Bridge] " Luc Van Oostenryck
2020-07-21 2:40 ` Luc Van Oostenryck
2020-07-21 2:40 ` Luc Van Oostenryck
2020-07-21 2:40 ` Luc Van Oostenryck
2020-07-21 2:40 ` Luc Van Oostenryck
2020-07-20 23:20 [MPTCP] Re: [PATCH 24/24] net: pass a sockptr_t into ->setsockopt David Miller
2020-07-20 23:20 ` [Bridge] " David Miller
2020-07-20 23:20 ` David Miller
2020-07-20 23:20 ` David Miller
2020-07-20 23:20 ` David Miller
2020-07-20 23:20 ` David Miller
2020-07-20 20:47 [MPTCP] Re: get rid of the address_space override in setsockopt Alexei Starovoitov
2020-07-20 20:47 ` [Bridge] " Alexei Starovoitov
2020-07-20 20:47 ` Alexei Starovoitov
2020-07-20 20:47 ` Alexei Starovoitov
2020-07-20 20:47 ` Alexei Starovoitov
2020-07-20 20:47 ` Alexei Starovoitov
2020-07-20 17:55 [MPTCP] Re: [PATCH 03/24] net: add a new sockptr_t type Eric Biggers
2020-07-20 17:55 ` [Bridge] " Eric Biggers
2020-07-20 17:55 ` Eric Biggers
2020-07-20 17:55 ` Eric Biggers
2020-07-20 17:55 ` Eric Biggers
2020-07-20 17:55 ` Eric Biggers
2020-07-20 17:43 [MPTCP] Re: get rid of the address_space override in setsockopt Christoph Hellwig
2020-07-20 17:43 ` [Bridge] " Christoph Hellwig
2020-07-20 17:43 ` Christoph Hellwig
2020-07-20 17:43 ` Christoph Hellwig
2020-07-20 17:43 ` Christoph Hellwig
2020-07-20 17:43 ` Christoph Hellwig
2020-07-20 17:43 ` Christoph Hellwig
2020-07-20 17:43 [MPTCP] Re: [PATCH 03/24] net: add a new sockptr_t type Christoph Hellwig
2020-07-20 17:43 ` [Bridge] " Christoph Hellwig
2020-07-20 17:43 ` Christoph Hellwig
2020-07-20 17:43 ` Christoph Hellwig
2020-07-20 17:43 ` Christoph Hellwig
2020-07-20 17:43 ` Christoph Hellwig
2020-07-20 17:43 ` Christoph Hellwig
2020-07-20 16:38 [MPTCP] Re: get rid of the address_space override in setsockopt Eric Biggers
2020-07-20 16:38 ` [Bridge] " Eric Biggers
2020-07-20 16:38 ` Eric Biggers
2020-07-20 16:38 ` Eric Biggers
2020-07-20 16:38 ` Eric Biggers
2020-07-20 16:38 ` Eric Biggers
2020-07-20 16:37 [MPTCP] Re: [PATCH 03/24] net: add a new sockptr_t type Eric Biggers
2020-07-20 16:37 ` [Bridge] " Eric Biggers
2020-07-20 16:37 ` Eric Biggers
2020-07-20 16:37 ` Eric Biggers
2020-07-20 16:37 ` Eric Biggers
2020-07-20 16:37 ` Eric Biggers
2020-07-20 14:19 [MPTCP] Re: [PATCH 24/24] net: pass a sockptr_t into ->setsockopt Stefan Schmidt
2020-07-20 14:19 ` [Bridge] " Stefan Schmidt
2020-07-20 14:19 ` Stefan Schmidt
2020-07-20 14:19 ` Stefan Schmidt
2020-07-20 14:19 ` Stefan Schmidt
2020-07-20 12:47 [MPTCP] " Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 23/24] net/tcp: switch do_tcp_setsockopt to sockptr_t Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 22/24] net/tcp: switch ->md5_parse " Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 21/24] net/udp: switch udp_lib_setsockopt " Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 20/24] net/ipv6: switch do_ipv6_setsockopt " Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 19/24] net/ipv6: factor out a ipv6_set_opt_hdr helper Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 18/24] net/ipv6: switch ipv6_flowlabel_opt to sockptr_t Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 17/24] net/ipv6: split up ipv6_flowlabel_opt Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 16/24] net/ipv6: switch ip6_mroute_setsockopt to sockptr_t Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 15/24] net/ipv4: switch do_ip_setsockopt " Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 14/24] net/ipv4: merge ip_options_get and ip_options_get_from_user Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 13/24] net/ipv4: switch ip_mroute_setsockopt to sockptr_t Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 12/24] bpfilter: switch bpfilter_ip_set_sockopt " Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 11/24] netfilter: switch nf_setsockopt " Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 10/24] netfilter: switch xt_copy_counters " Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 09/24] netfilter: remove the unused user argument to do_update_counters Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 08/24] net/xfrm: switch xfrm_user_policy to sockptr_t Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 07/24] net: switch sock_set_timeout " Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 06/24] " Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 05/24] net: switch sock_setbindtodevice " Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 04/24] net: switch copy_bpf_fprog_from_user " Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 03/24] net: add a new sockptr_t type Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 02/24] bpfilter: fix up a sparse annotation Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] [PATCH 01/24] bpfilter: reject kernel addresses Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 [MPTCP] get rid of the address_space override in setsockopt Christoph Hellwig
2020-07-20 12:47 ` [Bridge] " Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
2020-07-20 12:47 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAHmME9oU9+5Pbm6pUkOqaxQyYLr9JhAkwV55+P7AWR601WW-nA@mail.gmail.com \
--to=unknown@example.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.