* [PATCH 9/9] udpv6: Check address length before reading address family
@ 2019-04-12 10:56 Tetsuo Handa
2019-04-12 16:07 ` Song Liu
` (2 more replies)
0 siblings, 3 replies; 5+ messages in thread
From: Tetsuo Handa @ 2019-04-12 10:56 UTC (permalink / raw)
To: Alexei Starovoitov, Daniel Borkmann, Martin KaFai Lau, Song Liu,
Yonghong Song
Cc: David S. Miller, netdev, Tetsuo Handa
KMSAN will complain if valid address length passed to udpv6_pre_connect()
is shorter than sizeof("struct sockaddr"->sa_family) bytes.
(This patch is bogus if it is guaranteed that udpv6_pre_connect() is
always called after checking "struct sockaddr"->sa_family. In that case,
we want a comment why we don't need to check valid address length here.)
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
net/ipv6/udp.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index d538fafaf4a9..2464fba569b4 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -1045,6 +1045,8 @@ static void udp_v6_flush_pending_frames(struct sock *sk)
static int udpv6_pre_connect(struct sock *sk, struct sockaddr *uaddr,
int addr_len)
{
+ if (addr_len < offsetofend(struct sockaddr, sa_family))
+ return -EINVAL;
/* The following checks are replicated from __ip6_datagram_connect()
* and intended to prevent BPF program called below from accessing
* bytes that are out of the bound specified by user in addr_len.
--
2.16.5
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH 9/9] udpv6: Check address length before reading address family
2019-04-12 10:56 [PATCH 9/9] udpv6: Check address length before reading address family Tetsuo Handa
@ 2019-04-12 16:07 ` Song Liu
2019-04-12 16:49 ` Andrey Ignatov
2019-04-12 17:26 ` David Miller
2 siblings, 0 replies; 5+ messages in thread
From: Song Liu @ 2019-04-12 16:07 UTC (permalink / raw)
To: Tetsuo Handa
Cc: Alexei Starovoitov, Daniel Borkmann, Martin Lau, Yonghong Song,
David S. Miller, netdev
> On Apr 12, 2019, at 3:56 AM, Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> wrote:
>
> KMSAN will complain if valid address length passed to udpv6_pre_connect()
> is shorter than sizeof("struct sockaddr"->sa_family) bytes.
>
> (This patch is bogus if it is guaranteed that udpv6_pre_connect() is
> always called after checking "struct sockaddr"->sa_family. In that case,
> we want a comment why we don't need to check valid address length here.)
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Looks good.
Acked-by: Song Liu <songliubraving@fb.com>
> ---
> net/ipv6/udp.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
> index d538fafaf4a9..2464fba569b4 100644
> --- a/net/ipv6/udp.c
> +++ b/net/ipv6/udp.c
> @@ -1045,6 +1045,8 @@ static void udp_v6_flush_pending_frames(struct sock *sk)
> static int udpv6_pre_connect(struct sock *sk, struct sockaddr *uaddr,
> int addr_len)
> {
> + if (addr_len < offsetofend(struct sockaddr, sa_family))
> + return -EINVAL;
> /* The following checks are replicated from __ip6_datagram_connect()
> * and intended to prevent BPF program called below from accessing
> * bytes that are out of the bound specified by user in addr_len.
> --
> 2.16.5
>
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 9/9] udpv6: Check address length before reading address family
2019-04-12 10:56 [PATCH 9/9] udpv6: Check address length before reading address family Tetsuo Handa
2019-04-12 16:07 ` Song Liu
@ 2019-04-12 16:49 ` Andrey Ignatov
2019-04-13 2:06 ` Tetsuo Handa
2019-04-12 17:26 ` David Miller
2 siblings, 1 reply; 5+ messages in thread
From: Andrey Ignatov @ 2019-04-12 16:49 UTC (permalink / raw)
To: Tetsuo Handa
Cc: Alexei Starovoitov, Daniel Borkmann, Martin Lau, Song Liu,
Yonghong Song, David S. Miller, netdev
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> [Fri, 2019-04-12 03:57 -0700]:
> KMSAN will complain if valid address length passed to udpv6_pre_connect()
> is shorter than sizeof("struct sockaddr"->sa_family) bytes.
>
> (This patch is bogus if it is guaranteed that udpv6_pre_connect() is
> always called after checking "struct sockaddr"->sa_family. In that case,
> we want a comment why we don't need to check valid address length here.)
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
> ---
> net/ipv6/udp.c | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
> index d538fafaf4a9..2464fba569b4 100644
> --- a/net/ipv6/udp.c
> +++ b/net/ipv6/udp.c
> @@ -1045,6 +1045,8 @@ static void udp_v6_flush_pending_frames(struct sock *sk)
> static int udpv6_pre_connect(struct sock *sk, struct sockaddr *uaddr,
> int addr_len)
> {
> + if (addr_len < offsetofend(struct sockaddr, sa_family))
> + return -EINVAL;
Such a check wasn't added since it's already checked in
inet_dgram_connect, the only place where udpv6_pre_connect is called:
int inet_dgram_connect(struct socket *sock, struct sockaddr *uaddr,
int addr_len, int flags)
{
struct sock *sk = sock->sk;
int err;
if (addr_len < sizeof(uaddr->sa_family))
return -EINVAL;
if (uaddr->sa_family == AF_UNSPEC)
return sk->sk_prot->disconnect(sk, flags);
if (BPF_CGROUP_PRE_CONNECT_ENABLED(sk)) {
err = sk->sk_prot->pre_connect(sk, uaddr, addr_len);
if (err)
return err;
}
So it's already handled. But if it helps KMSAN, that's probably fine to
double-check it here. Or it's considered false positive?
> /* The following checks are replicated from __ip6_datagram_connect()
> * and intended to prevent BPF program called below from accessing
> * bytes that are out of the bound specified by user in addr_len.
--
Andrey Ignatov
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 9/9] udpv6: Check address length before reading address family
2019-04-12 10:56 [PATCH 9/9] udpv6: Check address length before reading address family Tetsuo Handa
2019-04-12 16:07 ` Song Liu
2019-04-12 16:49 ` Andrey Ignatov
@ 2019-04-12 17:26 ` David Miller
2 siblings, 0 replies; 5+ messages in thread
From: David Miller @ 2019-04-12 17:26 UTC (permalink / raw)
To: penguin-kernel; +Cc: ast, daniel, kafai, songliubraving, yhs, netdev
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Fri, 12 Apr 2019 19:56:39 +0900
> KMSAN will complain if valid address length passed to udpv6_pre_connect()
> is shorter than sizeof("struct sockaddr"->sa_family) bytes.
>
> (This patch is bogus if it is guaranteed that udpv6_pre_connect() is
> always called after checking "struct sockaddr"->sa_family. In that case,
> we want a comment why we don't need to check valid address length here.)
>
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Applied.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH 9/9] udpv6: Check address length before reading address family
2019-04-12 16:49 ` Andrey Ignatov
@ 2019-04-13 2:06 ` Tetsuo Handa
0 siblings, 0 replies; 5+ messages in thread
From: Tetsuo Handa @ 2019-04-13 2:06 UTC (permalink / raw)
To: Andrey Ignatov
Cc: Alexei Starovoitov, Daniel Borkmann, Martin Lau, Song Liu,
Yonghong Song, David S. Miller, netdev
On 2019/04/13 1:49, Andrey Ignatov wrote:
> Such a check wasn't added since it's already checked in
> inet_dgram_connect, the only place where udpv6_pre_connect is called:
>
> int inet_dgram_connect(struct socket *sock, struct sockaddr *uaddr,
> int addr_len, int flags)
> {
> struct sock *sk = sock->sk;
> int err;
>
> if (addr_len < sizeof(uaddr->sa_family))
> return -EINVAL;
> if (uaddr->sa_family == AF_UNSPEC)
> return sk->sk_prot->disconnect(sk, flags);
>
> if (BPF_CGROUP_PRE_CONNECT_ENABLED(sk)) {
> err = sk->sk_prot->pre_connect(sk, uaddr, addr_len);
> if (err)
> return err;
> }
>
> So it's already handled. But if it helps KMSAN, that's probably fine to
> double-check it here. Or it's considered false positive?
OK, then KMSAN will not complain and this patch can be dropped.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-04-13 2:06 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-04-12 10:56 [PATCH 9/9] udpv6: Check address length before reading address family Tetsuo Handa
2019-04-12 16:07 ` Song Liu
2019-04-12 16:49 ` Andrey Ignatov
2019-04-13 2:06 ` Tetsuo Handa
2019-04-12 17:26 ` David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.