All of lore.kernel.org
 help / color / mirror / Atom feed
From: Dmitry Safonov <dima@arista.com>
To: linux-kernel@vger.kernel.org
Cc: Dmitry Safonov <dima@arista.com>,
	"David S. Miller" <davem@davemloft.net>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	Steffen Klassert <steffen.klassert@secunet.com>,
	Dmitry Safonov <0x7f454c46@gmail.com>,
	netdev@vger.kernel.org
Subject: [PATCH 11/18] xfrm: Add compat support for xfrm_user_expire messages
Date: Thu, 26 Jul 2018 03:31:37 +0100	[thread overview]
Message-ID: <20180726023144.31066-12-dima@arista.com> (raw)
In-Reply-To: <20180726023144.31066-1-dima@arista.com>

Parse expire messages sent by userspace according to in_compat_syscall().
Applications that used native bind() syscall are in XFRMNLGRP_EXPIRE, so
send there xfrm_usersa_info messages (with 64-bit ABI). Compatible
applications are added to kernel-hidden XFRMNLGRP_COMPAT_EXPIRE group, so
send there xfrm_usersa_info messages_packed (with 32-bit ABI)

Cc: "David S. Miller" <davem@davemloft.net>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: netdev@vger.kernel.org
Signed-off-by: Dmitry Safonov <dima@arista.com>
---
 net/xfrm/xfrm_user.c | 95 +++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 65 insertions(+), 30 deletions(-)

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 230462077dc9..ca1a14f45cf7 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -67,6 +67,12 @@ struct xfrm_userspi_info_packed {
 	__u32				max;
 } __packed;
 
+struct xfrm_user_expire_packed {
+	struct xfrm_usersa_info_packed	state;
+	__u8				hard;
+	__u8				__pad[3];
+} __packed;
+
 /* In-kernel, non-uapi compat groups.
  * As compat/native messages differ, send notifications according
  * to .bind() caller's ABI. There are *_COMPAT hidden from userspace
@@ -2240,10 +2246,19 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
 	struct net *net = sock_net(skb->sk);
 	struct xfrm_state *x;
 	int err;
-	struct xfrm_user_expire *ue = nlmsg_data(nlh);
-	struct xfrm_usersa_info_packed *p = (struct xfrm_usersa_info_packed *)&ue->state;
+	struct xfrm_user_expire_packed *ue = nlmsg_data(nlh);
+	struct xfrm_usersa_info_packed *p = &ue->state;
 	struct xfrm_mark m;
 	u32 mark = xfrm_mark_get(attrs, &m);
+	u8 hard;
+
+	if (in_compat_syscall()) {
+		hard = ue->hard;
+	} else {
+		struct xfrm_user_expire *expire = nlmsg_data(nlh);
+
+		hard = expire->hard;
+	}
 
 	x = xfrm_state_lookup(net, mark, &p->id.daddr, p->id.spi, p->id.proto, p->family);
 
@@ -2255,9 +2270,9 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
 	err = -EINVAL;
 	if (x->km.state != XFRM_STATE_VALID)
 		goto out;
-	km_state_expired(x, ue->hard, nlh->nlmsg_pid);
+	km_state_expired(x, hard, nlh->nlmsg_pid);
 
-	if (ue->hard) {
+	if (hard) {
 		__xfrm_state_delete(x);
 		xfrm_audit_state_delete(x, 1, true);
 	}
@@ -2727,33 +2742,49 @@ static int xfrm_netlink_bind(struct net *net, unsigned long *groups)
 	return 0;
 }
 
-static inline unsigned int xfrm_expire_msgsize(void)
-{
-	return NLMSG_ALIGN(sizeof(struct xfrm_user_expire))
-	       + nla_total_size(sizeof(struct xfrm_mark));
-}
-
-static int build_expire(struct sk_buff *skb, struct xfrm_state *x, const struct km_event *c)
+static int build_expire(struct sk_buff **skb, struct xfrm_state *x,
+		const struct km_event *c, bool compat)
 {
-	struct xfrm_user_expire *ue;
 	struct nlmsghdr *nlh;
+	unsigned int ue_sz;
 	int err;
 
-	nlh = nlmsg_put(skb, c->portid, 0, XFRM_MSG_EXPIRE, sizeof(*ue), 0);
-	if (nlh == NULL)
+	if (compat)
+		ue_sz = NLMSG_ALIGN(sizeof(struct xfrm_user_expire_packed));
+	else
+		ue_sz = NLMSG_ALIGN(sizeof(struct xfrm_user_expire));
+
+	*skb = nlmsg_new(ue_sz + nla_total_size(sizeof(struct xfrm_mark)), GFP_ATOMIC);
+	if (*skb == NULL)
+		return -ENOMEM;
+
+	nlh = nlmsg_put(*skb, c->portid, 0, XFRM_MSG_EXPIRE, ue_sz, 0);
+	if (nlh == NULL) {
+		kfree_skb(*skb);
 		return -EMSGSIZE;
+	}
 
-	ue = nlmsg_data(nlh);
-	copy_to_user_state(x, &ue->state);
-	ue->hard = (c->data.hard != 0) ? 1 : 0;
-	/* clear the padding bytes */
-	memset(&ue->hard + 1, 0, sizeof(*ue) - offsetofend(typeof(*ue), hard));
+	if (compat) {
+		struct xfrm_user_expire_packed *ue = nlmsg_data(nlh);
 
-	err = xfrm_mark_put(skb, &x->mark);
-	if (err)
+		copy_to_user_state_compat(x, &ue->state);
+		ue->hard = (c->data.hard != 0) ? 1 : 0;
+	} else {
+		struct xfrm_user_expire *ue = nlmsg_data(nlh);
+
+		copy_to_user_state(x, &ue->state);
+		ue->hard = (c->data.hard != 0) ? 1 : 0;
+		/* clear the padding bytes */
+		memset(&ue->hard + 1, 0, sizeof(*ue) - offsetofend(typeof(*ue), hard));
+	}
+
+	err = xfrm_mark_put(*skb, &x->mark);
+	if (err) {
+		kfree_skb(*skb);
 		return err;
+	}
 
-	nlmsg_end(skb, nlh);
+	nlmsg_end(*skb, nlh);
 	return 0;
 }
 
@@ -2761,17 +2792,21 @@ static int xfrm_exp_state_notify(struct xfrm_state *x, const struct km_event *c)
 {
 	struct net *net = xs_net(x);
 	struct sk_buff *skb;
+	int err;
 
-	skb = nlmsg_new(xfrm_expire_msgsize(), GFP_ATOMIC);
-	if (skb == NULL)
-		return -ENOMEM;
+	err = build_expire(&skb, x, c, false);
+	if (err)
+		return err;
 
-	if (build_expire(skb, x, c) < 0) {
-		kfree_skb(skb);
-		return -EMSGSIZE;
-	}
+	err = xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_EXPIRE);
+	if ((err && err != -ESRCH) || !IS_ENABLED(CONFIG_COMPAT))
+		return err;
 
-	return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_EXPIRE);
+	err = build_expire(&skb, x, c, true);
+	if (err)
+		return err;
+
+	return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_COMPAT_EXPIRE);
 }
 
 static int xfrm_aevent_state_notify(struct xfrm_state *x, const struct km_event *c)
-- 
2.13.6


  parent reply	other threads:[~2018-07-26  2:33 UTC|newest]

Thread overview: 74+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-07-26  2:31 [PATCH 00/18] xfrm: Add compat layer Dmitry Safonov
2018-07-26  2:31 ` Dmitry Safonov
2018-07-26  2:31 ` dima
2018-07-26  2:31 ` Dmitry Safonov
2018-07-26  2:31 ` Dmitry Safonov
2018-07-26  2:31 ` [PATCH 01/18] x86/compat: Adjust in_compat_syscall() to generic code under !COMPAT Dmitry Safonov
2018-07-26  2:31 ` [PATCH 02/18] compat: Cleanup in_compat_syscall() callers Dmitry Safonov
2018-07-26  2:31 ` [PATCH 03/18] selftest/net/xfrm: Add test for ipsec tunnel Dmitry Safonov
2018-07-26  2:31   ` Dmitry Safonov
2018-07-26  2:31   ` dima
2018-07-26  2:31 ` [PATCH 04/18] net/xfrm: Add _packed types for compat users Dmitry Safonov
2018-07-26  2:31 ` [PATCH 05/18] net/xfrm: Parse userspi_info{,_packed} depending on syscall Dmitry Safonov
2018-07-26  2:31 ` [PATCH 06/18] netlink: Do not subscribe to non-existent groups Dmitry Safonov
2018-07-26  4:22   ` David Miller
2018-07-27 13:43     ` Dmitry Safonov
2018-07-26  2:31 ` [PATCH 07/18] netlink: Pass groups pointer to .bind() Dmitry Safonov
2018-07-26  2:31 ` [PATCH 08/18] xfrm: Add in-kernel groups for compat notifications Dmitry Safonov
2018-07-26  2:31 ` [PATCH 09/18] xfrm: Dump usersa_info in compat/native formats Dmitry Safonov
2018-07-26  2:31 ` [PATCH 10/18] xfrm: Send state notifications in compat format too Dmitry Safonov
2018-07-26  2:31 ` Dmitry Safonov [this message]
2018-07-26  2:31 ` [PATCH 12/18] xfrm: Add compat support for xfrm_userpolicy_info messages Dmitry Safonov
2018-07-26  2:31 ` [PATCH 13/18] xfrm: Add compat support for xfrm_user_acquire messages Dmitry Safonov
2018-07-26  2:31 ` [PATCH 14/18] xfrm: Add compat support for xfrm_user_polexpire messages Dmitry Safonov
2018-07-26  2:31 ` [PATCH 15/18] xfrm: Check compat acquire listeners in xfrm_is_alive() Dmitry Safonov
2018-07-26  2:31 ` [PATCH 16/18] xfrm: Notify compat listeners about policy flush Dmitry Safonov
2018-07-26  2:31 ` [PATCH 17/18] xfrm: Notify compat listeners about state flush Dmitry Safonov
2018-07-26  2:31 ` [PATCH 18/18] xfrm: Enable compat syscalls Dmitry Safonov
2018-07-26  8:49 ` [PATCH 00/18] xfrm: Add compat layer Florian Westphal
2018-07-26  8:49   ` Florian Westphal
2018-07-26  8:49   ` fw
2018-07-26  8:49   ` Florian Westphal
2018-07-26  8:49   ` Florian Westphal
2018-07-27  7:37   ` Steffen Klassert
2018-07-27  7:37     ` Steffen Klassert
2018-07-27  7:37     ` steffen.klassert
2018-07-27  7:37     ` Steffen Klassert
2018-07-27  7:37     ` Steffen Klassert
2018-07-27 14:02     ` Dmitry Safonov
2018-07-27 14:02       ` Dmitry Safonov
2018-07-27 14:02       ` dima
2018-07-27 14:02       ` Dmitry Safonov
2018-07-27 14:02       ` Dmitry Safonov
2018-07-27 14:19       ` Florian Westphal
2018-07-27 14:19         ` Florian Westphal
2018-07-27 14:19         ` fw
2018-07-27 14:19         ` Florian Westphal
2018-07-27 14:19         ` Florian Westphal
2018-07-27 14:51         ` Dmitry Safonov
2018-07-27 14:51           ` Dmitry Safonov
2018-07-27 14:51           ` dima
2018-07-27 14:51           ` Dmitry Safonov
2018-07-27 14:51           ` Dmitry Safonov
2018-07-27 16:48           ` Nathan Harold
2018-07-27 16:48             ` Nathan Harold
2018-07-27 16:48             ` nharold
2018-07-27 16:48             ` Nathan Harold
2018-07-27 17:09             ` Andy Lutomirski
2018-07-27 17:09               ` Andy Lutomirski
2018-07-27 17:09               ` luto
2018-07-27 17:09               ` Andy Lutomirski
2018-07-28 16:26             ` Dmitry Safonov
2018-07-28 16:26               ` Dmitry Safonov
2018-07-28 16:26               ` dima
2018-07-28 16:26               ` Dmitry Safonov
2018-07-28 16:26               ` Dmitry Safonov
2018-07-28 21:18               ` David Miller
2018-07-28 21:18                 ` David Miller
2018-07-28 21:18                 ` davem
2018-07-30 17:39                 ` Dmitry Safonov
2018-07-30 17:39                   ` Dmitry Safonov
2018-07-30 17:39                   ` dima
2018-07-30 19:43                   ` Florian Westphal
2018-07-30 19:43                     ` Florian Westphal
2018-07-30 19:43                     ` fw

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180726023144.31066-12-dima@arista.com \
    --to=dima@arista.com \
    --cc=0x7f454c46@gmail.com \
    --cc=davem@davemloft.net \
    --cc=herbert@gondor.apana.org.au \
    --cc=linux-kernel@vger.kernel.org \
    --cc=netdev@vger.kernel.org \
    --cc=steffen.klassert@secunet.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.