From: David Miller <davem@davemloft.net>
To: zenczykowski@gmail.com
Cc: maze@google.com, netdev@vger.kernel.org, edumazet@google.com
Subject: Re: [PATCH v2] net: port < inet_prot_sock(net) --> inet_port_requires_bind_service(net, port)
Date: Tue, 26 Nov 2019 13:20:57 -0800 (PST) [thread overview]
Message-ID: <20191126.132057.498166931431808469.davem@davemloft.net> (raw)
In-Reply-To: <20191125233704.186202-1-zenczykowski@gmail.com>
From: Maciej Żenczykowski <zenczykowski@gmail.com>
Date: Mon, 25 Nov 2019 15:37:04 -0800
> From: Maciej Żenczykowski <maze@google.com>
>
> Note that the sysctl write accessor functions guarantee that:
> net->ipv4.sysctl_ip_prot_sock <= net->ipv4.ip_local_ports.range[0]
> invariant is maintained, and as such the max() in selinux hooks is actually spurious.
>
> ie. even though
> if (snum < max(inet_prot_sock(sock_net(sk)), low) || snum > high) {
> per logic is the same as
> if ((snum < inet_prot_sock(sock_net(sk)) && snum < low) || snum > high) {
> it is actually functionally equivalent to:
> if (snum < low || snum > high) {
> which is equivalent to:
> if (snum < inet_prot_sock(sock_net(sk)) || snum < low || snum > high) {
> even though the first clause is spurious.
>
> But we want to hold on to it in case we ever want to change what what
> inet_port_requires_bind_service() means (for example by changing
> it from a, by default, [0..1024) range to some sort of set).
>
> Test: builds, git 'grep inet_prot_sock' finds no other references
> Cc: Eric Dumazet <edumazet@google.com>
> Signed-off-by: Maciej Żenczykowski <maze@google.com>
Applied, thanks.
prev parent reply other threads:[~2019-11-26 21:20 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-22 7:21 [PATCH 1/3] net: inet_is_local_reserved_port() should return bool not int Maciej Żenczykowski
2019-11-22 7:21 ` [PATCH 2/3] net: port < inet_prot_sock(net) --> inet_port_requires_bind_service(net, port) Maciej Żenczykowski
2019-11-22 7:21 ` [PATCH 3/3] net: Fail explicit unprivileged bind to local reserved ports Maciej Żenczykowski
2019-11-22 18:06 ` [PATCH 1/3] net: inet_is_local_reserved_port() should return bool not int David Miller
2019-11-22 21:48 ` Maciej Żenczykowski
2019-11-22 21:50 ` [PATCH] " Maciej Żenczykowski
2019-11-23 0:55 ` Jakub Kicinski
2019-11-23 3:31 ` Maciej Żenczykowski
2019-11-24 9:24 ` [PATCH 1/3] " Maciej Żenczykowski
2019-11-24 9:27 ` [PATCH] net: port < inet_prot_sock(net) --> inet_port_requires_bind_service(net, port) Maciej Żenczykowski
2019-11-25 22:45 ` David Miller
2019-11-25 23:32 ` Maciej Żenczykowski
2019-11-25 23:37 ` [PATCH v2] " Maciej Żenczykowski
2019-11-26 21:20 ` David Miller [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191126.132057.498166931431808469.davem@davemloft.net \
--to=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=maze@google.com \
--cc=netdev@vger.kernel.org \
--cc=zenczykowski@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.