* [PATCH net-next] net: inet: diag: expose the socket mark to privileged processes.
@ 2016-09-07 9:32 Lorenzo Colitti
2016-09-07 9:48 ` Lorenzo Colitti
` (3 more replies)
0 siblings, 4 replies; 6+ messages in thread
From: Lorenzo Colitti @ 2016-09-07 9:32 UTC (permalink / raw)
To: netdev; +Cc: ek, eric.dumazet, davem, dsa, Lorenzo Colitti
This adds the capability for a process that has CAP_NET_ADMIN on
a socket to dump its mark. This is useful in systems that use
mark-based routing such as Android.
CAP_NET_ADMIN already grants substantial privileges via the
SOCK_DIAG infrastructure. For example, it allows a process to
dump the BPF programs attached to sockets or to close those
sockets via SOCK_DESTROY.
Change-Id: I2a7184f11fac825006d1d87b9f876758800f9452
Signed-off-by: Lorenzo Colitti <lorenzo@google.com>
---
include/linux/inet_diag.h | 4 ++--
include/uapi/linux/inet_diag.h | 1 +
net/ipv4/inet_diag.c | 49 ++++++++++++++++++++++++++++--------------
net/ipv4/udp_diag.c | 10 +++++----
4 files changed, 42 insertions(+), 22 deletions(-)
diff --git a/include/linux/inet_diag.h b/include/linux/inet_diag.h
index feb04ea..65da430 100644
--- a/include/linux/inet_diag.h
+++ b/include/linux/inet_diag.h
@@ -37,7 +37,7 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
struct sk_buff *skb, const struct inet_diag_req_v2 *req,
struct user_namespace *user_ns,
u32 pid, u32 seq, u16 nlmsg_flags,
- const struct nlmsghdr *unlh);
+ const struct nlmsghdr *unlh, bool net_admin);
void inet_diag_dump_icsk(struct inet_hashinfo *h, struct sk_buff *skb,
struct netlink_callback *cb,
const struct inet_diag_req_v2 *r,
@@ -56,7 +56,7 @@ void inet_diag_msg_common_fill(struct inet_diag_msg *r, struct sock *sk);
int inet_diag_msg_attrs_fill(struct sock *sk, struct sk_buff *skb,
struct inet_diag_msg *r, int ext,
- struct user_namespace *user_ns);
+ struct user_namespace *user_ns, bool net_admin);
extern int inet_diag_register(const struct inet_diag_handler *handler);
extern void inet_diag_unregister(const struct inet_diag_handler *handler);
diff --git a/include/uapi/linux/inet_diag.h b/include/uapi/linux/inet_diag.h
index 5581206..b5c366f 100644
--- a/include/uapi/linux/inet_diag.h
+++ b/include/uapi/linux/inet_diag.h
@@ -123,6 +123,7 @@ enum {
INET_DIAG_LOCALS,
INET_DIAG_PEERS,
INET_DIAG_PAD,
+ INET_DIAG_MARK,
__INET_DIAG_MAX,
};
diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c
index abfbe49..e4d16fc 100644
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -99,6 +99,7 @@ static size_t inet_sk_attr_size(void)
+ nla_total_size(1) /* INET_DIAG_SHUTDOWN */
+ nla_total_size(1) /* INET_DIAG_TOS */
+ nla_total_size(1) /* INET_DIAG_TCLASS */
+ + nla_total_size(4) /* INET_DIAG_MARK */
+ nla_total_size(sizeof(struct inet_diag_meminfo))
+ nla_total_size(sizeof(struct inet_diag_msg))
+ nla_total_size(SK_MEMINFO_VARS * sizeof(u32))
@@ -109,7 +110,8 @@ static size_t inet_sk_attr_size(void)
int inet_diag_msg_attrs_fill(struct sock *sk, struct sk_buff *skb,
struct inet_diag_msg *r, int ext,
- struct user_namespace *user_ns)
+ struct user_namespace *user_ns,
+ bool net_admin)
{
const struct inet_sock *inet = inet_sk(sk);
@@ -136,6 +138,9 @@ int inet_diag_msg_attrs_fill(struct sock *sk, struct sk_buff *skb,
}
#endif
+ if (net_admin && nla_put_u32(skb, INET_DIAG_MARK, sk->sk_mark))
+ goto errout;
+
r->idiag_uid = from_kuid_munged(user_ns, sock_i_uid(sk));
r->idiag_inode = sock_i_ino(sk);
@@ -149,7 +154,8 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
struct sk_buff *skb, const struct inet_diag_req_v2 *req,
struct user_namespace *user_ns,
u32 portid, u32 seq, u16 nlmsg_flags,
- const struct nlmsghdr *unlh)
+ const struct nlmsghdr *unlh,
+ bool net_admin)
{
const struct tcp_congestion_ops *ca_ops;
const struct inet_diag_handler *handler;
@@ -175,7 +181,7 @@ int inet_sk_diag_fill(struct sock *sk, struct inet_connection_sock *icsk,
r->idiag_timer = 0;
r->idiag_retrans = 0;
- if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns))
+ if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns, net_admin))
goto errout;
if (ext & (1 << (INET_DIAG_MEMINFO - 1))) {
@@ -274,10 +280,11 @@ static int inet_csk_diag_fill(struct sock *sk,
const struct inet_diag_req_v2 *req,
struct user_namespace *user_ns,
u32 portid, u32 seq, u16 nlmsg_flags,
- const struct nlmsghdr *unlh)
+ const struct nlmsghdr *unlh,
+ bool net_admin)
{
- return inet_sk_diag_fill(sk, inet_csk(sk), skb, req,
- user_ns, portid, seq, nlmsg_flags, unlh);
+ return inet_sk_diag_fill(sk, inet_csk(sk), skb, req, user_ns,
+ portid, seq, nlmsg_flags, unlh, net_admin);
}
static int inet_twsk_diag_fill(struct sock *sk,
@@ -319,8 +326,9 @@ static int inet_twsk_diag_fill(struct sock *sk,
static int inet_req_diag_fill(struct sock *sk, struct sk_buff *skb,
u32 portid, u32 seq, u16 nlmsg_flags,
- const struct nlmsghdr *unlh)
+ const struct nlmsghdr *unlh, bool net_admin)
{
+ struct request_sock *reqsk = inet_reqsk(sk);
struct inet_diag_msg *r;
struct nlmsghdr *nlh;
long tmo;
@@ -334,7 +342,7 @@ static int inet_req_diag_fill(struct sock *sk, struct sk_buff *skb,
inet_diag_msg_common_fill(r, sk);
r->idiag_state = TCP_SYN_RECV;
r->idiag_timer = 1;
- r->idiag_retrans = inet_reqsk(sk)->num_retrans;
+ r->idiag_retrans = reqsk->num_retrans;
BUILD_BUG_ON(offsetof(struct inet_request_sock, ir_cookie) !=
offsetof(struct sock, sk_cookie));
@@ -346,6 +354,10 @@ static int inet_req_diag_fill(struct sock *sk, struct sk_buff *skb,
r->idiag_uid = 0;
r->idiag_inode = 0;
+ if (net_admin && nla_put_u32(skb, INET_DIAG_MARK,
+ inet_rsk(reqsk)->ir_mark))
+ return -EMSGSIZE;
+
nlmsg_end(skb, nlh);
return 0;
}
@@ -354,7 +366,7 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb,
const struct inet_diag_req_v2 *r,
struct user_namespace *user_ns,
u32 portid, u32 seq, u16 nlmsg_flags,
- const struct nlmsghdr *unlh)
+ const struct nlmsghdr *unlh, bool net_admin)
{
if (sk->sk_state == TCP_TIME_WAIT)
return inet_twsk_diag_fill(sk, skb, portid, seq,
@@ -362,10 +374,10 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb,
if (sk->sk_state == TCP_NEW_SYN_RECV)
return inet_req_diag_fill(sk, skb, portid, seq,
- nlmsg_flags, unlh);
+ nlmsg_flags, unlh, net_admin);
return inet_csk_diag_fill(sk, skb, r, user_ns, portid, seq,
- nlmsg_flags, unlh);
+ nlmsg_flags, unlh, net_admin);
}
struct sock *inet_diag_find_one_icsk(struct net *net,
@@ -435,7 +447,8 @@ int inet_diag_dump_one_icsk(struct inet_hashinfo *hashinfo,
err = sk_diag_fill(sk, rep, req,
sk_user_ns(NETLINK_CB(in_skb).sk),
NETLINK_CB(in_skb).portid,
- nlh->nlmsg_seq, 0, nlh);
+ nlh->nlmsg_seq, 0, nlh,
+ netlink_net_capable(in_skb, CAP_NET_ADMIN));
if (err < 0) {
WARN_ON(err == -EMSGSIZE);
nlmsg_free(rep);
@@ -796,7 +809,8 @@ static int inet_csk_diag_dump(struct sock *sk,
struct sk_buff *skb,
struct netlink_callback *cb,
const struct inet_diag_req_v2 *r,
- const struct nlattr *bc)
+ const struct nlattr *bc,
+ bool net_admin)
{
if (!inet_diag_bc_sk(bc, sk))
return 0;
@@ -804,7 +818,8 @@ static int inet_csk_diag_dump(struct sock *sk,
return inet_csk_diag_fill(sk, skb, r,
sk_user_ns(NETLINK_CB(cb->skb).sk),
NETLINK_CB(cb->skb).portid,
- cb->nlh->nlmsg_seq, NLM_F_MULTI, cb->nlh);
+ cb->nlh->nlmsg_seq, NLM_F_MULTI, cb->nlh,
+ net_admin);
}
static void twsk_build_assert(void)
@@ -840,6 +855,7 @@ void inet_diag_dump_icsk(struct inet_hashinfo *hashinfo, struct sk_buff *skb,
struct net *net = sock_net(skb->sk);
int i, num, s_i, s_num;
u32 idiag_states = r->idiag_states;
+ bool net_admin = netlink_net_capable(cb->skb, CAP_NET_ADMIN);
if (idiag_states & TCPF_SYN_RECV)
idiag_states |= TCPF_NEW_SYN_RECV;
@@ -880,7 +896,8 @@ void inet_diag_dump_icsk(struct inet_hashinfo *hashinfo, struct sk_buff *skb,
cb->args[3] > 0)
goto next_listen;
- if (inet_csk_diag_dump(sk, skb, cb, r, bc) < 0) {
+ if (inet_csk_diag_dump(sk, skb, cb, r,
+ bc, net_admin) < 0) {
spin_unlock_bh(&ilb->lock);
goto done;
}
@@ -948,7 +965,7 @@ skip_listen_ht:
sk_user_ns(NETLINK_CB(cb->skb).sk),
NETLINK_CB(cb->skb).portid,
cb->nlh->nlmsg_seq, NLM_F_MULTI,
- cb->nlh);
+ cb->nlh, net_admin);
if (res < 0) {
spin_unlock_bh(lock);
goto done;
diff --git a/net/ipv4/udp_diag.c b/net/ipv4/udp_diag.c
index 58b79c0..9a89c10 100644
--- a/net/ipv4/udp_diag.c
+++ b/net/ipv4/udp_diag.c
@@ -20,7 +20,7 @@
static int sk_diag_dump(struct sock *sk, struct sk_buff *skb,
struct netlink_callback *cb,
const struct inet_diag_req_v2 *req,
- struct nlattr *bc)
+ struct nlattr *bc, bool net_admin)
{
if (!inet_diag_bc_sk(bc, sk))
return 0;
@@ -28,7 +28,7 @@ static int sk_diag_dump(struct sock *sk, struct sk_buff *skb,
return inet_sk_diag_fill(sk, NULL, skb, req,
sk_user_ns(NETLINK_CB(cb->skb).sk),
NETLINK_CB(cb->skb).portid,
- cb->nlh->nlmsg_seq, NLM_F_MULTI, cb->nlh);
+ cb->nlh->nlmsg_seq, NLM_F_MULTI, cb->nlh, net_admin);
}
static int udp_dump_one(struct udp_table *tbl, struct sk_buff *in_skb,
@@ -76,7 +76,8 @@ static int udp_dump_one(struct udp_table *tbl, struct sk_buff *in_skb,
err = inet_sk_diag_fill(sk, NULL, rep, req,
sk_user_ns(NETLINK_CB(in_skb).sk),
NETLINK_CB(in_skb).portid,
- nlh->nlmsg_seq, 0, nlh);
+ nlh->nlmsg_seq, 0, nlh,
+ netlink_net_capable(in_skb, CAP_NET_ADMIN));
if (err < 0) {
WARN_ON(err == -EMSGSIZE);
kfree_skb(rep);
@@ -97,6 +98,7 @@ static void udp_dump(struct udp_table *table, struct sk_buff *skb,
struct netlink_callback *cb,
const struct inet_diag_req_v2 *r, struct nlattr *bc)
{
+ bool net_admin = netlink_net_capable(cb->skb, CAP_NET_ADMIN);
struct net *net = sock_net(skb->sk);
int num, s_num, slot, s_slot;
@@ -132,7 +134,7 @@ static void udp_dump(struct udp_table *table, struct sk_buff *skb,
r->id.idiag_dport)
goto next;
- if (sk_diag_dump(sk, skb, cb, r, bc) < 0) {
+ if (sk_diag_dump(sk, skb, cb, r, bc, net_admin) < 0) {
spin_unlock_bh(&hslot->lock);
goto done;
}
--
2.8.0.rc3.226.g39d4020
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH net-next] net: inet: diag: expose the socket mark to privileged processes.
2016-09-07 9:32 [PATCH net-next] net: inet: diag: expose the socket mark to privileged processes Lorenzo Colitti
@ 2016-09-07 9:48 ` Lorenzo Colitti
2016-09-07 11:20 ` kbuild test robot
` (2 subsequent siblings)
3 siblings, 0 replies; 6+ messages in thread
From: Lorenzo Colitti @ 2016-09-07 9:48 UTC (permalink / raw)
To: netdev
Cc: Erik Kline, Eric Dumazet, David Miller, David Ahern, Lorenzo Colitti
On Wed, Sep 7, 2016 at 6:32 PM, Lorenzo Colitti <lorenzo@google.com> wrote:
> This adds the capability for a process that has CAP_NET_ADMIN on
> a socket to dump its mark.
Sorry for sending v2 out so soon; there are no code changes from v1,
but I corrected the commit description. I've marked v1 as superseded
and archived it in patchwork.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net-next] net: inet: diag: expose the socket mark to privileged processes.
2016-09-07 9:32 [PATCH net-next] net: inet: diag: expose the socket mark to privileged processes Lorenzo Colitti
2016-09-07 9:48 ` Lorenzo Colitti
@ 2016-09-07 11:20 ` kbuild test robot
2016-09-07 15:47 ` Lorenzo Colitti
2016-09-07 11:32 ` kbuild test robot
2016-09-07 20:33 ` kbuild test robot
3 siblings, 1 reply; 6+ messages in thread
From: kbuild test robot @ 2016-09-07 11:20 UTC (permalink / raw)
To: Lorenzo Colitti
Cc: kbuild-all, netdev, ek, eric.dumazet, davem, dsa, Lorenzo Colitti
[-- Attachment #1: Type: text/plain, Size: 1935 bytes --]
Hi Lorenzo,
[auto build test ERROR on net-next/master]
url: https://github.com/0day-ci/linux/commits/Lorenzo-Colitti/net-inet-diag-expose-the-socket-mark-to-privileged-processes/20160907-181944
config: i386-randconfig-s1-201636 (attached as .config)
compiler: gcc-6 (Debian 6.1.1-9) 6.1.1 20160705
reproduce:
# save the attached .config to linux build tree
make ARCH=i386
All errors (new ones prefixed by >>):
net/sctp/sctp_diag.c: In function 'inet_sctp_diag_fill':
>> net/sctp/sctp_diag.c:136:6: error: too few arguments to function 'inet_diag_msg_attrs_fill'
if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns))
^~~~~~~~~~~~~~~~~~~~~~~~
In file included from net/sctp/sctp_diag.c:2:0:
include/linux/inet_diag.h:57:5: note: declared here
int inet_diag_msg_attrs_fill(struct sock *sk, struct sk_buff *skb,
^~~~~~~~~~~~~~~~~~~~~~~~
vim +/inet_diag_msg_attrs_fill +136 net/sctp/sctp_diag.c
8f840e47 Xin Long 2016-04-14 130 inet_diag_msg_common_fill(r, sk);
8f840e47 Xin Long 2016-04-14 131 r->idiag_state = sk->sk_state;
8f840e47 Xin Long 2016-04-14 132 r->idiag_timer = 0;
8f840e47 Xin Long 2016-04-14 133 r->idiag_retrans = 0;
8f840e47 Xin Long 2016-04-14 134 }
8f840e47 Xin Long 2016-04-14 135
8f840e47 Xin Long 2016-04-14 @136 if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns))
8f840e47 Xin Long 2016-04-14 137 goto errout;
8f840e47 Xin Long 2016-04-14 138
8f840e47 Xin Long 2016-04-14 139 if (ext & (1 << (INET_DIAG_SKMEMINFO - 1))) {
:::::: The code at line 136 was first introduced by commit
:::::: 8f840e47f190cbe61a96945c13e9551048d42cef sctp: add the sctp_diag.c file
:::::: TO: Xin Long <lucien.xin@gmail.com>
:::::: CC: David S. Miller <davem@davemloft.net>
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/octet-stream, Size: 27986 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net-next] net: inet: diag: expose the socket mark to privileged processes.
2016-09-07 9:32 [PATCH net-next] net: inet: diag: expose the socket mark to privileged processes Lorenzo Colitti
2016-09-07 9:48 ` Lorenzo Colitti
2016-09-07 11:20 ` kbuild test robot
@ 2016-09-07 11:32 ` kbuild test robot
2016-09-07 20:33 ` kbuild test robot
3 siblings, 0 replies; 6+ messages in thread
From: kbuild test robot @ 2016-09-07 11:32 UTC (permalink / raw)
To: Lorenzo Colitti
Cc: kbuild-all, netdev, ek, eric.dumazet, davem, dsa, Lorenzo Colitti
Hi Lorenzo,
[auto build test WARNING on net-next/master]
url: https://github.com/0day-ci/linux/commits/Lorenzo-Colitti/net-inet-diag-expose-the-socket-mark-to-privileged-processes/20160907-181944
reproduce:
# apt-get install sparse
make ARCH=x86_64 allmodconfig
make C=1 CF=-D__CHECK_ENDIAN__
sparse warnings: (new ones prefixed by >>)
include/linux/compiler.h:230:8: sparse: attribute 'no_sanitize_address': unknown attribute
>> net/sctp/sctp_diag.c:136:37: sparse: not enough arguments for function inet_diag_msg_attrs_fill
net/sctp/sctp_diag.c: In function 'inet_sctp_diag_fill':
net/sctp/sctp_diag.c:136:6: error: too few arguments to function 'inet_diag_msg_attrs_fill'
if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns))
^~~~~~~~~~~~~~~~~~~~~~~~
In file included from net/sctp/sctp_diag.c:2:0:
include/linux/inet_diag.h:57:5: note: declared here
int inet_diag_msg_attrs_fill(struct sock *sk, struct sk_buff *skb,
^~~~~~~~~~~~~~~~~~~~~~~~
vim +136 net/sctp/sctp_diag.c
8f840e47 Xin Long 2016-04-14 120 nlmsg_flags);
8f840e47 Xin Long 2016-04-14 121 if (!nlh)
8f840e47 Xin Long 2016-04-14 122 return -EMSGSIZE;
8f840e47 Xin Long 2016-04-14 123
8f840e47 Xin Long 2016-04-14 124 r = nlmsg_data(nlh);
8f840e47 Xin Long 2016-04-14 125 BUG_ON(!sk_fullsock(sk));
8f840e47 Xin Long 2016-04-14 126
8f840e47 Xin Long 2016-04-14 127 if (asoc) {
8f840e47 Xin Long 2016-04-14 128 inet_diag_msg_sctpasoc_fill(r, sk, asoc);
8f840e47 Xin Long 2016-04-14 129 } else {
8f840e47 Xin Long 2016-04-14 130 inet_diag_msg_common_fill(r, sk);
8f840e47 Xin Long 2016-04-14 131 r->idiag_state = sk->sk_state;
8f840e47 Xin Long 2016-04-14 132 r->idiag_timer = 0;
8f840e47 Xin Long 2016-04-14 133 r->idiag_retrans = 0;
8f840e47 Xin Long 2016-04-14 134 }
8f840e47 Xin Long 2016-04-14 135
8f840e47 Xin Long 2016-04-14 @136 if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns))
8f840e47 Xin Long 2016-04-14 137 goto errout;
8f840e47 Xin Long 2016-04-14 138
8f840e47 Xin Long 2016-04-14 139 if (ext & (1 << (INET_DIAG_SKMEMINFO - 1))) {
8f840e47 Xin Long 2016-04-14 140 u32 mem[SK_MEMINFO_VARS];
8f840e47 Xin Long 2016-04-14 141 int amt;
8f840e47 Xin Long 2016-04-14 142
8f840e47 Xin Long 2016-04-14 143 if (asoc && asoc->ep->sndbuf_policy)
8f840e47 Xin Long 2016-04-14 144 amt = asoc->sndbuf_used;
:::::: The code at line 136 was first introduced by commit
:::::: 8f840e47f190cbe61a96945c13e9551048d42cef sctp: add the sctp_diag.c file
:::::: TO: Xin Long <lucien.xin@gmail.com>
:::::: CC: David S. Miller <davem@davemloft.net>
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net-next] net: inet: diag: expose the socket mark to privileged processes.
2016-09-07 11:20 ` kbuild test robot
@ 2016-09-07 15:47 ` Lorenzo Colitti
0 siblings, 0 replies; 6+ messages in thread
From: Lorenzo Colitti @ 2016-09-07 15:47 UTC (permalink / raw)
To: netdev; +Cc: Erik Kline, Eric Dumazet, David Miller, David Ahern
On Wed, Sep 7, 2016 at 8:20 PM, kbuild test robot <lkp@intel.com> wrote:
> [auto build test ERROR on net-next/master]
>
> net/sctp/sctp_diag.c: In function 'inet_sctp_diag_fill':
> >> net/sctp/sctp_diag.c:136:6: error: too few arguments to function 'inet_diag_msg_attrs_fill'
> if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns))
> ^~~~~~~~~~~~~~~~~~~~~~~~
Fixed in v3, and unit tests updated with basic SCTP tests as well.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH net-next] net: inet: diag: expose the socket mark to privileged processes.
2016-09-07 9:32 [PATCH net-next] net: inet: diag: expose the socket mark to privileged processes Lorenzo Colitti
` (2 preceding siblings ...)
2016-09-07 11:32 ` kbuild test robot
@ 2016-09-07 20:33 ` kbuild test robot
3 siblings, 0 replies; 6+ messages in thread
From: kbuild test robot @ 2016-09-07 20:33 UTC (permalink / raw)
To: Lorenzo Colitti
Cc: kbuild-all, netdev, ek, eric.dumazet, davem, dsa, Lorenzo Colitti
[-- Attachment #1: Type: text/plain, Size: 13225 bytes --]
Hi Lorenzo,
[auto build test WARNING on net-next/master]
url: https://github.com/0day-ci/linux/commits/Lorenzo-Colitti/net-inet-diag-expose-the-socket-mark-to-privileged-processes/20160907-181944
config: x86_64-randconfig-s2-09071905 (attached as .config)
compiler: gcc-6 (Debian 6.1.1-9) 6.1.1 20160705
reproduce:
# save the attached .config to linux build tree
make ARCH=x86_64
All warnings (new ones prefixed by >>):
In file included from include/uapi/linux/stddef.h:1:0,
from include/linux/stddef.h:4,
from include/uapi/linux/posix_types.h:4,
from include/uapi/linux/types.h:13,
from include/linux/types.h:5,
from include/linux/list.h:4,
from include/linux/module.h:9,
from net/sctp/sctp_diag.c:1:
net/sctp/sctp_diag.c: In function 'inet_sctp_diag_fill':
net/sctp/sctp_diag.c:136:6: error: too few arguments to function 'inet_diag_msg_attrs_fill'
if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns))
^
include/linux/compiler.h:149:30: note: in definition of macro '__trace_if'
if (__builtin_constant_p(!!(cond)) ? !!(cond) : \
^~~~
>> net/sctp/sctp_diag.c:136:2: note: in expansion of macro 'if'
if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns))
^~
In file included from net/sctp/sctp_diag.c:2:0:
include/linux/inet_diag.h:57:5: note: declared here
int inet_diag_msg_attrs_fill(struct sock *sk, struct sk_buff *skb,
^~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/uapi/linux/stddef.h:1:0,
from include/linux/stddef.h:4,
from include/uapi/linux/posix_types.h:4,
from include/uapi/linux/types.h:13,
from include/linux/types.h:5,
from include/linux/list.h:4,
from include/linux/module.h:9,
from net/sctp/sctp_diag.c:1:
net/sctp/sctp_diag.c:136:6: error: too few arguments to function 'inet_diag_msg_attrs_fill'
if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns))
^
include/linux/compiler.h:149:42: note: in definition of macro '__trace_if'
if (__builtin_constant_p(!!(cond)) ? !!(cond) : \
^~~~
>> net/sctp/sctp_diag.c:136:2: note: in expansion of macro 'if'
if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns))
^~
In file included from net/sctp/sctp_diag.c:2:0:
include/linux/inet_diag.h:57:5: note: declared here
int inet_diag_msg_attrs_fill(struct sock *sk, struct sk_buff *skb,
^~~~~~~~~~~~~~~~~~~~~~~~
In file included from include/uapi/linux/stddef.h:1:0,
from include/linux/stddef.h:4,
from include/uapi/linux/posix_types.h:4,
from include/uapi/linux/types.h:13,
from include/linux/types.h:5,
from include/linux/list.h:4,
from include/linux/module.h:9,
from net/sctp/sctp_diag.c:1:
net/sctp/sctp_diag.c:136:6: error: too few arguments to function 'inet_diag_msg_attrs_fill'
if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns))
^
include/linux/compiler.h:160:16: note: in definition of macro '__trace_if'
______r = !!(cond); \
^~~~
>> net/sctp/sctp_diag.c:136:2: note: in expansion of macro 'if'
if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns))
^~
In file included from net/sctp/sctp_diag.c:2:0:
include/linux/inet_diag.h:57:5: note: declared here
int inet_diag_msg_attrs_fill(struct sock *sk, struct sk_buff *skb,
^~~~~~~~~~~~~~~~~~~~~~~~
vim +/if +136 net/sctp/sctp_diag.c
8f840e47 Xin Long 2016-04-14 @1 #include <linux/module.h>
8f840e47 Xin Long 2016-04-14 2 #include <linux/inet_diag.h>
8f840e47 Xin Long 2016-04-14 3 #include <linux/sock_diag.h>
8f840e47 Xin Long 2016-04-14 4 #include <net/sctp/sctp.h>
8f840e47 Xin Long 2016-04-14 5
8f840e47 Xin Long 2016-04-14 6 static void sctp_diag_get_info(struct sock *sk, struct inet_diag_msg *r,
8f840e47 Xin Long 2016-04-14 7 void *info);
8f840e47 Xin Long 2016-04-14 8
8f840e47 Xin Long 2016-04-14 9 /* define some functions to make asoc/ep fill look clean */
8f840e47 Xin Long 2016-04-14 10 static void inet_diag_msg_sctpasoc_fill(struct inet_diag_msg *r,
8f840e47 Xin Long 2016-04-14 11 struct sock *sk,
8f840e47 Xin Long 2016-04-14 12 struct sctp_association *asoc)
8f840e47 Xin Long 2016-04-14 13 {
8f840e47 Xin Long 2016-04-14 14 union sctp_addr laddr, paddr;
8f840e47 Xin Long 2016-04-14 15 struct dst_entry *dst;
12474e8e Phil Sutter 2016-08-04 16 struct timer_list *t3_rtx = &asoc->peer.primary_path->T3_rtx_timer;
8f840e47 Xin Long 2016-04-14 17
8f840e47 Xin Long 2016-04-14 18 laddr = list_entry(asoc->base.bind_addr.address_list.next,
8f840e47 Xin Long 2016-04-14 19 struct sctp_sockaddr_entry, list)->a;
8f840e47 Xin Long 2016-04-14 20 paddr = asoc->peer.primary_path->ipaddr;
8f840e47 Xin Long 2016-04-14 21 dst = asoc->peer.primary_path->dst;
8f840e47 Xin Long 2016-04-14 22
8f840e47 Xin Long 2016-04-14 23 r->idiag_family = sk->sk_family;
8f840e47 Xin Long 2016-04-14 24 r->id.idiag_sport = htons(asoc->base.bind_addr.port);
8f840e47 Xin Long 2016-04-14 25 r->id.idiag_dport = htons(asoc->peer.port);
8f840e47 Xin Long 2016-04-14 26 r->id.idiag_if = dst ? dst->dev->ifindex : 0;
8f840e47 Xin Long 2016-04-14 27 sock_diag_save_cookie(sk, r->id.idiag_cookie);
8f840e47 Xin Long 2016-04-14 28
8f840e47 Xin Long 2016-04-14 29 #if IS_ENABLED(CONFIG_IPV6)
8f840e47 Xin Long 2016-04-14 30 if (sk->sk_family == AF_INET6) {
8f840e47 Xin Long 2016-04-14 31 *(struct in6_addr *)r->id.idiag_src = laddr.v6.sin6_addr;
8f840e47 Xin Long 2016-04-14 32 *(struct in6_addr *)r->id.idiag_dst = paddr.v6.sin6_addr;
8f840e47 Xin Long 2016-04-14 33 } else
8f840e47 Xin Long 2016-04-14 34 #endif
8f840e47 Xin Long 2016-04-14 35 {
8f840e47 Xin Long 2016-04-14 36 memset(&r->id.idiag_src, 0, sizeof(r->id.idiag_src));
8f840e47 Xin Long 2016-04-14 37 memset(&r->id.idiag_dst, 0, sizeof(r->id.idiag_dst));
8f840e47 Xin Long 2016-04-14 38
8f840e47 Xin Long 2016-04-14 39 r->id.idiag_src[0] = laddr.v4.sin_addr.s_addr;
8f840e47 Xin Long 2016-04-14 40 r->id.idiag_dst[0] = paddr.v4.sin_addr.s_addr;
8f840e47 Xin Long 2016-04-14 41 }
8f840e47 Xin Long 2016-04-14 42
8f840e47 Xin Long 2016-04-14 43 r->idiag_state = asoc->state;
12474e8e Phil Sutter 2016-08-04 44 if (timer_pending(t3_rtx)) {
8f840e47 Xin Long 2016-04-14 45 r->idiag_timer = SCTP_EVENT_TIMEOUT_T3_RTX;
8f840e47 Xin Long 2016-04-14 46 r->idiag_retrans = asoc->rtx_data_chunks;
12474e8e Phil Sutter 2016-08-04 47 r->idiag_expires = jiffies_to_msecs(t3_rtx->expires - jiffies);
12474e8e Phil Sutter 2016-08-04 48 } else {
12474e8e Phil Sutter 2016-08-04 49 r->idiag_timer = 0;
12474e8e Phil Sutter 2016-08-04 50 r->idiag_retrans = 0;
12474e8e Phil Sutter 2016-08-04 51 r->idiag_expires = 0;
12474e8e Phil Sutter 2016-08-04 52 }
8f840e47 Xin Long 2016-04-14 53 }
8f840e47 Xin Long 2016-04-14 54
8f840e47 Xin Long 2016-04-14 55 static int inet_diag_msg_sctpladdrs_fill(struct sk_buff *skb,
8f840e47 Xin Long 2016-04-14 56 struct list_head *address_list)
8f840e47 Xin Long 2016-04-14 57 {
8f840e47 Xin Long 2016-04-14 58 struct sctp_sockaddr_entry *laddr;
8f840e47 Xin Long 2016-04-14 59 int addrlen = sizeof(struct sockaddr_storage);
8f840e47 Xin Long 2016-04-14 60 int addrcnt = 0;
8f840e47 Xin Long 2016-04-14 61 struct nlattr *attr;
8f840e47 Xin Long 2016-04-14 62 void *info = NULL;
8f840e47 Xin Long 2016-04-14 63
8f840e47 Xin Long 2016-04-14 64 list_for_each_entry_rcu(laddr, address_list, list)
8f840e47 Xin Long 2016-04-14 65 addrcnt++;
8f840e47 Xin Long 2016-04-14 66
8f840e47 Xin Long 2016-04-14 67 attr = nla_reserve(skb, INET_DIAG_LOCALS, addrlen * addrcnt);
8f840e47 Xin Long 2016-04-14 68 if (!attr)
8f840e47 Xin Long 2016-04-14 69 return -EMSGSIZE;
8f840e47 Xin Long 2016-04-14 70
8f840e47 Xin Long 2016-04-14 71 info = nla_data(attr);
8f840e47 Xin Long 2016-04-14 72 list_for_each_entry_rcu(laddr, address_list, list) {
8f840e47 Xin Long 2016-04-14 73 memcpy(info, &laddr->a, addrlen);
8f840e47 Xin Long 2016-04-14 74 info += addrlen;
8f840e47 Xin Long 2016-04-14 75 }
8f840e47 Xin Long 2016-04-14 76
8f840e47 Xin Long 2016-04-14 77 return 0;
8f840e47 Xin Long 2016-04-14 78 }
8f840e47 Xin Long 2016-04-14 79
8f840e47 Xin Long 2016-04-14 80 static int inet_diag_msg_sctpaddrs_fill(struct sk_buff *skb,
8f840e47 Xin Long 2016-04-14 81 struct sctp_association *asoc)
8f840e47 Xin Long 2016-04-14 82 {
8f840e47 Xin Long 2016-04-14 83 int addrlen = sizeof(struct sockaddr_storage);
8f840e47 Xin Long 2016-04-14 84 struct sctp_transport *from;
8f840e47 Xin Long 2016-04-14 85 struct nlattr *attr;
8f840e47 Xin Long 2016-04-14 86 void *info = NULL;
8f840e47 Xin Long 2016-04-14 87
8f840e47 Xin Long 2016-04-14 88 attr = nla_reserve(skb, INET_DIAG_PEERS,
8f840e47 Xin Long 2016-04-14 89 addrlen * asoc->peer.transport_count);
8f840e47 Xin Long 2016-04-14 90 if (!attr)
8f840e47 Xin Long 2016-04-14 91 return -EMSGSIZE;
8f840e47 Xin Long 2016-04-14 92
8f840e47 Xin Long 2016-04-14 93 info = nla_data(attr);
8f840e47 Xin Long 2016-04-14 94 list_for_each_entry(from, &asoc->peer.transport_addr_list,
8f840e47 Xin Long 2016-04-14 95 transports) {
8f840e47 Xin Long 2016-04-14 96 memcpy(info, &from->ipaddr, addrlen);
8f840e47 Xin Long 2016-04-14 97 info += addrlen;
8f840e47 Xin Long 2016-04-14 98 }
8f840e47 Xin Long 2016-04-14 99
8f840e47 Xin Long 2016-04-14 100 return 0;
8f840e47 Xin Long 2016-04-14 101 }
8f840e47 Xin Long 2016-04-14 102
8f840e47 Xin Long 2016-04-14 103 /* sctp asoc/ep fill*/
8f840e47 Xin Long 2016-04-14 104 static int inet_sctp_diag_fill(struct sock *sk, struct sctp_association *asoc,
8f840e47 Xin Long 2016-04-14 105 struct sk_buff *skb,
8f840e47 Xin Long 2016-04-14 106 const struct inet_diag_req_v2 *req,
8f840e47 Xin Long 2016-04-14 107 struct user_namespace *user_ns,
8f840e47 Xin Long 2016-04-14 108 int portid, u32 seq, u16 nlmsg_flags,
8f840e47 Xin Long 2016-04-14 109 const struct nlmsghdr *unlh)
8f840e47 Xin Long 2016-04-14 110 {
8f840e47 Xin Long 2016-04-14 111 struct sctp_endpoint *ep = sctp_sk(sk)->ep;
8f840e47 Xin Long 2016-04-14 112 struct list_head *addr_list;
8f840e47 Xin Long 2016-04-14 113 struct inet_diag_msg *r;
8f840e47 Xin Long 2016-04-14 114 struct nlmsghdr *nlh;
8f840e47 Xin Long 2016-04-14 115 int ext = req->idiag_ext;
8f840e47 Xin Long 2016-04-14 116 struct sctp_infox infox;
8f840e47 Xin Long 2016-04-14 117 void *info = NULL;
8f840e47 Xin Long 2016-04-14 118
8f840e47 Xin Long 2016-04-14 119 nlh = nlmsg_put(skb, portid, seq, unlh->nlmsg_type, sizeof(*r),
8f840e47 Xin Long 2016-04-14 120 nlmsg_flags);
8f840e47 Xin Long 2016-04-14 121 if (!nlh)
8f840e47 Xin Long 2016-04-14 122 return -EMSGSIZE;
8f840e47 Xin Long 2016-04-14 123
8f840e47 Xin Long 2016-04-14 124 r = nlmsg_data(nlh);
8f840e47 Xin Long 2016-04-14 125 BUG_ON(!sk_fullsock(sk));
8f840e47 Xin Long 2016-04-14 126
8f840e47 Xin Long 2016-04-14 127 if (asoc) {
8f840e47 Xin Long 2016-04-14 128 inet_diag_msg_sctpasoc_fill(r, sk, asoc);
8f840e47 Xin Long 2016-04-14 129 } else {
8f840e47 Xin Long 2016-04-14 130 inet_diag_msg_common_fill(r, sk);
8f840e47 Xin Long 2016-04-14 131 r->idiag_state = sk->sk_state;
8f840e47 Xin Long 2016-04-14 132 r->idiag_timer = 0;
8f840e47 Xin Long 2016-04-14 133 r->idiag_retrans = 0;
8f840e47 Xin Long 2016-04-14 134 }
8f840e47 Xin Long 2016-04-14 135
8f840e47 Xin Long 2016-04-14 @136 if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns))
8f840e47 Xin Long 2016-04-14 137 goto errout;
8f840e47 Xin Long 2016-04-14 138
8f840e47 Xin Long 2016-04-14 139 if (ext & (1 << (INET_DIAG_SKMEMINFO - 1))) {
:::::: The code at line 136 was first introduced by commit
:::::: 8f840e47f190cbe61a96945c13e9551048d42cef sctp: add the sctp_diag.c file
:::::: TO: Xin Long <lucien.xin@gmail.com>
:::::: CC: David S. Miller <davem@davemloft.net>
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
[-- Attachment #2: .config.gz --]
[-- Type: application/octet-stream, Size: 29858 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2016-09-07 15:47 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-09-07 9:32 [PATCH net-next] net: inet: diag: expose the socket mark to privileged processes Lorenzo Colitti
2016-09-07 9:48 ` Lorenzo Colitti
2016-09-07 11:20 ` kbuild test robot
2016-09-07 15:47 ` Lorenzo Colitti
2016-09-07 11:32 ` kbuild test robot
2016-09-07 20:33 ` kbuild test robot
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.