* [PATCH] decnet: fix DN_IFREQ_SIZE
@ 2019-01-26 20:12 Johannes Berg
2019-01-28 7:13 ` David Miller
0 siblings, 1 reply; 2+ messages in thread
From: Johannes Berg @ 2019-01-26 20:12 UTC (permalink / raw)
To: netdev; +Cc: viro, linux-decnet-user, Johannes Berg
From: Johannes Berg <johannes.berg@intel.com>
Digging through the ioctls with Al because of the previous
patches, we found that on 64-bit decnet's dn_dev_ioctl()
is wrong, because struct ifreq::ifr_ifru is actually 24
bytes (not 16 as expected from struct sockaddr) due to the
ifru_map and ifru_settings members.
Clearly, decnet expects the ioctl to be called with a struct
like
struct ifreq_dn {
char ifr_name[IFNAMSIZ];
struct sockaddr_dn ifr_addr;
};
since it does
struct ifreq *ifr = ...;
struct sockaddr_dn *sdn = (struct sockaddr_dn *)&ifr->ifr_addr;
This means that DN_IFREQ_SIZE is too big for what it wants on
64-bit, as it is
sizeof(struct ifreq) - sizeof(struct sockaddr) +
sizeof(struct sockaddr_dn)
This assumes that sizeof(struct sockaddr) is the size of ifr_ifru
but that isn't true.
Fix this to use offsetof(struct ifreq, ifr_ifru).
This indeed doesn't really matter much - the result is that we
copy in/out 8 bytes more than we should on 64-bit platforms. In
case the "struct ifreq_dn" lands just on the end of a page though
it might lead to faults.
As far as I can tell, it has been like this forever, so it seems
very likely that nobody cares.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
net/decnet/dn_dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c
index d0b3e69c6b39..0962f9201baa 100644
--- a/net/decnet/dn_dev.c
+++ b/net/decnet/dn_dev.c
@@ -56,7 +56,7 @@
#include <net/dn_neigh.h>
#include <net/dn_fib.h>
-#define DN_IFREQ_SIZE (sizeof(struct ifreq) - sizeof(struct sockaddr) + sizeof(struct sockaddr_dn))
+#define DN_IFREQ_SIZE (offsetof(struct ifreq, ifr_ifru) + sizeof(struct sockaddr_dn))
static char dn_rt_all_end_mcast[ETH_ALEN] = {0xAB,0x00,0x00,0x04,0x00,0x00};
static char dn_rt_all_rt_mcast[ETH_ALEN] = {0xAB,0x00,0x00,0x03,0x00,0x00};
--
2.17.2
^ permalink raw reply related [flat|nested] 2+ messages in thread
* Re: [PATCH] decnet: fix DN_IFREQ_SIZE
2019-01-26 20:12 [PATCH] decnet: fix DN_IFREQ_SIZE Johannes Berg
@ 2019-01-28 7:13 ` David Miller
0 siblings, 0 replies; 2+ messages in thread
From: David Miller @ 2019-01-28 7:13 UTC (permalink / raw)
To: johannes; +Cc: netdev, viro, linux-decnet-user, johannes.berg
From: Johannes Berg <johannes@sipsolutions.net>
Date: Sat, 26 Jan 2019 21:12:19 +0100
> From: Johannes Berg <johannes.berg@intel.com>
>
> Digging through the ioctls with Al because of the previous
> patches, we found that on 64-bit decnet's dn_dev_ioctl()
> is wrong, because struct ifreq::ifr_ifru is actually 24
> bytes (not 16 as expected from struct sockaddr) due to the
> ifru_map and ifru_settings members.
>
> Clearly, decnet expects the ioctl to be called with a struct
> like
> struct ifreq_dn {
> char ifr_name[IFNAMSIZ];
> struct sockaddr_dn ifr_addr;
> };
>
> since it does
> struct ifreq *ifr = ...;
> struct sockaddr_dn *sdn = (struct sockaddr_dn *)&ifr->ifr_addr;
>
> This means that DN_IFREQ_SIZE is too big for what it wants on
> 64-bit, as it is
> sizeof(struct ifreq) - sizeof(struct sockaddr) +
> sizeof(struct sockaddr_dn)
>
> This assumes that sizeof(struct sockaddr) is the size of ifr_ifru
> but that isn't true.
>
> Fix this to use offsetof(struct ifreq, ifr_ifru).
>
> This indeed doesn't really matter much - the result is that we
> copy in/out 8 bytes more than we should on 64-bit platforms. In
> case the "struct ifreq_dn" lands just on the end of a page though
> it might lead to faults.
>
> As far as I can tell, it has been like this forever, so it seems
> very likely that nobody cares.
>
> Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Applied.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2019-01-28 7:13 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-01-26 20:12 [PATCH] decnet: fix DN_IFREQ_SIZE Johannes Berg
2019-01-28 7:13 ` David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).