[PATCH] decnet: fix DN_IFREQ_SIZE

[PATCH] decnet: fix DN_IFREQ_SIZE

[Johannes Berg]

From: Johannes Berg <johannes.berg@intel.com>

Digging through the ioctls with Al because of the previous
patches, we found that on 64-bit decnet's dn_dev_ioctl()
is wrong, because struct ifreq::ifr_ifru is actually 24
bytes (not 16 as expected from struct sockaddr) due to the
ifru_map and ifru_settings members.

Clearly, decnet expects the ioctl to be called with a struct
like
  struct ifreq_dn {
    char ifr_name[IFNAMSIZ];
    struct sockaddr_dn ifr_addr;
  };

since it does
  struct ifreq *ifr = ...;
  struct sockaddr_dn *sdn = (struct sockaddr_dn *)&ifr->ifr_addr;

This means that DN_IFREQ_SIZE is too big for what it wants on
64-bit, as it is
  sizeof(struct ifreq) - sizeof(struct sockaddr) +
  sizeof(struct sockaddr_dn)

This assumes that sizeof(struct sockaddr) is the size of ifr_ifru
but that isn't true.

Fix this to use offsetof(struct ifreq, ifr_ifru).

This indeed doesn't really matter much - the result is that we
copy in/out 8 bytes more than we should on 64-bit platforms. In
case the "struct ifreq_dn" lands just on the end of a page though
it might lead to faults.

As far as I can tell, it has been like this forever, so it seems
very likely that nobody cares.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
---
 net/decnet/dn_dev.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c
index d0b3e69c6b39..0962f9201baa 100644
--- a/net/decnet/dn_dev.c
+++ b/net/decnet/dn_dev.c
@@ -56,7 +56,7 @@
 #include <net/dn_neigh.h>
 #include <net/dn_fib.h>
 
-#define DN_IFREQ_SIZE (sizeof(struct ifreq) - sizeof(struct sockaddr) + sizeof(struct sockaddr_dn))
+#define DN_IFREQ_SIZE (offsetof(struct ifreq, ifr_ifru) + sizeof(struct sockaddr_dn))
 
 static char dn_rt_all_end_mcast[ETH_ALEN] = {0xAB,0x00,0x00,0x04,0x00,0x00};
 static char dn_rt_all_rt_mcast[ETH_ALEN]  = {0xAB,0x00,0x00,0x03,0x00,0x00};
-- 
2.17.2

Re: [PATCH] decnet: fix DN_IFREQ_SIZE

[David Miller]

From: Johannes Berg <johannes@sipsolutions.net>
Date: Sat, 26 Jan 2019 21:12:19 +0100

> From: Johannes Berg <johannes.berg@intel.com>
> 
> Digging through the ioctls with Al because of the previous
> patches, we found that on 64-bit decnet's dn_dev_ioctl()
> is wrong, because struct ifreq::ifr_ifru is actually 24
> bytes (not 16 as expected from struct sockaddr) due to the
> ifru_map and ifru_settings members.
> 
> Clearly, decnet expects the ioctl to be called with a struct
> like
>   struct ifreq_dn {
>     char ifr_name[IFNAMSIZ];
>     struct sockaddr_dn ifr_addr;
>   };
> 
> since it does
>   struct ifreq *ifr = ...;
>   struct sockaddr_dn *sdn = (struct sockaddr_dn *)&ifr->ifr_addr;
> 
> This means that DN_IFREQ_SIZE is too big for what it wants on
> 64-bit, as it is
>   sizeof(struct ifreq) - sizeof(struct sockaddr) +
>   sizeof(struct sockaddr_dn)
> 
> This assumes that sizeof(struct sockaddr) is the size of ifr_ifru
> but that isn't true.
> 
> Fix this to use offsetof(struct ifreq, ifr_ifru).
> 
> This indeed doesn't really matter much - the result is that we
> copy in/out 8 bytes more than we should on 64-bit platforms. In
> case the "struct ifreq_dn" lands just on the end of a page though
> it might lead to faults.
> 
> As far as I can tell, it has been like this forever, so it seems
> very likely that nobody cares.
> 
> Signed-off-by: Johannes Berg <johannes.berg@intel.com>

Applied.