lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20180726023144.31066-12-dima@arista.com>
Date:   Thu, 26 Jul 2018 03:31:37 +0100
From:   Dmitry Safonov <dima@...sta.com>
To:     linux-kernel@...r.kernel.org
Cc:     Dmitry Safonov <dima@...sta.com>,
        "David S. Miller" <davem@...emloft.net>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        Steffen Klassert <steffen.klassert@...unet.com>,
        Dmitry Safonov <0x7f454c46@...il.com>, netdev@...r.kernel.org
Subject: [PATCH 11/18] xfrm: Add compat support for xfrm_user_expire messages

Parse expire messages sent by userspace according to in_compat_syscall().
Applications that used native bind() syscall are in XFRMNLGRP_EXPIRE, so
send there xfrm_usersa_info messages (with 64-bit ABI). Compatible
applications are added to kernel-hidden XFRMNLGRP_COMPAT_EXPIRE group, so
send there xfrm_usersa_info messages_packed (with 32-bit ABI)

Cc: "David S. Miller" <davem@...emloft.net>
Cc: Herbert Xu <herbert@...dor.apana.org.au>
Cc: Steffen Klassert <steffen.klassert@...unet.com>
Cc: netdev@...r.kernel.org
Signed-off-by: Dmitry Safonov <dima@...sta.com>
---
 net/xfrm/xfrm_user.c | 95 +++++++++++++++++++++++++++++++++++-----------------
 1 file changed, 65 insertions(+), 30 deletions(-)

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 230462077dc9..ca1a14f45cf7 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -67,6 +67,12 @@ struct xfrm_userspi_info_packed {
 	__u32				max;
 } __packed;
 
+struct xfrm_user_expire_packed {
+	struct xfrm_usersa_info_packed	state;
+	__u8				hard;
+	__u8				__pad[3];
+} __packed;
+
 /* In-kernel, non-uapi compat groups.
  * As compat/native messages differ, send notifications according
  * to .bind() caller's ABI. There are *_COMPAT hidden from userspace
@@ -2240,10 +2246,19 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
 	struct net *net = sock_net(skb->sk);
 	struct xfrm_state *x;
 	int err;
-	struct xfrm_user_expire *ue = nlmsg_data(nlh);
-	struct xfrm_usersa_info_packed *p = (struct xfrm_usersa_info_packed *)&ue->state;
+	struct xfrm_user_expire_packed *ue = nlmsg_data(nlh);
+	struct xfrm_usersa_info_packed *p = &ue->state;
 	struct xfrm_mark m;
 	u32 mark = xfrm_mark_get(attrs, &m);
+	u8 hard;
+
+	if (in_compat_syscall()) {
+		hard = ue->hard;
+	} else {
+		struct xfrm_user_expire *expire = nlmsg_data(nlh);
+
+		hard = expire->hard;
+	}
 
 	x = xfrm_state_lookup(net, mark, &p->id.daddr, p->id.spi, p->id.proto, p->family);
 
@@ -2255,9 +2270,9 @@ static int xfrm_add_sa_expire(struct sk_buff *skb, struct nlmsghdr *nlh,
 	err = -EINVAL;
 	if (x->km.state != XFRM_STATE_VALID)
 		goto out;
-	km_state_expired(x, ue->hard, nlh->nlmsg_pid);
+	km_state_expired(x, hard, nlh->nlmsg_pid);
 
-	if (ue->hard) {
+	if (hard) {
 		__xfrm_state_delete(x);
 		xfrm_audit_state_delete(x, 1, true);
 	}
@@ -2727,33 +2742,49 @@ static int xfrm_netlink_bind(struct net *net, unsigned long *groups)
 	return 0;
 }
 
-static inline unsigned int xfrm_expire_msgsize(void)
-{
-	return NLMSG_ALIGN(sizeof(struct xfrm_user_expire))
-	       + nla_total_size(sizeof(struct xfrm_mark));
-}
-
-static int build_expire(struct sk_buff *skb, struct xfrm_state *x, const struct km_event *c)
+static int build_expire(struct sk_buff **skb, struct xfrm_state *x,
+		const struct km_event *c, bool compat)
 {
-	struct xfrm_user_expire *ue;
 	struct nlmsghdr *nlh;
+	unsigned int ue_sz;
 	int err;
 
-	nlh = nlmsg_put(skb, c->portid, 0, XFRM_MSG_EXPIRE, sizeof(*ue), 0);
-	if (nlh == NULL)
+	if (compat)
+		ue_sz = NLMSG_ALIGN(sizeof(struct xfrm_user_expire_packed));
+	else
+		ue_sz = NLMSG_ALIGN(sizeof(struct xfrm_user_expire));
+
+	*skb = nlmsg_new(ue_sz + nla_total_size(sizeof(struct xfrm_mark)), GFP_ATOMIC);
+	if (*skb == NULL)
+		return -ENOMEM;
+
+	nlh = nlmsg_put(*skb, c->portid, 0, XFRM_MSG_EXPIRE, ue_sz, 0);
+	if (nlh == NULL) {
+		kfree_skb(*skb);
 		return -EMSGSIZE;
+	}
 
-	ue = nlmsg_data(nlh);
-	copy_to_user_state(x, &ue->state);
-	ue->hard = (c->data.hard != 0) ? 1 : 0;
-	/* clear the padding bytes */
-	memset(&ue->hard + 1, 0, sizeof(*ue) - offsetofend(typeof(*ue), hard));
+	if (compat) {
+		struct xfrm_user_expire_packed *ue = nlmsg_data(nlh);
 
-	err = xfrm_mark_put(skb, &x->mark);
-	if (err)
+		copy_to_user_state_compat(x, &ue->state);
+		ue->hard = (c->data.hard != 0) ? 1 : 0;
+	} else {
+		struct xfrm_user_expire *ue = nlmsg_data(nlh);
+
+		copy_to_user_state(x, &ue->state);
+		ue->hard = (c->data.hard != 0) ? 1 : 0;
+		/* clear the padding bytes */
+		memset(&ue->hard + 1, 0, sizeof(*ue) - offsetofend(typeof(*ue), hard));
+	}
+
+	err = xfrm_mark_put(*skb, &x->mark);
+	if (err) {
+		kfree_skb(*skb);
 		return err;
+	}
 
-	nlmsg_end(skb, nlh);
+	nlmsg_end(*skb, nlh);
 	return 0;
 }
 
@@ -2761,17 +2792,21 @@ static int xfrm_exp_state_notify(struct xfrm_state *x, const struct km_event *c)
 {
 	struct net *net = xs_net(x);
 	struct sk_buff *skb;
+	int err;
 
-	skb = nlmsg_new(xfrm_expire_msgsize(), GFP_ATOMIC);
-	if (skb == NULL)
-		return -ENOMEM;
+	err = build_expire(&skb, x, c, false);
+	if (err)
+		return err;
 
-	if (build_expire(skb, x, c) < 0) {
-		kfree_skb(skb);
-		return -EMSGSIZE;
-	}
+	err = xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_EXPIRE);
+	if ((err && err != -ESRCH) || !IS_ENABLED(CONFIG_COMPAT))
+		return err;
 
-	return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_EXPIRE);
+	err = build_expire(&skb, x, c, true);
+	if (err)
+		return err;
+
+	return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_COMPAT_EXPIRE);
 }
 
 static int xfrm_aevent_state_notify(struct xfrm_state *x, const struct km_event *c)
-- 
2.13.6

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ