lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:   Thu, 26 Jul 2018 03:31:34 +0100
From:   Dmitry Safonov <dima@...sta.com>
To:     linux-kernel@...r.kernel.org
Cc:     Dmitry Safonov <dima@...sta.com>,
        "David S. Miller" <davem@...emloft.net>,
        Herbert Xu <herbert@...dor.apana.org.au>,
        Steffen Klassert <steffen.klassert@...unet.com>,
        Dmitry Safonov <0x7f454c46@...il.com>, netdev@...r.kernel.org
Subject: [PATCH 08/18] xfrm: Add in-kernel groups for compat notifications

Introduce kernel-only, hidden from userspace groups.
Application that bind()ed by kernel to such group will receive netlink
messages in compatible ABI on 64-bit kernels.

Cc: "David S. Miller" <davem@...emloft.net>
Cc: Herbert Xu <herbert@...dor.apana.org.au>
Cc: Steffen Klassert <steffen.klassert@...unet.com>
Cc: netdev@...r.kernel.org
Signed-off-by: Dmitry Safonov <dima@...sta.com>
---
 net/xfrm/xfrm_user.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 53 insertions(+), 1 deletion(-)

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index bf2ca93edaf5..b123e788488f 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -67,6 +67,29 @@ struct xfrm_userspi_info_packed {
 	__u32				max;
 } __packed;
 
+/* In-kernel, non-uapi compat groups.
+ * As compat/native messages differ, send notifications according
+ * to .bind() caller's ABI. There are *_COMPAT hidden from userspace
+ * groups for such task.
+ */
+enum xfrm_nlgroups_kernel {
+	XFRMNLGRP_COMPAT_MIN = XFRMNLGRP_MAX,
+	XFRMNLGRP_COMPAT_ACQUIRE,
+	XFRMNLGRP_COMPAT_EXPIRE,
+	XFRMNLGRP_COMPAT_SA,
+	XFRMNLGRP_COMPAT_POLICY,
+	/* Group messages for the following notifications do not differ
+	 * in size between native and compat structures:
+	 * XFRMNLGRP_AEVENTS,
+	 * XFRMNLGRP_REPORT,
+	 * XFRMNLGRP_MIGRATE,
+	 * XFRMNLGRP_MAPPING,
+	 */
+	__XFRMNLGRP_COMPAT_MAX
+};
+
+#define XFRMNLGRP_KERNEL_MAX	(__XFRMNLGRP_COMPAT_MAX - 1)
+
 static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type)
 {
 	struct nlattr *rt = attrs[type];
@@ -2645,6 +2668,34 @@ static void xfrm_netlink_rcv(struct sk_buff *skb)
 	mutex_unlock(&net->xfrm.xfrm_cfg_mutex);
 }
 
+static inline void xfrm_nlgrp_compat(unsigned long *groups,
+		int group, int group_compat)
+{
+	unsigned long group_bit = 1UL << (group - 1);
+
+	if (*groups & group_bit) {
+		*groups &= ~group_bit;
+		*groups |= 1UL << (group_compat - 1);
+	}
+}
+
+static int xfrm_netlink_bind(struct net *net, unsigned long *groups)
+{
+	unsigned long uapi_mask = (1UL << XFRMNLGRP_MAX) - 1;
+
+	*groups &= uapi_mask;
+
+	if (!in_compat_syscall())
+		return 0;
+
+	xfrm_nlgrp_compat(groups, XFRMNLGRP_ACQUIRE, XFRMNLGRP_COMPAT_ACQUIRE);
+	xfrm_nlgrp_compat(groups, XFRMNLGRP_EXPIRE, XFRMNLGRP_COMPAT_EXPIRE);
+	xfrm_nlgrp_compat(groups, XFRMNLGRP_SA, XFRMNLGRP_COMPAT_SA);
+	xfrm_nlgrp_compat(groups, XFRMNLGRP_POLICY, XFRMNLGRP_COMPAT_POLICY);
+
+	return 0;
+}
+
 static inline unsigned int xfrm_expire_msgsize(void)
 {
 	return NLMSG_ALIGN(sizeof(struct xfrm_user_expire))
@@ -3283,8 +3334,9 @@ static int __net_init xfrm_user_net_init(struct net *net)
 {
 	struct sock *nlsk;
 	struct netlink_kernel_cfg cfg = {
-		.groups	= XFRMNLGRP_MAX,
+		.groups	= XFRMNLGRP_KERNEL_MAX,
 		.input	= xfrm_netlink_rcv,
+		.bind	= xfrm_netlink_bind,
 	};
 
 	nlsk = netlink_kernel_create(net, NETLINK_XFRM, &cfg);
-- 
2.13.6

Powered by blists - more mailing lists