lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 26 Jul 2018 03:31:34 +0100 From: Dmitry Safonov <dima@...sta.com> To: linux-kernel@...r.kernel.org Cc: Dmitry Safonov <dima@...sta.com>, "David S. Miller" <davem@...emloft.net>, Herbert Xu <herbert@...dor.apana.org.au>, Steffen Klassert <steffen.klassert@...unet.com>, Dmitry Safonov <0x7f454c46@...il.com>, netdev@...r.kernel.org Subject: [PATCH 08/18] xfrm: Add in-kernel groups for compat notifications Introduce kernel-only, hidden from userspace groups. Application that bind()ed by kernel to such group will receive netlink messages in compatible ABI on 64-bit kernels. Cc: "David S. Miller" <davem@...emloft.net> Cc: Herbert Xu <herbert@...dor.apana.org.au> Cc: Steffen Klassert <steffen.klassert@...unet.com> Cc: netdev@...r.kernel.org Signed-off-by: Dmitry Safonov <dima@...sta.com> --- net/xfrm/xfrm_user.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 53 insertions(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index bf2ca93edaf5..b123e788488f 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -67,6 +67,29 @@ struct xfrm_userspi_info_packed { __u32 max; } __packed; +/* In-kernel, non-uapi compat groups. + * As compat/native messages differ, send notifications according + * to .bind() caller's ABI. There are *_COMPAT hidden from userspace + * groups for such task. + */ +enum xfrm_nlgroups_kernel { + XFRMNLGRP_COMPAT_MIN = XFRMNLGRP_MAX, + XFRMNLGRP_COMPAT_ACQUIRE, + XFRMNLGRP_COMPAT_EXPIRE, + XFRMNLGRP_COMPAT_SA, + XFRMNLGRP_COMPAT_POLICY, + /* Group messages for the following notifications do not differ + * in size between native and compat structures: + * XFRMNLGRP_AEVENTS, + * XFRMNLGRP_REPORT, + * XFRMNLGRP_MIGRATE, + * XFRMNLGRP_MAPPING, + */ + __XFRMNLGRP_COMPAT_MAX +}; + +#define XFRMNLGRP_KERNEL_MAX (__XFRMNLGRP_COMPAT_MAX - 1) + static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type) { struct nlattr *rt = attrs[type]; @@ -2645,6 +2668,34 @@ static void xfrm_netlink_rcv(struct sk_buff *skb) mutex_unlock(&net->xfrm.xfrm_cfg_mutex); } +static inline void xfrm_nlgrp_compat(unsigned long *groups, + int group, int group_compat) +{ + unsigned long group_bit = 1UL << (group - 1); + + if (*groups & group_bit) { + *groups &= ~group_bit; + *groups |= 1UL << (group_compat - 1); + } +} + +static int xfrm_netlink_bind(struct net *net, unsigned long *groups) +{ + unsigned long uapi_mask = (1UL << XFRMNLGRP_MAX) - 1; + + *groups &= uapi_mask; + + if (!in_compat_syscall()) + return 0; + + xfrm_nlgrp_compat(groups, XFRMNLGRP_ACQUIRE, XFRMNLGRP_COMPAT_ACQUIRE); + xfrm_nlgrp_compat(groups, XFRMNLGRP_EXPIRE, XFRMNLGRP_COMPAT_EXPIRE); + xfrm_nlgrp_compat(groups, XFRMNLGRP_SA, XFRMNLGRP_COMPAT_SA); + xfrm_nlgrp_compat(groups, XFRMNLGRP_POLICY, XFRMNLGRP_COMPAT_POLICY); + + return 0; +} + static inline unsigned int xfrm_expire_msgsize(void) { return NLMSG_ALIGN(sizeof(struct xfrm_user_expire)) @@ -3283,8 +3334,9 @@ static int __net_init xfrm_user_net_init(struct net *net) { struct sock *nlsk; struct netlink_kernel_cfg cfg = { - .groups = XFRMNLGRP_MAX, + .groups = XFRMNLGRP_KERNEL_MAX, .input = xfrm_netlink_rcv, + .bind = xfrm_netlink_bind, }; nlsk = netlink_kernel_create(net, NETLINK_XFRM, &cfg); -- 2.13.6
Powered by blists - more mailing lists