lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 5 Jun 2019 16:14:00 -0700
From:   Jakub Kicinski <jakub.kicinski@...ronome.com>
To:     Davide Caratti <dcaratti@...hat.com>
Cc:     "David S. Miller" <davem@...emloft.net>,
        Dave Watson <davejwatson@...com>,
        Boris Pismenny <borisp@...lanox.com>,
        Aviad Yehezkel <aviadye@...lanox.com>,
        John Fastabend <john.fastabend@...il.com>,
        Daniel Borkmann <daniel@...earbox.net>, netdev@...r.kernel.org
Subject: Re: [RFC PATCH net-next 1/2] tcp: ulp: add functions to dump
 ulp-specific information

On Wed,  5 Jun 2019 17:39:22 +0200, Davide Caratti wrote:
> currently, only getsockopt(TCP_ULP) can be invoked to know if a ULP is on
> top of a TCP socket. Extend idiag_get_aux() and idiag_get_aux_size(),
> introduced by commit b37e88407c1d ("inet_diag: allow protocols to provide
> additional data"), to report the ULP name and other information that can
> be made available by the ULP through optional functions.
> 
> Users having CAP_NET_ADMIN privileges will then be able to retrieve this
> information through inet_diag_handler, if they specify INET_DIAG_INFO in
> the request.
> 
> Signed-off-by: Davide Caratti <dcaratti@...hat.com>
> ---
>  include/net/tcp.h              |  3 +++
>  include/uapi/linux/inet_diag.h |  8 ++++++++
>  net/ipv4/tcp_diag.c            | 34 ++++++++++++++++++++++++++++++++--
>  3 files changed, 43 insertions(+), 2 deletions(-)
> 
> diff --git a/include/net/tcp.h b/include/net/tcp.h
> index 0083a14fb64f..94431562c4b4 100644
> --- a/include/net/tcp.h
> +++ b/include/net/tcp.h
> @@ -2108,6 +2108,9 @@ struct tcp_ulp_ops {
>  	int (*init)(struct sock *sk);
>  	/* cleanup ulp */
>  	void (*release)(struct sock *sk);
> +	/* diagnostic */
> +	int (*get_info)(struct sock *sk, struct sk_buff *skb);
> +	size_t (*get_info_size)(struct sock *sk);
>  
>  	char		name[TCP_ULP_NAME_MAX];
>  	struct module	*owner;
> diff --git a/include/uapi/linux/inet_diag.h b/include/uapi/linux/inet_diag.h
> index e8baca85bac6..844133de3212 100644
> --- a/include/uapi/linux/inet_diag.h
> +++ b/include/uapi/linux/inet_diag.h
> @@ -153,11 +153,19 @@ enum {
>  	INET_DIAG_BBRINFO,	/* request as INET_DIAG_VEGASINFO */
>  	INET_DIAG_CLASS_ID,	/* request as INET_DIAG_TCLASS */
>  	INET_DIAG_MD5SIG,
> +	INET_DIAG_ULP_INFO,
>  	__INET_DIAG_MAX,
>  };
>  
>  #define INET_DIAG_MAX (__INET_DIAG_MAX - 1)
>  
> +enum {

Value of 0 is commonly defined as UNSPEC (or NONE), so:

	ULP_UNSPEC,

here.  Also perhaps INET_ULP_..?

> +	ULP_INFO_NAME,
> +	__ULP_INFO_MAX,
> +};
> +
> +#define ULP_INFO_MAX (__ULP_INFO_MAX - 1)
> +
>  /* INET_DIAG_MEM */
>  
>  struct inet_diag_meminfo {
> diff --git a/net/ipv4/tcp_diag.c b/net/ipv4/tcp_diag.c
> index 81148f7a2323..de2e9e75b8e0 100644
> --- a/net/ipv4/tcp_diag.c
> +++ b/net/ipv4/tcp_diag.c
> @@ -88,10 +88,12 @@ static int tcp_diag_put_md5sig(struct sk_buff *skb,
>  static int tcp_diag_get_aux(struct sock *sk, bool net_admin,
>  			    struct sk_buff *skb)
>  {
> +	struct inet_connection_sock *icsk = inet_csk(sk);
> +	int err = 0;
> +
>  #ifdef CONFIG_TCP_MD5SIG
>  	if (net_admin) {
>  		struct tcp_md5sig_info *md5sig;
> -		int err = 0;
>  
>  		rcu_read_lock();
>  		md5sig = rcu_dereference(tcp_sk(sk)->md5sig_info);
> @@ -103,11 +105,33 @@ static int tcp_diag_get_aux(struct sock *sk, bool net_admin,
>  	}
>  #endif
>  
> -	return 0;
> +	if (net_admin && icsk->icsk_ulp_ops) {
> +		struct nlattr *nest;
> +
> +		nest = nla_nest_start_noflag(skb, INET_DIAG_ULP_INFO);
> +		if (!nest) {
> +			err = -EMSGSIZE;
> +			goto nla_failure;
> +		}
> +		err = nla_put_string(skb, ULP_INFO_NAME,
> +				     icsk->icsk_ulp_ops->name);
> +		if (err < 0)

nit: nla_put_string() does not return positive non-zero codes

> +			goto nla_failure;
> +		if (icsk->icsk_ulp_ops->get_info)
> +			err = icsk->icsk_ulp_ops->get_info(sk, skb);

And neither should this, probably.

> +		if (err < 0) {
> +nla_failure:
> +			nla_nest_cancel(skb, nest);
> +			return err;
> +		}
> +		nla_nest_end(skb, nest);
> +	}
> +	return err;

So just return 0 here.

>  }
>  
>  static size_t tcp_diag_get_aux_size(struct sock *sk, bool net_admin)
>  {
> +	struct inet_connection_sock *icsk = inet_csk(sk);
>  	size_t size = 0;
>  
>  #ifdef CONFIG_TCP_MD5SIG
> @@ -128,6 +152,12 @@ static size_t tcp_diag_get_aux_size(struct sock *sk, bool net_admin)
>  	}
>  #endif
>  
> +	if (net_admin && icsk->icsk_ulp_ops) {
> +		size +=   nla_total_size(0) /* INET_DIAG_ULP_INFO */

                       ^^^ not sure we want those multiple spaces here.

> +			+ nla_total_size(TCP_ULP_NAME_MAX); /* ULP_INFO_NAME */

+ usually goes at the end of previous line

> +		if (icsk->icsk_ulp_ops->get_info_size)
> +			size += icsk->icsk_ulp_ops->get_info_size(sk);

I don't know the diag code, is the socket locked at this point?

> +	}
>  	return size;
>  }
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ