lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Tue, 18 Jul 2023 10:24:51 -0700
From: Kuniyuki Iwashima <kuniyu@...zon.com>
To: <pabeni@...hat.com>
CC: <davem@...emloft.net>, <ebiederm@...ssion.com>, <edumazet@...gle.com>,
	<hcoin@...etfountain.com>, <kuba@...nel.org>, <kuni1840@...il.com>,
	<kuniyu@...zon.com>, <netdev@...r.kernel.org>, <razor@...ckwall.org>,
	<roopa@...dia.com>
Subject: Re: [PATCH v1 net 1/4] llc: Check netns in llc_dgram_match().

From: Paolo Abeni <pabeni@...hat.com>
Date: Tue, 18 Jul 2023 12:34:47 +0200
> Hi,
> 
> the series LGTM, I have only a couple of (very) minor nit, see below...
> 
> On Fri, 2023-07-14 at 19:13 -0700, Kuniyuki Iwashima wrote:
> > We will remove this restriction in llc_rcv() in the following patch,
> 
> s/following patch/soon/, as the following patch will not do that ;)

Exactly, will fix :)


> 
> > which means that the protocol handler must be aware of netns.
> > 
> > 	if (!net_eq(dev_net(dev), &init_net))
> > 		goto drop;
> > 
> > llc_rcv() fetches llc_type_handlers[llc_pdu_type(skb) - 1] and calls it
> > if not NULL.
> > 
> > If the PDU type is LLC_DEST_SAP, llc_sap_handler() is called to pass skb
> > to corresponding sockets.  Then, we must look up a proper socket in the
> > same netns with skb->dev.
> > 
> > If the destination is a multicast address, llc_sap_handler() calls
> > llc_sap_mcast().  It calculates a hash based on DSAP and skb->dev->ifindex,
> > iterates on a socket list, and calls llc_mcast_match() to check if the
> > socket is the correct destination.  Then, llc_mcast_match() checks if
> > skb->dev matches with llc_sk(sk)->dev.  So, we need not check netns here.
> > 
> > OTOH, if the destination is a unicast address, llc_sap_handler() calls
> > llc_lookup_dgram() to look up a socket, but it does not check the netns.
> > 
> > Therefore, we need to add netns check in llc_lookup_dgram().
> > 
> > Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com>
> > ---
> >  net/llc/llc_sap.c | 17 ++++++++++-------
> >  1 file changed, 10 insertions(+), 7 deletions(-)
> > 
> > diff --git a/net/llc/llc_sap.c b/net/llc/llc_sap.c
> > index 6805ce43a055..5c83fca3acd5 100644
> > --- a/net/llc/llc_sap.c
> > +++ b/net/llc/llc_sap.c
> > @@ -294,13 +294,15 @@ static void llc_sap_rcv(struct llc_sap *sap, struct sk_buff *skb,
> >  
> >  static inline bool llc_dgram_match(const struct llc_sap *sap,
> >  				   const struct llc_addr *laddr,
> > -				   const struct sock *sk)
> > +				   const struct sock *sk,
> > +				   const struct net *net)
> >  {
> >       struct llc_sock *llc = llc_sk(sk);
> >  
> >       return sk->sk_type == SOCK_DGRAM &&
> > -	  llc->laddr.lsap == laddr->lsap &&
> > -	  ether_addr_equal(llc->laddr.mac, laddr->mac);
> > +	     net_eq(sock_net(sk), net) &&
> > +	     llc->laddr.lsap == laddr->lsap &&
> > +	     ether_addr_equal(llc->laddr.mac, laddr->mac);
> >  }
> >  
> >  /**
> > @@ -312,7 +314,8 @@ static inline bool llc_dgram_match(const struct llc_sap *sap,
> >   *	mac, and local sap. Returns pointer for socket found, %NULL otherwise.
> >   */
> 
> As this function has doxygen documentation, you should additionally
> document the 'net' argument.

And will fix this and the same miss in patch 2.

Thanks for catching this!


> 
> Thanks,
> 
> Paolo

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ