| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230718172451.54487-1-kuniyu@amazon.com>
Date: Tue, 18 Jul 2023 10:24:51 -0700
From: Kuniyuki Iwashima <kuniyu@...zon.com>
To: <pabeni@...hat.com>
CC: <davem@...emloft.net>, <ebiederm@...ssion.com>, <edumazet@...gle.com>,
<hcoin@...etfountain.com>, <kuba@...nel.org>, <kuni1840@...il.com>,
<kuniyu@...zon.com>, <netdev@...r.kernel.org>, <razor@...ckwall.org>,
<roopa@...dia.com>
Subject: Re: [PATCH v1 net 1/4] llc: Check netns in llc_dgram_match().
From: Paolo Abeni <pabeni@...hat.com>
Date: Tue, 18 Jul 2023 12:34:47 +0200
> Hi,
>
> the series LGTM, I have only a couple of (very) minor nit, see below...
>
> On Fri, 2023-07-14 at 19:13 -0700, Kuniyuki Iwashima wrote:
> > We will remove this restriction in llc_rcv() in the following patch,
>
> s/following patch/soon/, as the following patch will not do that ;)
Exactly, will fix :)
>
> > which means that the protocol handler must be aware of netns.
> >
> > if (!net_eq(dev_net(dev), &init_net))
> > goto drop;
> >
> > llc_rcv() fetches llc_type_handlers[llc_pdu_type(skb) - 1] and calls it
> > if not NULL.
> >
> > If the PDU type is LLC_DEST_SAP, llc_sap_handler() is called to pass skb
> > to corresponding sockets. Then, we must look up a proper socket in the
> > same netns with skb->dev.
> >
> > If the destination is a multicast address, llc_sap_handler() calls
> > llc_sap_mcast(). It calculates a hash based on DSAP and skb->dev->ifindex,
> > iterates on a socket list, and calls llc_mcast_match() to check if the
> > socket is the correct destination. Then, llc_mcast_match() checks if
> > skb->dev matches with llc_sk(sk)->dev. So, we need not check netns here.
> >
> > OTOH, if the destination is a unicast address, llc_sap_handler() calls
> > llc_lookup_dgram() to look up a socket, but it does not check the netns.
> >
> > Therefore, we need to add netns check in llc_lookup_dgram().
> >
> > Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com>
> > ---
> > net/llc/llc_sap.c | 17 ++++++++++-------
> > 1 file changed, 10 insertions(+), 7 deletions(-)
> >
> > diff --git a/net/llc/llc_sap.c b/net/llc/llc_sap.c
> > index 6805ce43a055..5c83fca3acd5 100644
> > --- a/net/llc/llc_sap.c
> > +++ b/net/llc/llc_sap.c
> > @@ -294,13 +294,15 @@ static void llc_sap_rcv(struct llc_sap *sap, struct sk_buff *skb,
> >
> > static inline bool llc_dgram_match(const struct llc_sap *sap,
> > const struct llc_addr *laddr,
> > - const struct sock *sk)
> > + const struct sock *sk,
> > + const struct net *net)
> > {
> > struct llc_sock *llc = llc_sk(sk);
> >
> > return sk->sk_type == SOCK_DGRAM &&
> > - llc->laddr.lsap == laddr->lsap &&
> > - ether_addr_equal(llc->laddr.mac, laddr->mac);
> > + net_eq(sock_net(sk), net) &&
> > + llc->laddr.lsap == laddr->lsap &&
> > + ether_addr_equal(llc->laddr.mac, laddr->mac);
> > }
> >
> > /**
> > @@ -312,7 +314,8 @@ static inline bool llc_dgram_match(const struct llc_sap *sap,
> > * mac, and local sap. Returns pointer for socket found, %NULL otherwise.
> > */
>
> As this function has doxygen documentation, you should additionally
> document the 'net' argument.
And will fix this and the same miss in patch 2.
Thanks for catching this!
>
> Thanks,
>
> Paolo
Powered by blists - more mailing lists