lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <18fcf82093314112a569aa8327b52f1c@AcuMS.aculab.com>
Date: Mon, 25 Dec 2023 09:58:30 +0000
From: David Laight <David.Laight@...LAB.COM>
To: "'netdev@...r.kernel.org'" <netdev@...r.kernel.org>, "'David S . Miller'"
	<davem@...emloft.net>, "'kuba@...nel.org'" <kuba@...nel.org>
CC: "'eric.dumazet@...il.com'" <eric.dumazet@...il.com>,
	"'martin.lau@...ux.dev'" <martin.lau@...ux.dev>, 'Alexei Starovoitov'
	<ast@...nel.org>, 'Stephen Hemminger' <stephen@...workplumber.org>, "'Jens
 Axboe'" <axboe@...nel.dk>, 'Daniel Borkmann' <daniel@...earbox.net>, "'Andrii
 Nakryiko'" <andrii@...nel.org>
Subject: [PATCH net-next 4/4] sockptr: Change sockptr_t to be a struct of a
 kernel and user pointer.

The original commit for sockptr_t tried to use the pointer value
to determine whether a pointer was user or kernel.
This can't work on some architecures and was buffy on x86.
So the is_kernel descriminator was added after the union of pointers.

However this is still open to misuse and accidents.
Replace the union with a struct and remove the is_kernel member.
The user and kernel values are now in different places.
The size doesn't change - it was always padded out to 'two pointers'.

The only functional difference is that NULL pointers are always 'user'.
So dereferncing will (usually) fault in copy_from_user() rather than
panic if supplied as a kernel address.

Simple driver code that uses kernel sockets still works.
I've not tested bpf - but that should work unless it is breaking
the rules.

Signed-off-by: David Laight <david.laight@...lab.com>
---
 include/linux/sockptr.h | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/include/linux/sockptr.h b/include/linux/sockptr.h
index 307961b41541..7516c2ada6a8 100644
--- a/include/linux/sockptr.h
+++ b/include/linux/sockptr.h
@@ -12,21 +12,18 @@
 #include <linux/uaccess.h>
 
 typedef struct {
-	union {
-		void		*kernel;
-		void __user	*user;
-	};
-	bool		is_kernel : 1;
+	void		*kernel;
+	void __user	*user;
 } sockptr_t;
 
 static inline bool sockptr_is_kernel(sockptr_t sockptr)
 {
-	return sockptr.is_kernel;
+	return !!sockptr.kernel;
 }
 
 static inline sockptr_t KERNEL_SOCKPTR(void *p)
 {
-	return (sockptr_t) { .kernel = p, .is_kernel = true };
+	return (sockptr_t) { .kernel = p };
 }
 
 static inline sockptr_t USER_SOCKPTR(void __user *p)
@@ -36,9 +33,7 @@ static inline sockptr_t USER_SOCKPTR(void __user *p)
 
 static inline bool sockptr_is_null(sockptr_t sockptr)
 {
-	if (sockptr_is_kernel(sockptr))
-		return !sockptr.kernel;
-	return !sockptr.user;
+	return !sockptr.user && !sockptr.kernel;
 }
 
 static inline int copy_from_sockptr_offset(void *dst, sockptr_t src,
-- 
2.17.1

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ