nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity

xfrm/compat: Translate 32-bit user_policy from sockptr

Browse source 
Provide compat_xfrm_userpolicy_info translation for xfrm setsocketopt().
Reallocate buffer and put the missing padding for 64-bit message.

Signed-off-by: Dmitry Safonov <dima@arista.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
This commit is contained in:
Dmitry Safonov 2020-09-21 15:36:56 +01:00 committed by Steffen Klassert
parent 5106f4a8ac
commit 96392ee5a1
3 changed files with 43 additions and 3 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

3
include/net/xfrm.h
View file

@ -2012,6 +2012,9 @@ struct xfrm_translator {
int maxtype, const struct nla_policy *policy, int maxtype, const struct nla_policy *policy,
struct netlink_ext_ack *extack); struct netlink_ext_ack *extack);
/* Translate 32-bit user_policy from sockptr */
int (*xlate_user_policy_sockptr)(u8 **pdata32, int optlen);
struct module *owner; struct module *owner;
}; };

26
net/xfrm/xfrm_compat.c
View file

@ -576,10 +576,36 @@ static struct nlmsghdr *xfrm_user_rcv_msg_compat(const struct nlmsghdr *h32,
return h64; return h64;
} }
static int xfrm_user_policy_compat(u8 **pdata32, int optlen)
{
struct compat_xfrm_userpolicy_info *p = (void *)*pdata32;
u8 *src_templates, *dst_templates;
u8 *data64;
if (optlen < sizeof(*p))
return -EINVAL;
data64 = kmalloc_track_caller(optlen + 4, GFP_USER | __GFP_NOWARN);
if (!data64)
return -ENOMEM;
memcpy(data64, *pdata32, sizeof(*p));
memset(data64 + sizeof(*p), 0, 4);
src_templates = *pdata32 + sizeof(*p);
dst_templates = data64 + sizeof(*p) + 4;
memcpy(dst_templates, src_templates, optlen - sizeof(*p));
kfree(*pdata32);
*pdata32 = data64;
return 0;
}
static struct xfrm_translator xfrm_translator = { static struct xfrm_translator xfrm_translator = {
.owner = THIS_MODULE, .owner = THIS_MODULE,
.alloc_compat = xfrm_alloc_compat, .alloc_compat = xfrm_alloc_compat,
.rcv_msg_compat = xfrm_user_rcv_msg_compat, .rcv_msg_compat = xfrm_user_rcv_msg_compat,
.xlate_user_policy_sockptr = xfrm_user_policy_compat,
}; };
static int __init xfrm_compat_init(void) static int __init xfrm_compat_init(void)

17
net/xfrm/xfrm_state.c
View file

@ -2331,9 +2331,6 @@ int xfrm_user_policy(struct sock *sk, int optname, sockptr_t optval, int optlen)
struct xfrm_mgr *km; struct xfrm_mgr *km;
struct xfrm_policy *pol = NULL; struct xfrm_policy *pol = NULL;
if (in_compat_syscall())
return -EOPNOTSUPP;
if (sockptr_is_null(optval) && !optlen) { if (sockptr_is_null(optval) && !optlen) {
xfrm_sk_policy_insert(sk, XFRM_POLICY_IN, NULL); xfrm_sk_policy_insert(sk, XFRM_POLICY_IN, NULL);
xfrm_sk_policy_insert(sk, XFRM_POLICY_OUT, NULL); xfrm_sk_policy_insert(sk, XFRM_POLICY_OUT, NULL);
@ -2348,6 +2345,20 @@ int xfrm_user_policy(struct sock *sk, int optname, sockptr_t optval, int optlen)
if (IS_ERR(data)) if (IS_ERR(data))
return PTR_ERR(data); return PTR_ERR(data);
if (in_compat_syscall()) {
struct xfrm_translator *xtr = xfrm_get_translator();
if (!xtr)
return -EOPNOTSUPP;
err = xtr->xlate_user_policy_sockptr(&data, optlen);
xfrm_put_translator(xtr);
if (err) {
kfree(data);
return err;
}
}
err = -EINVAL; err = -EINVAL;
rcu_read_lock(); rcu_read_lock();
list_for_each_entry_rcu(km, &xfrm_km_list, list) { list_for_each_entry_rcu(km, &xfrm_km_list, list) {