Commit 436014e8 authored by Jakub Kicinski's avatar Jakub Kicinski

Merge branch 'mctp-sockaddr-padding-check-initialisation-fixup'

Eugene Syromiatnikov says:

====================
MCTP sockaddr padding check/initialisation fixup

This pair of patches introduces checks for padding fields of struct
sockaddr_mctp/sockaddr_mctp_ext to ease their re-use for possible
extensions in the future;  as well as zeroing of these fields
in the respective sockaddr filling routines.  While the first commit
is definitely an ABI breakage, it is proposed in hopes that the change
is made soon enough (the interface appeared only in Linux 5.15)
to avoid affecting any existing user space.
====================

Link: https://lore.kernel.org/r/cover.1635965993.git.esyr@redhat.comSigned-off-by: default avatarJakub Kicinski <kuba@kernel.org>
parents a5bda908 e9ea574e
...@@ -33,6 +33,19 @@ static int mctp_release(struct socket *sock) ...@@ -33,6 +33,19 @@ static int mctp_release(struct socket *sock)
return 0; return 0;
} }
/* Generic sockaddr checks, padding checks only so far */
static bool mctp_sockaddr_is_ok(const struct sockaddr_mctp *addr)
{
return !addr->__smctp_pad0 && !addr->__smctp_pad1;
}
static bool mctp_sockaddr_ext_is_ok(const struct sockaddr_mctp_ext *addr)
{
return !addr->__smctp_pad0[0] &&
!addr->__smctp_pad0[1] &&
!addr->__smctp_pad0[2];
}
static int mctp_bind(struct socket *sock, struct sockaddr *addr, int addrlen) static int mctp_bind(struct socket *sock, struct sockaddr *addr, int addrlen)
{ {
struct sock *sk = sock->sk; struct sock *sk = sock->sk;
...@@ -52,6 +65,9 @@ static int mctp_bind(struct socket *sock, struct sockaddr *addr, int addrlen) ...@@ -52,6 +65,9 @@ static int mctp_bind(struct socket *sock, struct sockaddr *addr, int addrlen)
/* it's a valid sockaddr for MCTP, cast and do protocol checks */ /* it's a valid sockaddr for MCTP, cast and do protocol checks */
smctp = (struct sockaddr_mctp *)addr; smctp = (struct sockaddr_mctp *)addr;
if (!mctp_sockaddr_is_ok(smctp))
return -EINVAL;
lock_sock(sk); lock_sock(sk);
/* TODO: allow rebind */ /* TODO: allow rebind */
...@@ -87,6 +103,8 @@ static int mctp_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) ...@@ -87,6 +103,8 @@ static int mctp_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
return -EINVAL; return -EINVAL;
if (addr->smctp_family != AF_MCTP) if (addr->smctp_family != AF_MCTP)
return -EINVAL; return -EINVAL;
if (!mctp_sockaddr_is_ok(addr))
return -EINVAL;
if (addr->smctp_tag & ~(MCTP_TAG_MASK | MCTP_TAG_OWNER)) if (addr->smctp_tag & ~(MCTP_TAG_MASK | MCTP_TAG_OWNER))
return -EINVAL; return -EINVAL;
...@@ -124,7 +142,8 @@ static int mctp_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) ...@@ -124,7 +142,8 @@ static int mctp_sendmsg(struct socket *sock, struct msghdr *msg, size_t len)
DECLARE_SOCKADDR(struct sockaddr_mctp_ext *, DECLARE_SOCKADDR(struct sockaddr_mctp_ext *,
extaddr, msg->msg_name); extaddr, msg->msg_name);
if (extaddr->smctp_halen > sizeof(cb->haddr)) { if (!mctp_sockaddr_ext_is_ok(extaddr) ||
extaddr->smctp_halen > sizeof(cb->haddr)) {
rc = -EINVAL; rc = -EINVAL;
goto err_free; goto err_free;
} }
...@@ -198,11 +217,13 @@ static int mctp_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, ...@@ -198,11 +217,13 @@ static int mctp_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
addr = msg->msg_name; addr = msg->msg_name;
addr->smctp_family = AF_MCTP; addr->smctp_family = AF_MCTP;
addr->__smctp_pad0 = 0;
addr->smctp_network = cb->net; addr->smctp_network = cb->net;
addr->smctp_addr.s_addr = hdr->src; addr->smctp_addr.s_addr = hdr->src;
addr->smctp_type = type; addr->smctp_type = type;
addr->smctp_tag = hdr->flags_seq_tag & addr->smctp_tag = hdr->flags_seq_tag &
(MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO); (MCTP_HDR_TAG_MASK | MCTP_HDR_FLAG_TO);
addr->__smctp_pad1 = 0;
msg->msg_namelen = sizeof(*addr); msg->msg_namelen = sizeof(*addr);
if (msk->addr_ext) { if (msk->addr_ext) {
...@@ -211,6 +232,7 @@ static int mctp_recvmsg(struct socket *sock, struct msghdr *msg, size_t len, ...@@ -211,6 +232,7 @@ static int mctp_recvmsg(struct socket *sock, struct msghdr *msg, size_t len,
msg->msg_namelen = sizeof(*ae); msg->msg_namelen = sizeof(*ae);
ae->smctp_ifindex = cb->ifindex; ae->smctp_ifindex = cb->ifindex;
ae->smctp_halen = cb->halen; ae->smctp_halen = cb->halen;
memset(ae->__smctp_pad0, 0x0, sizeof(ae->__smctp_pad0));
memset(ae->smctp_haddr, 0x0, sizeof(ae->smctp_haddr)); memset(ae->smctp_haddr, 0x0, sizeof(ae->smctp_haddr));
memcpy(ae->smctp_haddr, cb->haddr, cb->halen); memcpy(ae->smctp_haddr, cb->haddr, cb->halen);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment