RE: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr

lvs-devel

RE: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t

To:	'Christoph Hellwig' <hch@xxxxxx>, "Jason A. Donenfeld" <Jason@xxxxxxxxx>
Subject:	RE: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t
Cc:	"David S. Miller" <davem@xxxxxxxxxxxxx>, Jakub Kicinski <kuba@xxxxxxxxxx>, Alexei Starovoitov <ast@xxxxxxxxxx>, Daniel Borkmann <daniel@xxxxxxxxxxxxx>, Alexey Kuznetsov <kuznet@xxxxxxxxxxxxx>, Hideaki YOSHIFUJI <yoshfuji@xxxxxxxxxxxxxx>, Eric Dumazet <edumazet@xxxxxxxxxx>, "Linux Crypto Mailing List" <linux-crypto@xxxxxxxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>, Netdev <netdev@xxxxxxxxxxxxxxx>, "bpf@xxxxxxxxxxxxxxx" <bpf@xxxxxxxxxxxxxxx>, "netfilter-devel@xxxxxxxxxxxxxxx" <netfilter-devel@xxxxxxxxxxxxxxx>, "coreteam@xxxxxxxxxxxxx" <coreteam@xxxxxxxxxxxxx>, "linux-sctp@xxxxxxxxxxxxxxx" <linux-sctp@xxxxxxxxxxxxxxx>, "linux-hams@xxxxxxxxxxxxxxx" <linux-hams@xxxxxxxxxxxxxxx>, "linux-bluetooth@xxxxxxxxxxxxxxx" <linux-bluetooth@xxxxxxxxxxxxxxx>, "bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx" <bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx>, "linux-can@xxxxxxxxxxxxxxx" <linux-can@xxxxxxxxxxxxxxx>, "dccp@xxxxxxxxxxxxxxx" <dccp@xxxxxxxxxxxxxxx>, "linux-decnet-user@xxxxxxxxxxxxxxxxxxxxx" <linux-decnet-user@xxxxxxxxxxxxxxxxxxxxx>, "linux-wpan@xxxxxxxxxxxxxxx" <linux-wpan@xxxxxxxxxxxxxxx>, "linux-s390@xxxxxxxxxxxxxxx" <linux-s390@xxxxxxxxxxxxxxx>, "mptcp@xxxxxxxxxxxx" <mptcp@xxxxxxxxxxxx>, "lvs-devel@xxxxxxxxxxxxxxx" <lvs-devel@xxxxxxxxxxxxxxx>, "rds-devel@xxxxxxxxxxxxxx" <rds-devel@xxxxxxxxxxxxxx>, "linux-afs@xxxxxxxxxxxxxxxxxxx" <linux-afs@xxxxxxxxxxxxxxxxxxx>, "tipc-discussion@xxxxxxxxxxxxxxxxxxxxx" <tipc-discussion@xxxxxxxxxxxxxxxxxxxxx>, "linux-x25@xxxxxxxxxxxxxxx" <linux-x25@xxxxxxxxxxxxxxx>, Kernel Hardening <kernel-hardening@xxxxxxxxxxxxxxxxxx>
From:	David Laight <David.Laight@xxxxxxxxxx>
Date:	Tue, 28 Jul 2020 08:07:11 +0000

From: Christoph Hellwig
> Sent: 27 July 2020 17:24
> 
> On Mon, Jul 27, 2020 at 06:16:32PM +0200, Jason A. Donenfeld wrote:
> > Maybe sockptr_advance should have some safety checks and sometimes
> > return -EFAULT? Or you should always use the implementation where
> > being a kernel address is an explicit bit of sockptr_t, rather than
> > being implicit?
> 
> I already have a patch to use access_ok to check the whole range in
> init_user_sockptr.

That doesn't make (much) difference to the code paths that ignore
the user-supplied length.
OTOH doing the user/kernel check on the base address (not an
incremented one) means that the correct copy function is always
selected.

Perhaps the functions should all be passed a 'const sockptr_t'.
The typedef could be made 'const' - requiring non-const items
explicitly use the union/struct itself.

        David

-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, 
UK
Registration No: 1397386 (Wales)

[More with this subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
[PATCH 20/26] net/ipv6: factor out a ipv6_set_opt_hdr helper, (continued) [PATCH 20/26] net/ipv6: factor out a ipv6_set_opt_hdr helper, Christoph Hellwig [PATCH 13/26] bpfilter: switch bpfilter_ip_set_sockopt to sockptr_t, Christoph Hellwig RE: [PATCH 13/26] bpfilter: switch bpfilter_ip_set_sockopt to sockptr_t, David Laight Re: [PATCH 13/26] bpfilter: switch bpfilter_ip_set_sockopt to sockptr_t, 'Christoph Hellwig' [PATCH 10/26] netfilter: remove the unused user argument to do_update_counters, Christoph Hellwig [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t, Christoph Hellwig Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t, Jason A. Donenfeld Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t, Christoph Hellwig Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t, Jason A. Donenfeld Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t, Christoph Hellwig RE: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t, David Laight <= Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t, Jason A. Donenfeld Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t, Christoph Hellwig Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t, Jason A. Donenfeld [PATCH 11/26] netfilter: switch xt_copy_counters to sockptr_t, Christoph Hellwig [PATCH 06/26] net: switch sock_setbindtodevice to sockptr_t, Christoph Hellwig [PATCH 09/26] net/xfrm: switch xfrm_user_policy to sockptr_t, Christoph Hellwig [PATCH 02/26] net/bpfilter: split __bpfilter_process_sockopt, Christoph Hellwig [PATCH 08/26] net: switch sock_set_timeout to sockptr_t, Christoph Hellwig Re: [MPTCP] [PATCH 08/26] net: switch sock_set_timeout to sockptr_t, Matthieu Baerts [PATCH 07/26] net: switch sock_set_timeout to sockptr_t, Christoph Hellwig

Previous by Date:	Re: [PATCH 19/26] net/ipv6: switch ipv6_flowlabel_opt to sockptr_t, Ido Schimmel
Next by Date:	Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t, Jason A. Donenfeld
Previous by Thread:	Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t, Christoph Hellwig
Next by Thread:	Re: [PATCH 12/26] netfilter: switch nf_setsockopt to sockptr_t, Jason A. Donenfeld
Indexes:	[Date] [Thread] [Top] [All Lists]