[PATCH v3 6/7] xfrm/compat: Translate 32-bit user_policy from sockptr

From: Dmitry Safonov
Date: Mon Sep 21 2020 - 10:37:23 EST

Next message: Dmitry Safonov: "[PATCH v3 7/7] selftest/net/xfrm: Add test for ipsec tunnel"
Previous message: Dmitry Safonov: "[PATCH v3 5/7] xfrm/compat: Add 32=>64-bit messages translator"
In reply to: Dmitry Safonov: "[PATCH v3 5/7] xfrm/compat: Add 32=>64-bit messages translator"
Next in thread: Dmitry Safonov: "[PATCH v3 7/7] selftest/net/xfrm: Add test for ipsec tunnel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Provide compat_xfrm_userpolicy_info translation for xfrm setsocketopt().
Reallocate buffer and put the missing padding for 64-bit message.

Signed-off-by: Dmitry Safonov <dima@xxxxxxxxxx>
---
include/net/xfrm.h | 3 +++
net/xfrm/xfrm_compat.c | 26 ++++++++++++++++++++++++++
net/xfrm/xfrm_state.c | 17 ++++++++++++++---
3 files changed, 43 insertions(+), 3 deletions(-)

diff --git a/include/net/xfrm.h b/include/net/xfrm.h
index fa18cb6bb3f7..53618a31634b 100644
--- a/include/net/xfrm.h
+++ b/include/net/xfrm.h
@@ -2012,6 +2012,9 @@ struct xfrm_translator {
int maxtype, const struct nla_policy *policy,
struct netlink_ext_ack *extack);

+ /* Translate 32-bit user_policy from sockptr */
+ int (*xlate_user_policy_sockptr)(u8 **pdata32, int optlen);
+
struct module *owner;
};

diff --git a/net/xfrm/xfrm_compat.c b/net/xfrm/xfrm_compat.c
index b1b5f972538d..e28f0c9ecd6a 100644
--- a/net/xfrm/xfrm_compat.c
+++ b/net/xfrm/xfrm_compat.c
@@ -576,10 +576,36 @@ static struct nlmsghdr *xfrm_user_rcv_msg_compat(const struct nlmsghdr *h32,
return h64;
}

+static int xfrm_user_policy_compat(u8 **pdata32, int optlen)
+{
+ struct compat_xfrm_userpolicy_info *p = (void *)*pdata32;
+ u8 *src_templates, *dst_templates;
+ u8 *data64;
+
+ if (optlen < sizeof(*p))
+ return -EINVAL;
+
+ data64 = kmalloc_track_caller(optlen + 4, GFP_USER | __GFP_NOWARN);
+ if (!data64)
+ return -ENOMEM;
+
+ memcpy(data64, *pdata32, sizeof(*p));
+ memset(data64 + sizeof(*p), 0, 4);
+
+ src_templates = *pdata32 + sizeof(*p);
+ dst_templates = data64 + sizeof(*p) + 4;
+ memcpy(dst_templates, src_templates, optlen - sizeof(*p));
+
+ kfree(*pdata32);
+ *pdata32 = data64;
+ return 0;
+}
+
static struct xfrm_translator xfrm_translator = {
.owner = THIS_MODULE,
.alloc_compat = xfrm_alloc_compat,
.rcv_msg_compat = xfrm_user_rcv_msg_compat,
+ .xlate_user_policy_sockptr = xfrm_user_policy_compat,
};

static int __init xfrm_compat_init(void)
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index cc206ca3df78..f9961884500b 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -2331,9 +2331,6 @@ int xfrm_user_policy(struct sock *sk, int optname, sockptr_t optval, int optlen)
struct xfrm_mgr *km;
struct xfrm_policy *pol = NULL;

- if (in_compat_syscall())
- return -EOPNOTSUPP;
-
if (sockptr_is_null(optval) && !optlen) {
xfrm_sk_policy_insert(sk, XFRM_POLICY_IN, NULL);
xfrm_sk_policy_insert(sk, XFRM_POLICY_OUT, NULL);
@@ -2348,6 +2345,20 @@ int xfrm_user_policy(struct sock *sk, int optname, sockptr_t optval, int optlen)
if (IS_ERR(data))
return PTR_ERR(data);

+ if (in_compat_syscall()) {
+ struct xfrm_translator *xtr = xfrm_get_translator();
+
+ if (!xtr)
+ return -EOPNOTSUPP;
+
+ err = xtr->xlate_user_policy_sockptr(&data, optlen);
+ xfrm_put_translator(xtr);
+ if (err) {
+ kfree(data);
+ return err;
+ }
+ }
+
err = -EINVAL;
rcu_read_lock();
list_for_each_entry_rcu(km, &xfrm_km_list, list) {
--
2.28.0

Next message: Dmitry Safonov: "[PATCH v3 7/7] selftest/net/xfrm: Add test for ipsec tunnel"
Previous message: Dmitry Safonov: "[PATCH v3 5/7] xfrm/compat: Add 32=>64-bit messages translator"
In reply to: Dmitry Safonov: "[PATCH v3 5/7] xfrm/compat: Add 32=>64-bit messages translator"
Next in thread: Dmitry Safonov: "[PATCH v3 7/7] selftest/net/xfrm: Add test for ipsec tunnel"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]