Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1757655AbaDVUTM (ORCPT ); Tue, 22 Apr 2014 16:19:12 -0400 Received: from shards.monkeyblade.net ([149.20.54.216]:43343 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1757629AbaDVUTG (ORCPT ); Tue, 22 Apr 2014 16:19:06 -0400 Date: Tue, 22 Apr 2014 16:19:04 -0400 (EDT) Message-Id: <20140422.161904.1187535812839850973.davem@davemloft.net> To: rgb@redhat.com Cc: linux-audit@redhat.com, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org, eparis@redhat.com, netfilter-devel@vger.kernel.org, hadi@mojatatu.com, sgrubb@redhat.com Subject: Re: [PATCH 2/6] netlink: have netlink per-protocol bind function return an error code. From: David Miller In-Reply-To: References: <20140324183406.GE28666@madcap2.tricolour.ca> X-Mailer: Mew version 6.5 on Emacs 24.3 / Mule 6.0 (HANACHIRUSATO) Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.5.7 (shards.monkeyblade.net [149.20.54.216]); Tue, 22 Apr 2014 13:19:06 -0700 (PDT) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Richard Guy Briggs Date: Fri, 18 Apr 2014 13:34:06 -0400 > @@ -1449,6 +1453,26 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, > if (!nladdr->nl_groups && (nlk->groups == NULL || !(u32)nlk->groups[0])) > return 0; > > + if (nlk->netlink_bind && nladdr->nl_groups) { > + int i; > + > + for (i = 0; i < nlk->ngroups; i++) { > + int undo; > + > + if (!test_bit(i, (long unsigned int *)&nladdr->nl_groups)) > + continue; > + err = nlk->netlink_bind(i); > + if (!err) > + continue; > + if (!nlk->portid) > + netlink_remove(sk); > + for (undo = 0; undo < i; undo++) > + if (nlk->netlink_unbind) > + nlk->netlink_unbind(undo); > + return err; > + } > + } > + It took me a while to figure out why you need to do the netlink_remove() in the error path. I think it's really asking for trouble to allow the socket to have temporary visibility if we end up signalling an error. It seems safest if we only do the autobind/insert once we are absolutely certain that the bind() will fully succeed. This means that you have to do this bind validation loop before autobind/insert. Please make this change and resubmit this series, thanks. -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/