Received: by 10.223.148.5 with SMTP id 5csp7956601wrq;
        Thu, 18 Jan 2018 11:42:27 -0800 (PST)
X-Google-Smtp-Source: ACJfBottT92sIaAMEfrdO/2RBWn9uOgzB4cEhoSx36I8YBYxR8CaGf9QGja1FT4XCl0alZo2kwQz
X-Received: by 10.98.155.157 with SMTP id e29mr24895508pfk.78.1516304547512;
        Thu, 18 Jan 2018 11:42:27 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1516304547; cv=none;
        d=google.com; s=arc-20160816;
        b=F7tWcY1OX3klCz6Q2gYsLJQmePta9He9L/XeSjz7i+g7w1Zaal4BD4NZlWNxpgQVG+
         xUgApw5byJBvr+uVevrOVb5QKoORAlES8DqmdwWo6HLcFFR54Qny7aiNemZ3AdJZ4vqF
         /K2jBUupar6HAZS3JGmFcAFSgp6zyXkqzkRe3rguO8KaBnFd3SOU3mgf5MzFgKq0OViP
         KFta3bN28Tw4VEcbw3e02ODQvxlWRiUdfIqLf5CMkHxPIIQilO1gvFnPnrFo8Q4AK+df
         sZmpan4r2AtdlEHgLNOc1B3XoCaOZwMspCNtuqGf3UhH/TdzLlokoSipIfLZcztVciqQ
         /1IQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:message-id:date
         :subject:cc:to:from:arc-authentication-results;
        bh=a1VdF1dMXbJMmMX6UQWG4hPESCGFYruAZ0EsrliyZyU=;
        b=gp9VN8Kg6EmIIdiJ1OoUD1XtAzoBosQ7DfZIaK6KZ7zXyQJdc2nJZ0fe6berox3BRC
         PfNhh6XHpySGUzMrtvrifw7GTj3I6HE+MSI/CZRdsu92dJSGthszmzzaKTnmlajnZAFe
         YLmwpa91h9ZDWus3QMJYbN5y1prMF7WkZBuxm4NjvL73AiZS/fj1Eaxa07CvEVHkRufR
         LVPm10NOEL72QJZKNLG1ORmb365oQL/K2MWt1yw8PfjsrUAQXr7510zT8CfZ61wIUOPX
         m0WAPuk293ja+Ymu1DhlfB2Juj1WmjimAkapHtivMcTeyH0fHQc3BJEUmOJOQHtam9tL
         KPnA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b17si7432681pfd.406.2018.01.18.11.42.12;
        Thu, 18 Jan 2018 11:42:27 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1755766AbeARTiY (ORCPT <rfc822;xc.haze2010@gmail.com>
        + 99 others); Thu, 18 Jan 2018 14:38:24 -0500
Received: from zeniv.linux.org.uk ([195.92.253.2]:55626 "EHLO
        ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1755603AbeARTiU (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 18 Jan 2018 14:38:20 -0500
Received: from viro by ZenIV.linux.org.uk with local (Exim 4.87 #1 (Red Hat Linux))
        id 1ecG0t-0005E4-KK; Thu, 18 Jan 2018 19:38:15 +0000
From:   Al Viro <viro@ZenIV.linux.org.uk>
To:     netdev@vger.kernel.org
Cc:     "David S. Miller" <davem@davemloft.net>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        linux-kernel@vger.kernel.org, Christoph Hellwig <hch@lst.de>,
        Al Viro <viro@zeniv.linux.org.uk>
Subject: [PATCH 03/10] ip_rt_ioctl(): take copyin to caller
Date:   Thu, 18 Jan 2018 19:37:48 +0000
Message-Id: <20180118193755.19997-3-viro@ZenIV.linux.org.uk>
X-Mailer: git-send-email 2.9.5
In-Reply-To: <20180118193755.19997-1-viro@ZenIV.linux.org.uk>
References: <20180118193156.GC13338@ZenIV.linux.org.uk>
 <20180118193755.19997-1-viro@ZenIV.linux.org.uk>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Al Viro <viro@zeniv.linux.org.uk>

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
---
 include/net/route.h     |  2 +-
 net/ipv4/af_inet.c      |  7 ++++++-
 net/ipv4/fib_frontend.c |  8 ++------
 net/ipv4/ipconfig.c     | 13 +------------
 4 files changed, 10 insertions(+), 20 deletions(-)

diff --git a/include/net/route.h b/include/net/route.h
index d538e6db1afe..1eb9ce470e25 100644
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -217,7 +217,7 @@ unsigned int inet_addr_type_dev_table(struct net *net,
 				      const struct net_device *dev,
 				      __be32 addr);
 void ip_rt_multicast_event(struct in_device *);
-int ip_rt_ioctl(struct net *, unsigned int cmd, void __user *arg);
+int ip_rt_ioctl(struct net *, unsigned int cmd, struct rtentry *rt);
 void ip_rt_get_source(u8 *src, struct sk_buff *skb, struct rtable *rt);
 struct rtable *rt_dst_alloc(struct net_device *dev,
 			     unsigned int flags, u16 type,
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 1c2bfee2e249..c24008daa3d8 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -874,6 +874,7 @@ int inet_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
 	struct net *net = sock_net(sk);
 	void __user *p = (void __user *)arg;
 	struct ifreq ifr;
+	struct rtentry rt;
 
 	switch (cmd) {
 	case SIOCGSTAMP:
@@ -884,8 +885,12 @@ int inet_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
 		break;
 	case SIOCADDRT:
 	case SIOCDELRT:
+		if (copy_from_user(&rt, p, sizeof(struct rtentry)))
+			return -EFAULT;
+		err = ip_rt_ioctl(net, cmd, &rt);
+		break;
 	case SIOCRTMSG:
-		err = ip_rt_ioctl(net, cmd, (void __user *)arg);
+		err = -EINVAL;
 		break;
 	case SIOCDARP:
 	case SIOCGARP:
diff --git a/net/ipv4/fib_frontend.c b/net/ipv4/fib_frontend.c
index 08259d078b1c..f05afaf3235c 100644
--- a/net/ipv4/fib_frontend.c
+++ b/net/ipv4/fib_frontend.c
@@ -587,10 +587,9 @@ static int rtentry_to_fib_config(struct net *net, int cmd, struct rtentry *rt,
  * Handle IP routing ioctl calls.
  * These are used to manipulate the routing tables
  */
-int ip_rt_ioctl(struct net *net, unsigned int cmd, void __user *arg)
+int ip_rt_ioctl(struct net *net, unsigned int cmd, struct rtentry *rt)
 {
 	struct fib_config cfg;
-	struct rtentry rt;
 	int err;
 
 	switch (cmd) {
@@ -599,11 +598,8 @@ int ip_rt_ioctl(struct net *net, unsigned int cmd, void __user *arg)
 		if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
 			return -EPERM;
 
-		if (copy_from_user(&rt, arg, sizeof(rt)))
-			return -EFAULT;
-
 		rtnl_lock();
-		err = rtentry_to_fib_config(net, cmd, &rt, &cfg);
+		err = rtentry_to_fib_config(net, cmd, rt, &cfg);
 		if (err == 0) {
 			struct fib_table *tb;
 
diff --git a/net/ipv4/ipconfig.c b/net/ipv4/ipconfig.c
index 6895fff609b1..5f396afaa08d 100644
--- a/net/ipv4/ipconfig.c
+++ b/net/ipv4/ipconfig.c
@@ -340,17 +340,6 @@ static int __init ic_dev_ioctl(unsigned int cmd, struct ifreq *arg)
 	return res;
 }
 
-static int __init ic_route_ioctl(unsigned int cmd, struct rtentry *arg)
-{
-	int res;
-
-	mm_segment_t oldfs = get_fs();
-	set_fs(get_ds());
-	res = ip_rt_ioctl(&init_net, cmd, (void __user *) arg);
-	set_fs(oldfs);
-	return res;
-}
-
 /*
  *	Set up interface addresses and routes.
  */
@@ -412,7 +401,7 @@ static int __init ic_setup_routes(void)
 		set_sockaddr((struct sockaddr_in *) &rm.rt_genmask, 0, 0);
 		set_sockaddr((struct sockaddr_in *) &rm.rt_gateway, ic_gateway, 0);
 		rm.rt_flags = RTF_UP | RTF_GATEWAY;
-		if ((err = ic_route_ioctl(SIOCADDRT, &rm)) < 0) {
+		if ((err = ip_rt_ioctl(&init_net, SIOCADDRT, &rm)) < 0) {
 			pr_err("IP-Config: Cannot add default route (%d)\n",
 			       err);
 			return -1;
-- 
2.11.0