Received: by 2002:ac0:a5a7:0:0:0:0:0 with SMTP id m36-v6csp1470999imm; Wed, 25 Jul 2018 19:33:14 -0700 (PDT) X-Google-Smtp-Source: AAOMgpcOZrU4UiqJLulwMp8hzeT1SgIs+fpS4DhkysSrsnHG0Q50SCh1x5gPVzZM97ob5hM328S3 X-Received: by 2002:a17:902:820a:: with SMTP id x10-v6mr75509pln.261.1532572394621; Wed, 25 Jul 2018 19:33:14 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1532572394; cv=none; d=google.com; s=arc-20160816; b=P8w0YR+4ZLPPESHQSqfs057iNaAER6b8A4bsvxOA7uENJHH7wWv7SP7HDqw642Lnzk X7ulJ7Wlm8tEvaBAHc2NcXU5B8oYwRPcati7GvVRwuTNdaYwEjeHqDxlXIBJk4FnEbJS vKeE8BJzEtm4ZvsTEgPLaenej6FscHlc61a4nIhZ9RyV4CNscTQnPZiSiDb21gm2POQT n/txogsMwxm2uc5nS7U9MHydTJ420IY3yRqWs9b5bl4k9AKUdREYW88xV6fAn8zJTeI3 BJtd/M5HE08Pmy9g7nO7ayQxncr2nWLlYUVH3UPbNVGvlPDsE8u8q5j5FHOOi9z97tsf w4dg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature:arc-authentication-results; bh=KGoK3OMLZtNNtazxqMz9O1g2b/QG4N/rvtrmfVBaNKw=; b=SUD4T3QtNBRTDBJPOxm0p78r6TjhXoYT7fx0St4n3P+cgwHkaoLjny07eCP+FmiuWM VuBHZ5jNi0kZV1szzhEhbPCWdpaCFHbw9Rua5HR0tPTicZYO5sPl02Z5GIHetHHosIqp aYJbZhOQwS8vtTfsXEywve6fSMJrwzm8ARU0HMMTSDNmWzRoWI2D8V9skldMTa2xvZuW uZiUV1ImCMROyliYkVk7g01KIoeMYdZ0aAwjH7wIZHAH6DEC+tyXrzdOamg0kxcm3nlQ blsxqo0CZzyk4DHHmtDDnA2qT5jLLldjl9Fc6NQBfbrJrZGt7oJShkYMQ9vH4mtD1oHu aqEA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@arista.com header.s=googlenew header.b=hMmVlOjg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=REJECT dis=NONE) header.from=arista.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 6-v6si107401plb.409.2018.07.25.19.32.59; Wed, 25 Jul 2018 19:33:14 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@arista.com header.s=googlenew header.b=hMmVlOjg; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=QUARANTINE sp=REJECT dis=NONE) header.from=arista.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729194AbeGZDqd (ORCPT + 99 others); Wed, 25 Jul 2018 23:46:33 -0400 Received: from mail-ed1-f65.google.com ([209.85.208.65]:33046 "EHLO mail-ed1-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728744AbeGZDqa (ORCPT ); Wed, 25 Jul 2018 23:46:30 -0400 Received: by mail-ed1-f65.google.com with SMTP id x5-v6so342711edr.0 for ; Wed, 25 Jul 2018 19:31:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=arista.com; s=googlenew; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=KGoK3OMLZtNNtazxqMz9O1g2b/QG4N/rvtrmfVBaNKw=; b=hMmVlOjgu3cExAPljGXnFlQTIdhe78lf0XeL2+7TMs2vyPC0CLm9NDLe8hHRqzhPGK v5k5DzwZJ9afvV+2eWV4wfxAAW7q2LJ8p+kYm6aZOwVzxJtoeKeE5dgDoTVIsnfLGHSR ALvMPhlnF2U07EMdj/LD6BRnKx60Ajtz62Q6oWdxakQjMeRQoWqi2xap/HB0EVsDyjuX wL0JhXNgN6IZ0HzPEfuBObuMx0sqD8Wy+2e7BjbVkVN6HOFJcCNuUwFrG2Pm6Ey+zenX UPc0IeqrxthOdcy0eBd3xGvkvDNXhsX/ie+x/DG1eZJIJeWRJTDuLTZmcKtqoFO5zOpD iqKw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=KGoK3OMLZtNNtazxqMz9O1g2b/QG4N/rvtrmfVBaNKw=; b=Onfh0wM+Xsl4epuvXGwQAgR3DUGNyIHpJZENc8w1lI8amlxDLmJZs9AVB7poqTPRGa 0fGeMSPRPWGRUIoC06zPcqRw+BorufeeVl6vyDNs1eqt/XAH5MbE5BESk0DkIcTRDGEa nVQZud8IMe22sB59c6P9YM+hpc+bvfsW2FY7B+yXTkuL/FFu7Agir8xKg+elST6/V2Xx 01CmMv4uS2a+BTx1UnzGxC4uAWlLt/SuUShFUtOTZxSgfi8MbzYEQVqme4pnb+pJzAoX jukdoK5oa9lKdhOsLDKLFYwCfvaqDstpr0VF5htKT1xPyWDp74J1Oc+rcxU2AJDTVqlf JHBg== X-Gm-Message-State: AOUpUlG44DrZaNYLao4G6uORdExko7i3/z4MhltRE+Y0i2UBwNftjqb0 WkK/XGJGw81sIQ9TMMMUKI80dHhaRDw= X-Received: by 2002:a50:a402:: with SMTP id u2-v6mr459068edb.237.1532572315834; Wed, 25 Jul 2018 19:31:55 -0700 (PDT) Received: from dhcp.ire.aristanetworks.com ([217.173.96.166]) by smtp.gmail.com with ESMTPSA id x13-v6sm241024edx.17.2018.07.25.19.31.54 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Wed, 25 Jul 2018 19:31:55 -0700 (PDT) From: Dmitry Safonov To: linux-kernel@vger.kernel.org Cc: Dmitry Safonov , "David S. Miller" , Herbert Xu , Steffen Klassert , Dmitry Safonov <0x7f454c46@gmail.com>, netdev@vger.kernel.org Subject: [PATCH 08/18] xfrm: Add in-kernel groups for compat notifications Date: Thu, 26 Jul 2018 03:31:34 +0100 Message-Id: <20180726023144.31066-9-dima@arista.com> X-Mailer: git-send-email 2.13.6 In-Reply-To: <20180726023144.31066-1-dima@arista.com> References: <20180726023144.31066-1-dima@arista.com> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Introduce kernel-only, hidden from userspace groups. Application that bind()ed by kernel to such group will receive netlink messages in compatible ABI on 64-bit kernels. Cc: "David S. Miller" Cc: Herbert Xu Cc: Steffen Klassert Cc: netdev@vger.kernel.org Signed-off-by: Dmitry Safonov --- net/xfrm/xfrm_user.c | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 53 insertions(+), 1 deletion(-) diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index bf2ca93edaf5..b123e788488f 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -67,6 +67,29 @@ struct xfrm_userspi_info_packed { __u32 max; } __packed; +/* In-kernel, non-uapi compat groups. + * As compat/native messages differ, send notifications according + * to .bind() caller's ABI. There are *_COMPAT hidden from userspace + * groups for such task. + */ +enum xfrm_nlgroups_kernel { + XFRMNLGRP_COMPAT_MIN = XFRMNLGRP_MAX, + XFRMNLGRP_COMPAT_ACQUIRE, + XFRMNLGRP_COMPAT_EXPIRE, + XFRMNLGRP_COMPAT_SA, + XFRMNLGRP_COMPAT_POLICY, + /* Group messages for the following notifications do not differ + * in size between native and compat structures: + * XFRMNLGRP_AEVENTS, + * XFRMNLGRP_REPORT, + * XFRMNLGRP_MIGRATE, + * XFRMNLGRP_MAPPING, + */ + __XFRMNLGRP_COMPAT_MAX +}; + +#define XFRMNLGRP_KERNEL_MAX (__XFRMNLGRP_COMPAT_MAX - 1) + static int verify_one_alg(struct nlattr **attrs, enum xfrm_attr_type_t type) { struct nlattr *rt = attrs[type]; @@ -2645,6 +2668,34 @@ static void xfrm_netlink_rcv(struct sk_buff *skb) mutex_unlock(&net->xfrm.xfrm_cfg_mutex); } +static inline void xfrm_nlgrp_compat(unsigned long *groups, + int group, int group_compat) +{ + unsigned long group_bit = 1UL << (group - 1); + + if (*groups & group_bit) { + *groups &= ~group_bit; + *groups |= 1UL << (group_compat - 1); + } +} + +static int xfrm_netlink_bind(struct net *net, unsigned long *groups) +{ + unsigned long uapi_mask = (1UL << XFRMNLGRP_MAX) - 1; + + *groups &= uapi_mask; + + if (!in_compat_syscall()) + return 0; + + xfrm_nlgrp_compat(groups, XFRMNLGRP_ACQUIRE, XFRMNLGRP_COMPAT_ACQUIRE); + xfrm_nlgrp_compat(groups, XFRMNLGRP_EXPIRE, XFRMNLGRP_COMPAT_EXPIRE); + xfrm_nlgrp_compat(groups, XFRMNLGRP_SA, XFRMNLGRP_COMPAT_SA); + xfrm_nlgrp_compat(groups, XFRMNLGRP_POLICY, XFRMNLGRP_COMPAT_POLICY); + + return 0; +} + static inline unsigned int xfrm_expire_msgsize(void) { return NLMSG_ALIGN(sizeof(struct xfrm_user_expire)) @@ -3283,8 +3334,9 @@ static int __net_init xfrm_user_net_init(struct net *net) { struct sock *nlsk; struct netlink_kernel_cfg cfg = { - .groups = XFRMNLGRP_MAX, + .groups = XFRMNLGRP_KERNEL_MAX, .input = xfrm_netlink_rcv, + .bind = xfrm_netlink_bind, }; nlsk = netlink_kernel_create(net, NETLINK_XFRM, &cfg); -- 2.13.6