Received: by 2002:a05:6500:1b8f:b0:1fa:5c73:8e2d with SMTP id df15csp978735lqb; Wed, 29 May 2024 17:24:44 -0700 (PDT) X-Forwarded-Encrypted: i=3; AJvYcCXW7DnqM1hePvmKPAAcj5LA9Fxq6RzoO6aY+li8paZOGJCVKIsCsBKUAco5QTDWTE7kqSdmveloq75/xdEK1+gXPmaYLInaEBF6vy1arA== X-Google-Smtp-Source: AGHT+IF5iD3eUV1jaikFckHvmV9yMXVSEQmFYST/40bAB6vq2Rwe0DDXG4Vd73gFPR7459HZ/DA4 X-Received: by 2002:a05:622a:1195:b0:43d:f8da:1643 with SMTP id d75a77b69052e-43fe9327b33mr9638051cf.53.1717028684124; Wed, 29 May 2024 17:24:44 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1717028684; cv=pass; d=google.com; s=arc-20160816; b=dipzTW2J5P3mLdYEJ6dP/AH8WmaS2fzixdtKtXZgqjj6KR3lZ+80sMJ82B/1KZ6YPT znuG5eGIAb5lx82+zr6roXSkWzDAuJY11eDx/jH3THmLVYu6Cl/RRzsCELQM649bu+8f k+MSXPIuNv1brAZ8LIzhrObI5xAawKWxbseIWGRe42t3xRz3y7uaY9lpiFazazlThDQH yc69UD6xGqSe1hdF2I+pv8I+ghylFUt+WSXxkbGLtPCDrPQmn1D/bi30XOh8fO4L9O3m UJJ+yDWPKLupzqdWErAWvu2H9a4rVpA3rg1LYFwlXxCU45CUbGZ4xfuoHZwdBtybqY2u BCUg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=content-transfer-encoding:mime-version:list-unsubscribe :list-subscribe:list-id:precedence:subject:references:in-reply-to :message-id:cc:to:from:date:dkim-signature; bh=daAIjqlAJvlh3DMCxt66Yxpteyun7KWAO+PmZTdsD1I=; fh=FldWkPPTzKjvjYjHHGAI7nkEsmFukKMKOpVWO5NBHpw=; b=mD5UxyF0gY8TwiL/oLHusxK/lqPhmU+e/xISNuvpIGUMZs4riOBV3mxZKe7J8gG7MQ xNyE4nlZ1RKlQ+XqzRY9Yi0MPn1H/9Jw9hgNhLS+gauKN7f/sPwUbOG6uPY0d+MnHK0H rhIXdyliott5Z3mIPz5ku48kPrILHfIcMgeY7477N4Cl6JRtz5H8jK+rkBt9Aa1a30yY LvFOOkubjHrWHjnr92oHjAclpQfzXdS3SmFufZ/I1f1wddUo/t5cIVxm+HSRA40maZe0 V/MjGdV1fVnlTgaUs7fWA9byb7euuSYP43gnUqEp+n80qK41oalasUyW0JkK4lhMOZZP O3Xg==; dara=google.com ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Ch0TOFUk; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-194806-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-194806-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Return-Path: Received: from ny.mirrors.kernel.org (ny.mirrors.kernel.org. [147.75.199.223]) by mx.google.com with ESMTPS id d75a77b69052e-43fb18b5078si148418591cf.502.2024.05.29.17.24.43 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 May 2024 17:24:44 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel+bounces-194806-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) client-ip=147.75.199.223; Authentication-Results: mx.google.com; dkim=pass header.i=@gmail.com header.s=20230601 header.b=Ch0TOFUk; arc=pass (i=1 spf=pass spfdomain=gmail.com dkim=pass dkdomain=gmail.com dmarc=pass fromdomain=gmail.com); spf=pass (google.com: domain of linux-kernel+bounces-194806-linux.lists.archive=gmail.com@vger.kernel.org designates 147.75.199.223 as permitted sender) smtp.mailfrom="linux-kernel+bounces-194806-linux.lists.archive=gmail.com@vger.kernel.org"; dmarc=pass (p=NONE sp=QUARANTINE dis=NONE) header.from=gmail.com Received: from smtp.subspace.kernel.org (wormhole.subspace.kernel.org [52.25.139.140]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ny.mirrors.kernel.org (Postfix) with ESMTPS id C30961C21643 for ; Thu, 30 May 2024 00:24:43 +0000 (UTC) Received: from localhost.localdomain (localhost.localdomain [127.0.0.1]) by smtp.subspace.kernel.org (Postfix) with ESMTP id 4DE0C8F47; Thu, 30 May 2024 00:24:32 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="Ch0TOFUk" Received: from mail-qv1-f50.google.com (mail-qv1-f50.google.com [209.85.219.50]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id E778A36B; Thu, 30 May 2024 00:24:29 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.219.50 ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717028671; cv=none; b=XhDme1ppMOH036EKU0X5mYea9+wZvHPQBuoTMnKsmOqAEPCrc7vHCtedY+R7be4WD1yFDeZnwLMZDDUVgAlcpuD8I1+jrk4OKK2/oTbsjxkvyjP+z+pRTnq/VJ7uVaRU9shys2NCPdaamcP/byq4RBbLhk+Psg1xdqVS9e5XXJc= ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1717028671; c=relaxed/simple; bh=oJzuJ7oeKWDazzvBwNiTMmJHRKQNgxb7KiIbWwO9mWY=; h=Date:From:To:Cc:Message-ID:In-Reply-To:References:Subject: Mime-Version:Content-Type; b=M8hSYaABPzkiaHMjL5YDiJPT/kWEJ41b4D2GzrWcDDQ059AzawpRk9ngvj0N9ZxxKdtXU2z8YfG3aQgQ8/A6rDaRhFRP+6ZYxbYa+ExICweruopNXDMg5BmoM0LVVdU1ffCYWgG/RThjhyEciBLCALoFgpEKrYMiPg6emczlUw8= ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=Ch0TOFUk; arc=none smtp.client-ip=209.85.219.50 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-qv1-f50.google.com with SMTP id 6a1803df08f44-6ae1059a62fso321186d6.1; Wed, 29 May 2024 17:24:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1717028669; x=1717633469; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:subject:references :in-reply-to:message-id:cc:to:from:date:from:to:cc:subject:date :message-id:reply-to; bh=daAIjqlAJvlh3DMCxt66Yxpteyun7KWAO+PmZTdsD1I=; b=Ch0TOFUkiNwKdiYfgoCdkAPpuXLkN8axkNPoHEVP1AAhEI/QHa3fTIOqheHi4f71Lg zxacXZFkrqHFcd68ik1lYWY3AM9ji4++268WapBICNudccr9pYhAl+PQ02HpI76amgS5 P76BJKcb+5hPhWB2cNLORwq5Rr8csVBp2hvCk24ELwcibpU89LzxwEOAlfC1FK1+HIZZ DSa5sCGJYdB8YAyacFKjrUblcDFvn7MUVKi37HVSPkSODcQIcqJojYJ6tsF//IbtSqPb fS0JnaHcJLgSfRb4VZIlM6cRX248MV/JRAmkh7R9f482+X04OxmFLk+WpRQ/hnFoZ6zN UFAA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1717028669; x=1717633469; h=content-transfer-encoding:mime-version:subject:references :in-reply-to:message-id:cc:to:from:date:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=daAIjqlAJvlh3DMCxt66Yxpteyun7KWAO+PmZTdsD1I=; b=P1k6/mNydmBXqSU9hmzB0lb5Fsf+pQrhxqpIdESD/8A93rilxW3BPuaZvuZ2R7bOWh ppoSjrqLFiGVshBM46pp9Aq9KCxjaEt8Q0LfUJhFq0y/bjccfKmBbJcG9Ae6dZm8Npgl gAjEkuRYI54vjcZgYBWqWMuNKaC3KXC7+LYg4Z1dkJrosxILKcFsVDrNWbAfqOKIETK1 ocJLyBD5vp7WlWHFcIh4L2uYJO28+DFzJ+u1QOnt/SjKTanztuzM4h2VlOTPY/7k50aj E/neE7JBpNFev0x15uN4YSg1uW2/lU1po3AbFzfyygRKfxFtH3Kz96Pk1ExrObeBRF5W Nz8g== X-Forwarded-Encrypted: i=1; AJvYcCUErO/+7XQtwQ+9NLxQLOGfV/tWIanQt0qYeafPaINnN7unDVg8kC8ie+sag0cFKGzcZLa8eY2a8u/GaJv029AFH1SYLao2EQAmVa+8YjZ+W9MU4T7bOwCuw/FCF2/YReaF2diTGuC67qgLd/FLmU2tWxOehgI9vWFL X-Gm-Message-State: AOJu0YycbKEUMDLtpqN1rMQ1rV1h/fcQ+1OFFt9SF5woAluqWdzafXD7 r91XnYIs72n/h2nk3PHEyyYqKU9rE8e5rkZCFZ66+mhVTcpVqOzL X-Received: by 2002:a05:6214:5c08:b0:6ad:6ea7:b261 with SMTP id 6a1803df08f44-6ae0cb1db63mr7390316d6.23.1717028668666; Wed, 29 May 2024 17:24:28 -0700 (PDT) Received: from localhost (112.49.199.35.bc.googleusercontent.com. [35.199.49.112]) by smtp.gmail.com with ESMTPSA id 6a1803df08f44-6ad850a6dc7sm30592536d6.93.2024.05.29.17.24.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 29 May 2024 17:24:28 -0700 (PDT) Date: Wed, 29 May 2024 20:24:27 -0400 From: Willem de Bruijn To: Abhishek Chauhan , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, Andrew Halaney , Willem de Bruijn , Martin KaFai Lau , Martin KaFai Lau , Daniel Borkmann , bpf Cc: kernel@quicinc.com, syzbot+d7b227731ec589e7f4f0@syzkaller.appspotmail.com, syzbot+30a35a2e9c5067cc43fa@syzkaller.appspotmail.com Message-ID: <6657c73bb72fa_37107c2948c@willemb.c.googlers.com.notmuch> In-Reply-To: <20240529183130.1717083-1-quic_abchauha@quicinc.com> References: <20240529183130.1717083-1-quic_abchauha@quicinc.com> Subject: Re: [PATCH net-next v2] net: validate SO_TXTIME clockid coming from userspace Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Abhishek Chauhan wrote: > Currently there are no strict checks while setting SO_TXTIME > from userspace. With the recent development in skb->tstamp_type > clockid with unsupported clocks results in warn_on_once, which causes > unnecessary aborts in some systems which enables panic on warns. > > Add validation in setsockopt to support only CLOCK_REALTIME, > CLOCK_MONOTONIC and CLOCK_TAI to be set from userspace. > > Link: https://lore.kernel.org/netdev/bc037db4-58bb-4861-ac31-a361a93841d3@linux.dev/ > Link: https://lore.kernel.org/lkml/6bdba7b6-fd22-4ea5-a356-12268674def1@quicinc.com/ > Fixes: 1693c5db6ab8 ("net: Add additional bit to support clockid_t timestamp type") > Reported-by: syzbot+d7b227731ec589e7f4f0@syzkaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=d7b227731ec589e7f4f0 > Reported-by: syzbot+30a35a2e9c5067cc43fa@syzkaller.appspotmail.com > Closes: https://syzkaller.appspot.com/bug?extid=30a35a2e9c5067cc43fa > Signed-off-by: Abhishek Chauhan > Acked-by: Martin KaFai Lau Reviewed-by: Willem de Bruijn > --- > Changes since v1 > - Moved from net to net-next since > Fixes tag is available only on net-next > as mentioned by Martin > - Added direct link to design discussion as > mentioned by Willem. > - Parameter in the sockopt_validate_clockid > is of type __kernel_clockid_t so changed it from > int to __kernel_clockid_t as mentioned by > Willem. > - Added Acked-by tag. > > net/core/sock.c | 16 ++++++++++++++++ > 1 file changed, 16 insertions(+) > > diff --git a/net/core/sock.c b/net/core/sock.c > index 8629f9aecf91..d497285f283a 100644 > --- a/net/core/sock.c > +++ b/net/core/sock.c > @@ -1083,6 +1083,17 @@ bool sockopt_capable(int cap) > } > EXPORT_SYMBOL(sockopt_capable); > > +static int sockopt_validate_clockid(__kernel_clockid_t value) The __kernel variants are UAPI. It looks odd to use this in kernel internal code, and I don't see many examples immediately. But I believe it is correct, as we're passing a sock_txtime.clockid field, which has this (UAPI) type. > +{ > + switch (value) { > + case CLOCK_REALTIME: > + case CLOCK_MONOTONIC: > + case CLOCK_TAI: > + return 0; > + } > + return -EINVAL; > +} > + > /* > * This is meant for all protocols to use and covers goings on > * at the socket level. Everything here is generic. > @@ -1497,6 +1508,11 @@ int sk_setsockopt(struct sock *sk, int level, int optname, > ret = -EPERM; > break; > } > + > + ret = sockopt_validate_clockid(sk_txtime.clockid); > + if (ret) > + break; > + > sock_valbool_flag(sk, SOCK_TXTIME, true); > sk->sk_clockid = sk_txtime.clockid; > sk->sk_txtime_deadline_mode = > -- > 2.25.1 >