Received: by 2002:a05:6a10:7420:0:0:0:0 with SMTP id hk32csp701340pxb;
        Wed, 16 Feb 2022 02:25:24 -0800 (PST)
X-Google-Smtp-Source: ABdhPJyfsi3GH+zhezFeH6awBr4FJ4hPBNF9QjRFnsJKO04+rKmRjSj4dhzxXnR4nUOGx8t3g/Rk
X-Received: by 2002:a17:902:d4d2:b0:14d:6060:718c with SMTP id o18-20020a170902d4d200b0014d6060718cmr2193091plg.90.1645007124308;
        Wed, 16 Feb 2022 02:25:24 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1645007124; cv=none;
        d=google.com; s=arc-20160816;
        b=UDS/Y6wXm8djQzCxzNefSFrF7pJXhjs+vtuqaAuovMWv0Q4AZjkOLFsH6qyvJx/SFY
         JU6e6NQUywDpO/f+O/SWDxKH4nSw+JXjyyDoHONkcCSQFrlC1iPwjijHI3u2YrDEpXeL
         UaURB9b2JW0UAYihmcVxsETWeMvzTD8xsayQv41mINt0JK4nPjWT6LD2IXO8rP4TyxYA
         aWpgAGk/7hQZ55QOz+d05FUFMMNNX/KjG4nyY/UodDTCuJ2vyNuCFZgGZ3O8LFSNHr6E
         Y1oOnFLd5qRz4e08TeXhO5t64RRfAxBz8yUGlqMMb2YmfRRvfncIhTIMZWozRXAmpUjf
         V2SA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:to:references:message-id
         :content-transfer-encoding:cc:date:in-reply-to:from:subject
         :mime-version;
        bh=ii65hEovEyBEnWPGQsLePACfZRtkML1/T9foo7nnEK4=;
        b=TdsV6qEJxugfW5HmpQlniS4BdT7GSJU8oP5AC8mJMo86OsXzpWh8V14etVsLubeOFp
         OZ2tlrQ4me+Jo/gcdTRKdzZqsPUWjARp0u0ro3nfNDsb8OIgFW+GC+69tZmcvCilC1hP
         t3c+zClnt9RYflMl6yA2EdKWryM6LmwpU+CHkEEtO40C8Lq9iLhY0C8OLIzMoahQ6mXr
         6/hv5xYDsDhLdlVNB1/U57IS0xry2nR+oDyBVQZh+kR2icDbsJ+3lpUBb8ECU/trlj7m
         2vNkhf/SHeNtSAbqVYvTmI1LcptzIZtOKNZzvJRv4cHkQ8joBFdEH45DB+yBUacLZkH3
         hGQQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=softfail (google.com: domain of transitioning linux-bluetooth-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org
Return-Path: <linux-bluetooth-owner@vger.kernel.org>
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net. [23.128.96.19])
        by mx.google.com with ESMTPS id h12si19155411plo.442.2022.02.16.02.25.23
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Wed, 16 Feb 2022 02:25:24 -0800 (PST)
Received-SPF: softfail (google.com: domain of transitioning linux-bluetooth-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) client-ip=23.128.96.19;
Authentication-Results: mx.google.com;
       spf=softfail (google.com: domain of transitioning linux-bluetooth-owner@vger.kernel.org does not designate 23.128.96.19 as permitted sender) smtp.mailfrom=linux-bluetooth-owner@vger.kernel.org
Received: from vger.kernel.org (vger.kernel.org [23.128.96.18])
	by lindbergh.monkeyblade.net (Postfix) with ESMTP id 0823827B1B;
	Wed, 16 Feb 2022 02:21:45 -0800 (PST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S232190AbiBPKVz convert rfc822-to-8bit (ORCPT
        <rfc822;bopamo@gmail.com> + 99 others);
        Wed, 16 Feb 2022 05:21:55 -0500
Received: from gmail-smtp-in.l.google.com ([23.128.96.19]:53104 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S232036AbiBPKVy (ORCPT
        <rfc822;linux-bluetooth@vger.kernel.org>);
        Wed, 16 Feb 2022 05:21:54 -0500
Received: from mail.holtmann.org (coyote.holtmann.net [212.227.132.17])
        by lindbergh.monkeyblade.net (Postfix) with ESMTP id 4A15B220C1;
        Wed, 16 Feb 2022 02:21:39 -0800 (PST)
Received: from smtpclient.apple (p4fefcd07.dip0.t-ipconnect.de [79.239.205.7])
        by mail.holtmann.org (Postfix) with ESMTPSA id EA1E0CED94;
        Wed, 16 Feb 2022 11:21:36 +0100 (CET)
Content-Type: text/plain;
        charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.60.0.1.1\))
Subject: Re: 4 missing check bugs
From:   Marcel Holtmann <marcel@holtmann.org>
In-Reply-To: <CAA-qYXiUFi5atN8tGRdORbiGqWnbdquuAeKuwdpWSVFVO2FveA@mail.gmail.com>
Date:   Wed, 16 Feb 2022 11:21:36 +0100
Cc:     Johan Hedberg <johan.hedberg@gmail.com>,
        "David S. Miller" <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>,
        linux-bluetooth@vger.kernel.org, netdev@vger.kernel.org,
        shenwenbosmile@gmail.com
Content-Transfer-Encoding: 8BIT
Message-Id: <DC479C7C-8962-45D3-A036-F5F57CB8865D@holtmann.org>
References: <CAA-qYXiUFi5atN8tGRdORbiGqWnbdquuAeKuwdpWSVFVO2FveA@mail.gmail.com>
To:     Jinmeng Zhou <jjjinmeng.zhou@gmail.com>
X-Mailer: Apple Mail (2.3693.60.0.1.1)
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RDNS_NONE,
	SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no
	version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-bluetooth.vger.kernel.org>
X-Mailing-List: linux-bluetooth@vger.kernel.org

Hi Jinmeng,

> Hi, our tool finds several missing check bugs on
> Linux kernel v4.18.5 using static analysis.
> We are looking forward to having more experts' eyes on this. Thank you!
> 
> Before calling sk_alloc() with SOCK_RAW type,
> there should be a permission check, ns_capable(ns,CAP_NET_RAW).
> For example,

says who? The appropriate checks are actually present, just not at sock_create. Some are at sock_bind.

Regards

Marcel