Add a helper to directly get the SCTP_PRIMARY_ADDR sockopt from kernel
space without going through a fake uaccess.
Signed-off-by: Christoph Hellwig <[email protected]>
---
fs/dlm/lowcomms.c | 11 +++-----
include/net/sctp/sctp.h | 1 +
net/sctp/socket.c | 57 +++++++++++++++++++++++++----------------
3 files changed, 39 insertions(+), 30 deletions(-)
diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c
index 6fa45365666a8..46d2d71b62c57 100644
--- a/fs/dlm/lowcomms.c
+++ b/fs/dlm/lowcomms.c
@@ -855,10 +855,9 @@ static int tcp_accept_from_sock(struct connection *con)
static int sctp_accept_from_sock(struct connection *con)
{
/* Check that the new node is in the lockspace */
- struct sctp_prim prim;
+ struct sctp_prim prim = { };
int nodeid;
- int prim_len, ret;
- int addr_len;
+ int addr_len, ret;
struct connection *newcon;
struct connection *addcon;
struct socket *newsock;
@@ -876,11 +875,7 @@ static int sctp_accept_from_sock(struct connection *con)
if (ret < 0)
goto accept_err;
- memset(&prim, 0, sizeof(struct sctp_prim));
- prim_len = sizeof(struct sctp_prim);
-
- ret = kernel_getsockopt(newsock, IPPROTO_SCTP, SCTP_PRIMARY_ADDR,
- (char *)&prim, &prim_len);
+ ret = sctp_sock_get_primary_addr(con->sock->sk, &prim);
if (ret < 0) {
log_print("getsockopt/sctp_primary_addr failed: %d", ret);
goto accept_err;
diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
index b505fa082f254..c98b1d14db853 100644
--- a/include/net/sctp/sctp.h
+++ b/include/net/sctp/sctp.h
@@ -618,5 +618,6 @@ static inline bool sctp_newsk_ready(const struct sock *sk)
int sctp_setsockopt_bindx(struct sock *sk, struct sockaddr *kaddrs,
int addrs_size, int op);
void sctp_sock_set_nodelay(struct sock *sk, bool val);
+int sctp_sock_get_primary_addr(struct sock *sk, struct sctp_prim *prim);
#endif /* __net_sctp_h__ */
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 64c395f7a86d5..39bf8090dbe1e 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -6411,6 +6411,35 @@ static int sctp_getsockopt_local_addrs(struct sock *sk, int len,
return err;
}
+static int __sctp_sock_get_primary_addr(struct sock *sk, struct sctp_prim *prim)
+{
+ struct sctp_association *asoc;
+
+ asoc = sctp_id2assoc(sk, prim->ssp_assoc_id);
+ if (!asoc)
+ return -EINVAL;
+ if (!asoc->peer.primary_path)
+ return -ENOTCONN;
+
+ memcpy(&prim->ssp_addr, &asoc->peer.primary_path->ipaddr,
+ asoc->peer.primary_path->af_specific->sockaddr_len);
+
+ sctp_get_pf_specific(sk->sk_family)->addr_to_user(sctp_sk(sk),
+ (union sctp_addr *)&prim->ssp_addr);
+ return 0;
+}
+
+int sctp_sock_get_primary_addr(struct sock *sk, struct sctp_prim *prim)
+{
+ int ret;
+
+ lock_sock(sk);
+ ret = __sctp_sock_get_primary_addr(sk, prim);
+ release_sock(sk);
+ return ret;
+}
+EXPORT_SYMBOL(sctp_sock_get_primary_addr);
+
/* 7.1.10 Set Primary Address (SCTP_PRIMARY_ADDR)
*
* Requests that the local SCTP stack use the enclosed peer address as
@@ -6421,35 +6450,19 @@ static int sctp_getsockopt_primary_addr(struct sock *sk, int len,
char __user *optval, int __user *optlen)
{
struct sctp_prim prim;
- struct sctp_association *asoc;
- struct sctp_sock *sp = sctp_sk(sk);
+ int ret;
if (len < sizeof(struct sctp_prim))
return -EINVAL;
-
- len = sizeof(struct sctp_prim);
-
- if (copy_from_user(&prim, optval, len))
+ if (copy_from_user(&prim, optval, sizeof(struct sctp_prim)))
return -EFAULT;
- asoc = sctp_id2assoc(sk, prim.ssp_assoc_id);
- if (!asoc)
- return -EINVAL;
-
- if (!asoc->peer.primary_path)
- return -ENOTCONN;
-
- memcpy(&prim.ssp_addr, &asoc->peer.primary_path->ipaddr,
- asoc->peer.primary_path->af_specific->sockaddr_len);
-
- sctp_get_pf_specific(sk->sk_family)->addr_to_user(sp,
- (union sctp_addr *)&prim.ssp_addr);
+ ret = __sctp_sock_get_primary_addr(sk, &prim);
+ if (ret)
+ return ret;
- if (put_user(len, optlen))
+ if (put_user(len, optlen) || copy_to_user(optval, &prim, len))
return -EFAULT;
- if (copy_to_user(optval, &prim, len))
- return -EFAULT;
-
return 0;
}
--
2.26.2
On Wed, May 13, 2020 at 08:26:47AM +0200, Christoph Hellwig wrote:
> Add a helper to directly get the SCTP_PRIMARY_ADDR sockopt from kernel
> space without going through a fake uaccess.
Same comment as on the other dlm/sctp patch.
>
> Signed-off-by: Christoph Hellwig <[email protected]>
> ---
> fs/dlm/lowcomms.c | 11 +++-----
> include/net/sctp/sctp.h | 1 +
> net/sctp/socket.c | 57 +++++++++++++++++++++++++----------------
> 3 files changed, 39 insertions(+), 30 deletions(-)
>
> diff --git a/fs/dlm/lowcomms.c b/fs/dlm/lowcomms.c
> index 6fa45365666a8..46d2d71b62c57 100644
> --- a/fs/dlm/lowcomms.c
> +++ b/fs/dlm/lowcomms.c
> @@ -855,10 +855,9 @@ static int tcp_accept_from_sock(struct connection *con)
> static int sctp_accept_from_sock(struct connection *con)
> {
> /* Check that the new node is in the lockspace */
> - struct sctp_prim prim;
> + struct sctp_prim prim = { };
> int nodeid;
> - int prim_len, ret;
> - int addr_len;
> + int addr_len, ret;
> struct connection *newcon;
> struct connection *addcon;
> struct socket *newsock;
> @@ -876,11 +875,7 @@ static int sctp_accept_from_sock(struct connection *con)
> if (ret < 0)
> goto accept_err;
>
> - memset(&prim, 0, sizeof(struct sctp_prim));
> - prim_len = sizeof(struct sctp_prim);
> -
> - ret = kernel_getsockopt(newsock, IPPROTO_SCTP, SCTP_PRIMARY_ADDR,
> - (char *)&prim, &prim_len);
> + ret = sctp_sock_get_primary_addr(con->sock->sk, &prim);
> if (ret < 0) {
> log_print("getsockopt/sctp_primary_addr failed: %d", ret);
> goto accept_err;
> diff --git a/include/net/sctp/sctp.h b/include/net/sctp/sctp.h
> index b505fa082f254..c98b1d14db853 100644
> --- a/include/net/sctp/sctp.h
> +++ b/include/net/sctp/sctp.h
> @@ -618,5 +618,6 @@ static inline bool sctp_newsk_ready(const struct sock *sk)
> int sctp_setsockopt_bindx(struct sock *sk, struct sockaddr *kaddrs,
> int addrs_size, int op);
> void sctp_sock_set_nodelay(struct sock *sk, bool val);
> +int sctp_sock_get_primary_addr(struct sock *sk, struct sctp_prim *prim);
>
> #endif /* __net_sctp_h__ */
> diff --git a/net/sctp/socket.c b/net/sctp/socket.c
> index 64c395f7a86d5..39bf8090dbe1e 100644
> --- a/net/sctp/socket.c
> +++ b/net/sctp/socket.c
> @@ -6411,6 +6411,35 @@ static int sctp_getsockopt_local_addrs(struct sock *sk, int len,
> return err;
> }
>
> +static int __sctp_sock_get_primary_addr(struct sock *sk, struct sctp_prim *prim)
> +{
> + struct sctp_association *asoc;
> +
> + asoc = sctp_id2assoc(sk, prim->ssp_assoc_id);
> + if (!asoc)
> + return -EINVAL;
> + if (!asoc->peer.primary_path)
> + return -ENOTCONN;
> +
> + memcpy(&prim->ssp_addr, &asoc->peer.primary_path->ipaddr,
> + asoc->peer.primary_path->af_specific->sockaddr_len);
> +
> + sctp_get_pf_specific(sk->sk_family)->addr_to_user(sctp_sk(sk),
> + (union sctp_addr *)&prim->ssp_addr);
> + return 0;
> +}
> +
> +int sctp_sock_get_primary_addr(struct sock *sk, struct sctp_prim *prim)
> +{
> + int ret;
> +
> + lock_sock(sk);
> + ret = __sctp_sock_get_primary_addr(sk, prim);
> + release_sock(sk);
> + return ret;
> +}
> +EXPORT_SYMBOL(sctp_sock_get_primary_addr);
> +
> /* 7.1.10 Set Primary Address (SCTP_PRIMARY_ADDR)
> *
> * Requests that the local SCTP stack use the enclosed peer address as
> @@ -6421,35 +6450,19 @@ static int sctp_getsockopt_primary_addr(struct sock *sk, int len,
> char __user *optval, int __user *optlen)
> {
> struct sctp_prim prim;
> - struct sctp_association *asoc;
> - struct sctp_sock *sp = sctp_sk(sk);
> + int ret;
>
> if (len < sizeof(struct sctp_prim))
> return -EINVAL;
> -
> - len = sizeof(struct sctp_prim);
> -
> - if (copy_from_user(&prim, optval, len))
> + if (copy_from_user(&prim, optval, sizeof(struct sctp_prim)))
> return -EFAULT;
>
> - asoc = sctp_id2assoc(sk, prim.ssp_assoc_id);
> - if (!asoc)
> - return -EINVAL;
> -
> - if (!asoc->peer.primary_path)
> - return -ENOTCONN;
> -
> - memcpy(&prim.ssp_addr, &asoc->peer.primary_path->ipaddr,
> - asoc->peer.primary_path->af_specific->sockaddr_len);
> -
> - sctp_get_pf_specific(sk->sk_family)->addr_to_user(sp,
> - (union sctp_addr *)&prim.ssp_addr);
> + ret = __sctp_sock_get_primary_addr(sk, &prim);
> + if (ret)
> + return ret;
>
> - if (put_user(len, optlen))
> + if (put_user(len, optlen) || copy_to_user(optval, &prim, len))
> return -EFAULT;
> - if (copy_to_user(optval, &prim, len))
> - return -EFAULT;
> -
> return 0;
> }
>
> --
> 2.26.2
>
From: Marcelo Ricardo Leitner
> Sent: 13 May 2020 19:03
>
> On Wed, May 13, 2020 at 08:26:47AM +0200, Christoph Hellwig wrote:
> > Add a helper to directly get the SCTP_PRIMARY_ADDR sockopt from kernel
> > space without going through a fake uaccess.
>
> Same comment as on the other dlm/sctp patch.
Wouldn't it be best to write sctp_[gs]etsockotp() that
use a kernel buffer and then implement the user-space
calls using a wrapper that does the copies to an on-stack
(or malloced if big) buffer.
That will also simplify the code be removing all the copies
and -EFAULT returns.
Only the size checks will be needed and the code can assume
the buffer is at least the size of the on-stack buffer.
Our SCTP code uses SO_REUSADDR, SCTP_EVENTS, SCTP_NODELAY,
SCTP_STATUS, SCTP_INITMSG, IPV6_ONLY, SCTP_SOCKOPT_BINDX_ADD
and SO_LINGER.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
From: David Laight
> Sent: 14 May 2020 10:51
> From: Marcelo Ricardo Leitner
> > Sent: 13 May 2020 19:03
> >
> > On Wed, May 13, 2020 at 08:26:47AM +0200, Christoph Hellwig wrote:
> > > Add a helper to directly get the SCTP_PRIMARY_ADDR sockopt from kernel
> > > space without going through a fake uaccess.
> >
> > Same comment as on the other dlm/sctp patch.
>
> Wouldn't it be best to write sctp_[gs]etsockotp() that
> use a kernel buffer and then implement the user-space
> calls using a wrapper that does the copies to an on-stack
> (or malloced if big) buffer.
Actually looking at __sys_setsockopt() it calls
BPF_CGROUP_RUN_PROG_SETSOCKOPT() which (by the look of it)
can copy the user buffer into malloc()ed memory and
cause set_fs(KERNEL_DS) be called.
The only way to get rid of that set_fs() is to always
have the buffer in kernel memory when the underlying
setsockopt() code is called.
The comment above __sys_[sg]etsockopt() about not knowing
the length is just wrong.
It probably applied to getsockopt() in the dim and distant
past before it was made read-update.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
From: David Laight
> Sent: 14 May 2020 13:30
> Subject: RE: [PATCH 32/33] sctp: add sctp_sock_get_primary_addr
>
> From: David Laight
> > Sent: 14 May 2020 10:51
> > From: Marcelo Ricardo Leitner
> > > Sent: 13 May 2020 19:03
> > >
> > > On Wed, May 13, 2020 at 08:26:47AM +0200, Christoph Hellwig wrote:
> > > > Add a helper to directly get the SCTP_PRIMARY_ADDR sockopt from kernel
> > > > space without going through a fake uaccess.
> > >
> > > Same comment as on the other dlm/sctp patch.
> >
> > Wouldn't it be best to write sctp_[gs]etsockotp() that
> > use a kernel buffer and then implement the user-space
> > calls using a wrapper that does the copies to an on-stack
> > (or malloced if big) buffer.
>
> Actually looking at __sys_setsockopt() it calls
> BPF_CGROUP_RUN_PROG_SETSOCKOPT() which (by the look of it)
> can copy the user buffer into malloc()ed memory and
> cause set_fs(KERNEL_DS) be called.
>
> The only way to get rid of that set_fs() is to always
> have the buffer in kernel memory when the underlying
> setsockopt() code is called.
And having started to try coding __sys_setsockopt()
and then found the compat code I suspect that would
be a whole lot more sane if the buffer was in kernel
and it knew that at least (say) 64 bytes were allocated.
The whole compat_alloc_user_space() 'crap' could probably go.
Actually it looks like an application can avoid whatever
checks BPF_CGROUP_RUN_PROG_SETSOCKOPT() is trying to do
by using the 32bit compat ioctls.
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)