From patchwork Thu Apr 25 16:06:54 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
X-Patchwork-Id: 1090961
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=gmail.com header.i=@gmail.com
	header.b="prPDKgBT"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 44qhs05hLNz9s00
	for <patchwork-incoming-netdev@ozlabs.org>;
	Fri, 26 Apr 2019 02:07:00 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1726801AbfDYQG7 (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Thu, 25 Apr 2019 12:06:59 -0400
Received: from mail-qk1-f196.google.com ([209.85.222.196]:33279 "EHLO
	mail-qk1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1726020AbfDYQG6 (ORCPT
	<rfc822;netdev@vger.kernel.org>); Thu, 25 Apr 2019 12:06:58 -0400
Received: by mail-qk1-f196.google.com with SMTP id k189so87185qkc.0
	for <netdev@vger.kernel.org>; Thu, 25 Apr 2019 09:06:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding;
	bh=lFdCCAUZhvEMupOAmjayCfX2hUlUly/Q5ebE9H1IZYI=;
	b=prPDKgBTagCFNzjhEJl7v/WDnwGo1yfYAxznCYDFhD7jN8AHYPOmksMccQK+o2NfVr
	vHiLbq5Wv5vIjKy01xAnUXr0c1pdfRBcgBctBKWvfVl0r0H8OiIUfP5WIsA75RcD3rQ0
	9g6NY/CQFJshI2151DFo76JNyRqQKXCj9cYoJcoeri6YWc7WscgiZx0G2TgeItMeiDCE
	/ZBoX9UxDNmBg4sjOmi1ep6mui4Eu7N6uJykXR/Um764AaMVglRMOn2qfBwh/OG/nYmI
	PlWro5NnxnptsfQ3FuIt036UYAkfvkBlpbpX1R7Cda2fKG6g8LDO6Snaps3jF13rSGUZ
	+Csg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version
	:content-transfer-encoding;
	bh=lFdCCAUZhvEMupOAmjayCfX2hUlUly/Q5ebE9H1IZYI=;
	b=nnBgfFvDNf+YcEtaUdsbyZTBNJWcKYfXQrvIBxHzp9L/D4snfm1V/iQo79lcN/n4we
	Bc/ZjI1mWMwZBD9t1TYDIT9VkwFYgNL3XYP5Hn4/jKOXA/Cq57eyTkGMIZ+SJ3dQta6Y
	Fv20Rod8PsR5bKV8WNYpWa0LZ31mbN7bSysYvI9Cq46H8M38H5qQRpZdo7m52zs7sOEd
	U7AMIzn124QEaKBv+4eWQzCJgWmEEf9Q27v3IOfCst+lCAl26aJZaPyYTmXe7XOmxwJy
	Nx5yFOdnE4bCzaKWktl+HkOYLk2tqKsN/3IRBHRaXmDWMIEqKxwsFBlYStIrwgiJewJn
	/4fA==
X-Gm-Message-State: APjAAAUaGOVyxGGRywmiPMgEzIuDZw41kvUTtaM6XDotNZWfhkTfLnVE
	zNEjfg5X4XuMS43SaNsVx5IpNVFr
X-Google-Smtp-Source: 
 APXvYqwd5xhtJjBHfs6B+Vlzid2t+fPCK04+v34jNkqkLSw+M840FPu/ylX3XXftywfSJ3iID/v0gw==
X-Received: by 2002:ae9:ee0c:: with SMTP id
	i12mr15882397qkg.46.1556208417395;
	Thu, 25 Apr 2019 09:06:57 -0700 (PDT)
Received: from willemb1.nyc.corp.google.com
	([2620:0:1003:315:3fa1:a34c:1128:1d39])
	by smtp.gmail.com with ESMTPSA id
	z23sm10199502qki.17.2019.04.25.09.06.56
	(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Thu, 25 Apr 2019 09:06:56 -0700 (PDT)
From: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
To: netdev@vger.kernel.org
Cc: davem@davemloft.net, ebiederm@xmission.com,
	Willem de Bruijn <willemb@google.com>
Subject: [PATCH net] ipv6: invert flowlabel sharing check in process and
	user mode
Date: Thu, 25 Apr 2019 12:06:54 -0400
Message-Id: <20190425160654.211972-1-willemdebruijn.kernel@gmail.com>
X-Mailer: git-send-email 2.21.0.593.g511ec345e18-goog
MIME-Version: 1.0
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Willem de Bruijn <willemb@google.com>

A request for a flowlabel fails in process or user exclusive mode must
fail if the caller pid or uid does not match. Invert the test.

Previously, the test was unsafe wrt PID recycling, but indeed tested
for inequality: fl1->owner != fl->owner

Fixes: 4f82f45730c68 ("net ip6 flowlabel: Make owner a union of struct pid* and kuid_t")
Signed-off-by: Willem de Bruijn <willemb@google.com>
---
 net/ipv6/ip6_flowlabel.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
index cb54a8a3c2735..a05036bc808d5 100644
--- a/net/ipv6/ip6_flowlabel.c
+++ b/net/ipv6/ip6_flowlabel.c
@@ -633,9 +633,9 @@ int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
 				if (fl1->share == IPV6_FL_S_EXCL ||
 				    fl1->share != fl->share ||
 				    ((fl1->share == IPV6_FL_S_PROCESS) &&
-				     (fl1->owner.pid == fl->owner.pid)) ||
+				     (fl1->owner.pid != fl->owner.pid)) ||
 				    ((fl1->share == IPV6_FL_S_USER) &&
-				     uid_eq(fl1->owner.uid, fl->owner.uid)))
+				     !uid_eq(fl1->owner.uid, fl->owner.uid)))
 					goto release;
 
 				err = -ENOMEM;