{"id":810379,"url":"http://patchwork.ozlabs.org/api/patches/810379/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/patch/cfb5c05d158b278beb2f1441c67a068a8bb27d44.1504670009.git.lucien.xin@gmail.com/","project":{"id":7,"url":"http://patchwork.ozlabs.org/api/projects/7/?format=json","name":"Linux network development","link_name":"netdev","list_id":"netdev.vger.kernel.org","list_email":"netdev@vger.kernel.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<cfb5c05d158b278beb2f1441c67a068a8bb27d44.1504670009.git.lucien.xin@gmail.com>","list_archive_url":null,"date":"2017-09-06T03:53:29","name":"[net] netlink: access nlk groups safely in netlink bind and getname","commit_ref":null,"pull_url":null,"state":"accepted","archived":true,"hash":"7d20a903ea8a02acf281c08641c0acbe985e5d9e","submitter":{"id":61073,"url":"http://patchwork.ozlabs.org/api/people/61073/?format=json","name":"Xin Long","email":"lucien.xin@gmail.com"},"delegate":{"id":34,"url":"http://patchwork.ozlabs.org/api/users/34/?format=json","username":"davem","first_name":"David","last_name":"Miller","email":"davem@davemloft.net"},"mbox":"http://patchwork.ozlabs.org/project/netdev/patch/cfb5c05d158b278beb2f1441c67a068a8bb27d44.1504670009.git.lucien.xin@gmail.com/mbox/","series":[{"id":1686,"url":"http://patchwork.ozlabs.org/api/series/1686/?format=json","web_url":"http://patchwork.ozlabs.org/project/netdev/list/?series=1686","date":"2017-09-06T03:53:29","name":"[net] netlink: access nlk groups safely in netlink bind and getname","version":1,"mbox":"http://patchwork.ozlabs.org/series/1686/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/810379/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/810379/checks/","tags":{},"related":[],"headers":{"Return-Path":"<netdev-owner@vger.kernel.org>","X-Original-To":"patchwork-incoming@ozlabs.org","Delivered-To":"patchwork-incoming@ozlabs.org","Authentication-Results":["ozlabs.org;\n\tspf=none (mailfrom) smtp.mailfrom=vger.kernel.org\n\t(client-ip=209.132.180.67; helo=vger.kernel.org;\n\tenvelope-from=netdev-owner@vger.kernel.org;\n\treceiver=<UNKNOWN>)","ozlabs.org; dkim=pass (2048-bit key;\n\tunprotected) header.d=gmail.com header.i=@gmail.com\n\theader.b=\"GGgdB4w6\"; dkim-atps=neutral"],"Received":["from vger.kernel.org (vger.kernel.org [209.132.180.67])\n\tby ozlabs.org (Postfix) with ESMTP id 3xn8nx0QZCz9sNd\n\tfor <patchwork-incoming@ozlabs.org>;\n\tWed,  6 Sep 2017 13:53:41 +1000 (AEST)","(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n\tid S1751668AbdIFDxi (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);\n\tTue, 5 Sep 2017 23:53:38 -0400","from mail-pg0-f66.google.com ([74.125.83.66]:34445 \"EHLO\n\tmail-pg0-f66.google.com\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n\twith ESMTP id S1750880AbdIFDxh (ORCPT\n\t<rfc822;netdev@vger.kernel.org>); Tue, 5 Sep 2017 23:53:37 -0400","by mail-pg0-f66.google.com with SMTP id v82so2280719pgb.1\n\tfor <netdev@vger.kernel.org>; Tue, 05 Sep 2017 20:53:37 -0700 (PDT)","from localhost ([209.132.188.80]) by smtp.gmail.com with ESMTPSA id\n\tj10sm581956pfj.116.2017.09.05.20.53.36\n\t(version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);\n\tTue, 05 Sep 2017 20:53:36 -0700 (PDT)"],"DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=gmail.com; s=20161025;\n\th=from:to:cc:subject:date:message-id;\n\tbh=6G3tj7g5cnX9uICK3vAJEZ1JhKT82AwpJcG6Mfprt2w=;\n\tb=GGgdB4w64GnFvPuUfOqy5x+otso3OZx77lhd/9e4hvcuF1/MxF3wUj/Tugki8+7ARX\n\t0y6CbSRl4sgRery2jtOH7Nx5XWTcGrCqD4Fo/Xs3Pf21gI2OXhX1ov/a1liLXit1MFLP\n\tIX0UakLQ3WuZGD9q1MLmqaXUOyg8W67VgjtDivEazuY3CCcQADl3HUqyGXxtKKBxBSo2\n\trI1dG91QcUP31rkDzlIp1cEDltFrgduxKngWFgmR4K0pfry/l+xW4uvfqFDoRuf3sKU3\n\tAvytdEmOinKUgP705Gk17hb6ljlu//s0w3Vgy+KN1ByOQb4DAvxq08nHAkaZ8X4zaoz9\n\thBNQ==","X-Google-DKIM-Signature":"v=1; a=rsa-sha256; c=relaxed/relaxed;\n\td=1e100.net; s=20161025;\n\th=x-gm-message-state:from:to:cc:subject:date:message-id;\n\tbh=6G3tj7g5cnX9uICK3vAJEZ1JhKT82AwpJcG6Mfprt2w=;\n\tb=e3GgPU/llb1/CHNCABerrHA9mDvraAjDaysKwoHLQeas3sriOSI8S/KY8zlf2DcTmp\n\tm1ttNRHyX1vLsSLHtR32fIVoqS0fksfgM47G67c7WcqsWbz50guEz07Her4Z+i3qJz6Y\n\tEwhD26xnLxq5SxGt99XsFrGbLDSl9/EFvnGTAwTda575JcDmJjvJ69Fgn8wq7MjpZEjq\n\tyv2LKsQNzFMtmSYYmj8BgS6pw0AqSsdF5cTxguoUS9sB5oUy6ADofy1gOAeHn39z0cM/\n\tYAjtTwNdAbe7tCmZLnU2VzhAy3ieWenPhTJ9YrbtXdsIEMW6Xxz9aQGb04JIrJraP+MS\n\tH4aw==","X-Gm-Message-State":"AHPjjUhhaFcSsV0CDN4b6JKpDJgofpRlTog4SqKphdWMSg0DdO6RFGyR\n\twNFbz/KtdxFStDfwUPU=","X-Google-Smtp-Source":"ADKCNb4pcF/4DculDujGa0+fd3HwxfnmuTmf6XNhEqFlA4c0/eBAlroB1LirnNMU+r3d/r/dzhHdQQ==","X-Received":"by 10.98.32.92 with SMTP id g89mr5910443pfg.285.1504670017063;\n\tTue, 05 Sep 2017 20:53:37 -0700 (PDT)","From":"Xin Long <lucien.xin@gmail.com>","To":"network dev <netdev@vger.kernel.org>","Cc":"davem@davemloft.net, fw@strlen.de","Subject":"[PATCH net] netlink: access nlk groups safely in netlink bind and\n\tgetname","Date":"Wed,  6 Sep 2017 11:53:29 +0800","Message-Id":"<cfb5c05d158b278beb2f1441c67a068a8bb27d44.1504670009.git.lucien.xin@gmail.com>","X-Mailer":"git-send-email 2.1.0","Sender":"netdev-owner@vger.kernel.org","Precedence":"bulk","List-ID":"<netdev.vger.kernel.org>","X-Mailing-List":"netdev@vger.kernel.org"},"content":"Now there is no lock protecting nlk ngroups/groups' accessing in\nnetlink bind and getname. It's safe from nlk groups' setting in\nnetlink_release, but not from netlink_realloc_groups called by\nnetlink_setsockopt.\n\nnetlink_lock_table is needed in both netlink bind and getname when\naccessing nlk groups.\n\nAcked-by: Florian Westphal <fw@strlen.de>\nSigned-off-by: Xin Long <lucien.xin@gmail.com>\n---\n net/netlink/af_netlink.c | 16 ++++++++++++----\n 1 file changed, 12 insertions(+), 4 deletions(-)","diff":"diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c\nindex 94a61e6..3278077 100644\n--- a/net/netlink/af_netlink.c\n+++ b/net/netlink/af_netlink.c\n@@ -955,7 +955,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,\n \tstruct net *net = sock_net(sk);\n \tstruct netlink_sock *nlk = nlk_sk(sk);\n \tstruct sockaddr_nl *nladdr = (struct sockaddr_nl *)addr;\n-\tint err;\n+\tint err = 0;\n \tlong unsigned int groups = nladdr->nl_groups;\n \tbool bound;\n \n@@ -983,6 +983,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,\n \t\t\treturn -EINVAL;\n \t}\n \n+\tnetlink_lock_table();\n \tif (nlk->netlink_bind && groups) {\n \t\tint group;\n \n@@ -993,7 +994,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,\n \t\t\tif (!err)\n \t\t\t\tcontinue;\n \t\t\tnetlink_undo_bind(group, groups, sk);\n-\t\t\treturn err;\n+\t\t\tgoto unlock;\n \t\t}\n \t}\n \n@@ -1006,12 +1007,13 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,\n \t\t\tnetlink_autobind(sock);\n \t\tif (err) {\n \t\t\tnetlink_undo_bind(nlk->ngroups, groups, sk);\n-\t\t\treturn err;\n+\t\t\tgoto unlock;\n \t\t}\n \t}\n \n \tif (!groups && (nlk->groups == NULL || !(u32)nlk->groups[0]))\n-\t\treturn 0;\n+\t\tgoto unlock;\n+\tnetlink_unlock_table();\n \n \tnetlink_table_grab();\n \tnetlink_update_subscriptions(sk, nlk->subscriptions +\n@@ -1022,6 +1024,10 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,\n \tnetlink_table_ungrab();\n \n \treturn 0;\n+\n+unlock:\n+\tnetlink_unlock_table();\n+\treturn err;\n }\n \n static int netlink_connect(struct socket *sock, struct sockaddr *addr,\n@@ -1079,7 +1085,9 @@ static int netlink_getname(struct socket *sock, struct sockaddr *addr,\n \t\tnladdr->nl_groups = netlink_group_mask(nlk->dst_group);\n \t} else {\n \t\tnladdr->nl_pid = nlk->portid;\n+\t\tnetlink_lock_table();\n \t\tnladdr->nl_groups = nlk->groups ? nlk->groups[0] : 0;\n+\t\tnetlink_unlock_table();\n \t}\n \treturn 0;\n }\n","prefixes":["net"]}