diff mbox series

[4/4,DO-NOT-MERGE] mptcp: use kmalloc on kasan build

Message ID b51e3be17fb22306fe1c33dfa03cf635d0515813.1591291903.git.pabeni@redhat.com
State Accepted, archived
Delegated to: Matthieu Baerts
Headers show
Series mptcp: token refactor follow-up | expand

Commit Message

Paolo Abeni June 4, 2020, 5:40 p.m. UTC 
Helps detection UaF, which apparently kasan misses
with kmem_cache allocator.

We also need to always set the SOCK_RCU_FREE flag, to
preserved the current code leveraging SLAB_TYPESAFE_BY_RCU.
This latter change will make unreachable some existing
errors path, but I don't see other options.

Signed-off-by: Paolo Abeni <pabeni@redhat.com>
---
 net/ipv4/af_inet.c   |  3 +++
 net/mptcp/protocol.c | 15 +++++++++++++--
 2 files changed, 16 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 02aa5cb3a4fd..53da7a4683d3 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -316,7 +316,10 @@  static int inet_create(struct net *net, struct socket *sock, int protocol,
 	answer_flags = answer->flags;
 	rcu_read_unlock();
 
+#if !IS_ENABLED(CONFIG_KASAN)
+	/* with kasan we use kmalloc */
 	WARN_ON(!answer_prot->slab);
+#endif
 
 	err = -ENOBUFS;
 	sk = sk_alloc(net, PF_INET, GFP_KERNEL, answer_prot, kern);
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 90e87727fde3..5ce1314a1916 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -1262,6 +1262,9 @@  static int __mptcp_init_sock(struct sock *sk)
 	/* re-use the csk retrans timer for MPTCP-level retrans */
 	timer_setup(&msk->sk.icsk_retransmit_timer, mptcp_retransmit_timer, 0);
 
+#if IS_ENABLED(CONFIG_KASAN)
+	sock_set_flag(sk, SOCK_RCU_FREE);
+#endif
 	return 0;
 }
 
@@ -1455,7 +1458,9 @@  struct sock *mptcp_sk_clone(const struct sock *sk,
 		msk->ack_seq = ack_seq;
 	}
 
+#if !IS_ENABLED(CONFIG_KASAN)
 	sock_reset_flag(nsk, SOCK_RCU_FREE);
+#endif
 	/* will be fully established after successful MPC subflow creation */
 	inet_sk_state_store(nsk, TCP_SYN_RECV);
 	bh_unlock_sock(nsk);
@@ -2076,6 +2081,12 @@  static struct inet_protosw mptcp_protosw = {
 	.flags		= INET_PROTOSW_ICSK,
 };
 
+#if IS_ENABLED(CONFIG_KASAN)
+#define MPTCP_USE_SLAB		0
+#else
+#define MPTCP_USE_SLAB		1
+#endif
+
 void __init mptcp_proto_init(void)
 {
 	mptcp_prot.h.hashinfo = tcp_prot.h.hashinfo;
@@ -2087,7 +2098,7 @@  void __init mptcp_proto_init(void)
 	mptcp_pm_init();
 	mptcp_token_init();
 
-	if (proto_register(&mptcp_prot, 1) != 0)
+	if (proto_register(&mptcp_prot, MPTCP_USE_SLAB) != 0)
 		panic("Failed to register MPTCP proto.\n");
 
 	inet_register_protosw(&mptcp_protosw);
@@ -2149,7 +2160,7 @@  int __init mptcp_proto_v6_init(void)
 	mptcp_v6_prot.destroy = mptcp_v6_destroy;
 	mptcp_v6_prot.obj_size = sizeof(struct mptcp6_sock);
 
-	err = proto_register(&mptcp_v6_prot, 1);
+	err = proto_register(&mptcp_v6_prot, MPTCP_USE_SLAB);
 	if (err)
 		return err;