aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorDaniel Borkmann <dborkman@redhat.com>2014-02-17 06:11:11 -0500
committerDavid S. Miller <davem@davemloft.net>2014-02-18 16:06:48 -0500
commitffd5939381c609056b33b7585fb05a77b4c695f3 (patch)
tree20e705e5a88be849e8834d4c8730057029031827 /net
parent7ffb0d317d90eba63c4e7780a3ca62ecd51f2439 (diff)
net: sctp: fix sctp_connectx abi for ia32 emulation/compat mode
SCTP's sctp_connectx() abi breaks for 64bit kernels compiled with 32bit emulation (e.g. ia32 emulation or x86_x32). Due to internal usage of 'struct sctp_getaddrs_old' which includes a struct sockaddr pointer, sizeof(param) check will always fail in kernel as the structure in 64bit kernel space is 4bytes larger than for user binaries compiled in 32bit mode. Thus, applications making use of sctp_connectx() won't be able to run under such circumstances. Introduce a compat interface in the kernel to deal with such situations by using a 'struct compat_sctp_getaddrs_old' structure where user data is copied into it, and then sucessively transformed into a 'struct sctp_getaddrs_old' structure with the help of compat_ptr(). That fixes sctp_connectx() abi without any changes needed in user space, and lets the SCTP test suite pass when compiled in 32bit and run on 64bit kernels. Fixes: f9c67811ebc0 ("sctp: Fix regression introduced by new sctp_connectx api") Signed-off-by: Daniel Borkmann <dborkman@redhat.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Acked-by: Vlad Yasevich <vyasevich@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/sctp/socket.c41
1 files changed, 32 insertions, 9 deletions
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 7075ac847fde..981aaf8b6ace 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -64,6 +64,7 @@
64#include <linux/crypto.h> 64#include <linux/crypto.h>
65#include <linux/slab.h> 65#include <linux/slab.h>
66#include <linux/file.h> 66#include <linux/file.h>
67#include <linux/compat.h>
67 68
68#include <net/ip.h> 69#include <net/ip.h>
69#include <net/icmp.h> 70#include <net/icmp.h>
@@ -1368,11 +1369,19 @@ static int sctp_setsockopt_connectx(struct sock *sk,
1368/* 1369/*
1369 * New (hopefully final) interface for the API. 1370 * New (hopefully final) interface for the API.
1370 * We use the sctp_getaddrs_old structure so that use-space library 1371 * We use the sctp_getaddrs_old structure so that use-space library
1371 * can avoid any unnecessary allocations. The only defferent part 1372 * can avoid any unnecessary allocations. The only different part
1372 * is that we store the actual length of the address buffer into the 1373 * is that we store the actual length of the address buffer into the
1373 * addrs_num structure member. That way we can re-use the existing 1374 * addrs_num structure member. That way we can re-use the existing
1374 * code. 1375 * code.
1375 */ 1376 */
1377#ifdef CONFIG_COMPAT
1378struct compat_sctp_getaddrs_old {
1379 sctp_assoc_t assoc_id;
1380 s32 addr_num;
1381 compat_uptr_t addrs; /* struct sockaddr * */
1382};
1383#endif
1384
1376static int sctp_getsockopt_connectx3(struct sock *sk, int len, 1385static int sctp_getsockopt_connectx3(struct sock *sk, int len,
1377 char __user *optval, 1386 char __user *optval,
1378 int __user *optlen) 1387 int __user *optlen)
@@ -1381,16 +1390,30 @@ static int sctp_getsockopt_connectx3(struct sock *sk, int len,
1381 sctp_assoc_t assoc_id = 0; 1390 sctp_assoc_t assoc_id = 0;
1382 int err = 0; 1391 int err = 0;
1383 1392
1384 if (len < sizeof(param)) 1393#ifdef CONFIG_COMPAT
1385 return -EINVAL; 1394 if (is_compat_task()) {
1395 struct compat_sctp_getaddrs_old param32;
1386 1396
1387 if (copy_from_user(&param, optval, sizeof(param))) 1397 if (len < sizeof(param32))
1388 return -EFAULT; 1398 return -EINVAL;
1399 if (copy_from_user(&param32, optval, sizeof(param32)))
1400 return -EFAULT;
1389 1401
1390 err = __sctp_setsockopt_connectx(sk, 1402 param.assoc_id = param32.assoc_id;
1391 (struct sockaddr __user *)param.addrs, 1403 param.addr_num = param32.addr_num;
1392 param.addr_num, &assoc_id); 1404 param.addrs = compat_ptr(param32.addrs);
1405 } else
1406#endif
1407 {
1408 if (len < sizeof(param))
1409 return -EINVAL;
1410 if (copy_from_user(&param, optval, sizeof(param)))
1411 return -EFAULT;
1412 }
1393 1413
1414 err = __sctp_setsockopt_connectx(sk, (struct sockaddr __user *)
1415 param.addrs, param.addr_num,
1416 &assoc_id);
1394 if (err == 0 || err == -EINPROGRESS) { 1417 if (err == 0 || err == -EINPROGRESS) {
1395 if (copy_to_user(optval, &assoc_id, sizeof(assoc_id))) 1418 if (copy_to_user(optval, &assoc_id, sizeof(assoc_id)))
1396 return -EFAULT; 1419 return -EFAULT;