From: "J. Bruce Fields" <bfields@fieldses.org>
To: Chuck Lever <chuck.lever@oracle.com>
Cc: linux-nfs@vger.kernel.org
Subject: Re: [PATCH 06/10] lockd: Add helper to sanity check incoming NOTIFY requests
Date: Fri, 26 Sep 2008 18:43:16 -0400 [thread overview]
Message-ID: <20080926224316.GH7138@fieldses.org> (raw)
In-Reply-To: <20080917161757.4963.82230.stgit-ewv44WTpT0t9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
On Wed, Sep 17, 2008 at 11:17:57AM -0500, Chuck Lever wrote:
> The NLM performs a silly test to see that incoming NOTIFY requests are
> relatively secure. Make sure the test works for both AF_INET and AF_INET6
> addresses.
Makes sense. (Why's the test silly? If it prevents local users from
telling lockd to drop a client's locks, that seems good.)
--b.
>
> Signed-off-by: Chuck Lever <chuck.lever@oracle.com>
> ---
>
> fs/lockd/svc4proc.c | 6 ++----
> fs/lockd/svcproc.c | 6 ++----
> include/linux/lockd/lockd.h | 41 +++++++++++++++++++++++++++++++++++++++++
> 3 files changed, 45 insertions(+), 8 deletions(-)
>
> diff --git a/fs/lockd/svc4proc.c b/fs/lockd/svc4proc.c
> index 9e1c751..6a5ef9f 100644
> --- a/fs/lockd/svc4proc.c
> +++ b/fs/lockd/svc4proc.c
> @@ -432,11 +432,9 @@ nlm4svc_proc_sm_notify(struct svc_rqst *rqstp, struct nlm_reboot *argp,
> {
> struct sockaddr_in saddr;
>
> - memcpy(&saddr, svc_addr_in(rqstp), sizeof(saddr));
> -
> dprintk("lockd: SM_NOTIFY called\n");
> - if (saddr.sin_addr.s_addr != htonl(INADDR_LOOPBACK)
> - || ntohs(saddr.sin_port) >= 1024) {
> +
> + if (!nlm_privileged_requester(rqstp)) {
> char buf[RPC_MAX_ADDRBUFLEN];
> printk(KERN_WARNING "lockd: rejected NSM callback from %s\n",
> svc_print_addr(rqstp, buf, sizeof(buf)));
> diff --git a/fs/lockd/svcproc.c b/fs/lockd/svcproc.c
> index fcb7998..62fcfdb 100644
> --- a/fs/lockd/svcproc.c
> +++ b/fs/lockd/svcproc.c
> @@ -464,11 +464,9 @@ nlmsvc_proc_sm_notify(struct svc_rqst *rqstp, struct nlm_reboot *argp,
> {
> struct sockaddr_in saddr;
>
> - memcpy(&saddr, svc_addr_in(rqstp), sizeof(saddr));
> -
> dprintk("lockd: SM_NOTIFY called\n");
> - if (saddr.sin_addr.s_addr != htonl(INADDR_LOOPBACK)
> - || ntohs(saddr.sin_port) >= 1024) {
> +
> + if (!nlm_privileged_requester(rqstp)) {
> char buf[RPC_MAX_ADDRBUFLEN];
> printk(KERN_WARNING "lockd: rejected NSM callback from %s\n",
> svc_print_addr(rqstp, buf, sizeof(buf)));
> diff --git a/include/linux/lockd/lockd.h b/include/linux/lockd/lockd.h
> index 075095f..409eab4 100644
> --- a/include/linux/lockd/lockd.h
> +++ b/include/linux/lockd/lockd.h
> @@ -280,6 +280,47 @@ static inline struct inode *nlmsvc_file_inode(struct nlm_file *file)
> return file->f_file->f_path.dentry->d_inode;
> }
>
> +static inline int __nlm_privileged_request4(const struct sockaddr *sap)
> +{
> + const struct sockaddr_in *sin = (struct sockaddr_in *)sap;
> + return (sin->sin_addr.s_addr == htonl(INADDR_LOOPBACK)) &&
> + (ntohs(sin->sin_port) < 1024);
> +}
> +
> +#if defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE)
> +static inline int __nlm_privileged_request6(const struct sockaddr *sap)
> +{
> + const struct sockaddr_in6 *sin6 = (struct sockaddr_in6 *)sap;
> + return (ipv6_addr_type(&sin6->sin6_addr) & IPV6_ADDR_LOOPBACK) &&
> + (ntohs(sin6->sin6_port) < 1024);
> +}
> +#else /* defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */
> +static inline int __nlm_privileged_request6(const struct sockaddr *sap)
> +{
> + return 0;
> +}
> +#endif /* defined(CONFIG_IPV6) || defined(CONFIG_IPV6_MODULE) */
> +
> +/*
> + * Ensure incoming requests are suitably "secure"
> + *
> + * Return TRUE if sender is local and is connecting via a privileged port;
> + * otherwise return FALSE.
> + */
> +static inline int nlm_privileged_requester(const struct svc_rqst *rqstp)
> +{
> + const struct sockaddr *sap = svc_addr(rqstp);
> +
> + switch (sap->sa_family) {
> + case AF_INET:
> + return __nlm_privileged_request4(sap);
> + case AF_INET6:
> + return __nlm_privileged_request6(sap);
> + default:
> + return 0;
> + }
> +}
> +
> static inline int __nlm_cmp_addr4(const struct sockaddr *sap1,
> const struct sockaddr *sap2)
> {
>
next prev parent reply other threads:[~2008-09-26 22:43 UTC|newest]
Thread overview: 41+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-09-17 16:17 [PATCH 00/10] Next series of IPv6 patches for lockd Chuck Lever
[not found] ` <20080917161337.4963.74674.stgit-ewv44WTpT0t9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2008-09-17 16:17 ` [PATCH 01/10] lockd: Support non-AF_INET addresses in nlm_lookup_host() Chuck Lever
[not found] ` <20080917161720.4963.42788.stgit-ewv44WTpT0t9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2008-09-26 21:53 ` J. Bruce Fields
2008-10-01 15:50 ` Chuck Lever
2008-10-01 18:21 ` J. Bruce Fields
2008-09-17 16:17 ` [PATCH 02/10] lockd: Adjust nlmclnt_lookup_host() signature to accomodate non-AF_INET Chuck Lever
[not found] ` <20080917161728.4963.48337.stgit-ewv44WTpT0t9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2008-09-26 22:02 ` J. Bruce Fields
2008-10-01 15:52 ` Chuck Lever
2008-10-01 18:23 ` J. Bruce Fields
2008-09-17 16:17 ` [PATCH 03/10] lockd: Adjust nlmsvc_lookup_host() to accomodate AF_INET6 addresses Chuck Lever
[not found] ` <20080917161735.4963.86248.stgit-ewv44WTpT0t9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2008-09-26 22:19 ` J. Bruce Fields
2008-10-01 15:59 ` Chuck Lever
2008-10-01 18:00 ` J. Bruce Fields
2008-09-17 16:17 ` [PATCH 04/10] lockd: change nlmclnt_grant() to take a "struct sockaddr *" Chuck Lever
[not found] ` <20080917161742.4963.24984.stgit-ewv44WTpT0t9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2008-09-26 22:21 ` J. Bruce Fields
2008-09-17 16:17 ` [PATCH 05/10] lockd: Adjust signature of nlm_host_rebooted to handle non-AF_INET Chuck Lever
[not found] ` <20080917161749.4963.84067.stgit-ewv44WTpT0t9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2008-09-26 22:27 ` J. Bruce Fields
2008-09-17 16:17 ` [PATCH 06/10] lockd: Add helper to sanity check incoming NOTIFY requests Chuck Lever
[not found] ` <20080917161757.4963.82230.stgit-ewv44WTpT0t9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2008-09-26 22:43 ` J. Bruce Fields [this message]
2008-10-01 16:01 ` Chuck Lever
2008-10-01 18:05 ` J. Bruce Fields
2008-09-17 16:18 ` [PATCH 07/10] lockd: Remove unused fields in the nlm_reboot structure Chuck Lever
[not found] ` <20080917161804.4963.71981.stgit-ewv44WTpT0t9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2008-09-26 22:53 ` J. Bruce Fields
2008-09-26 23:07 ` J. Bruce Fields
2008-09-17 16:18 ` [PATCH 08/10] lockd: struct nlm_reboot should contain a full socket address Chuck Lever
[not found] ` <20080917161811.4963.60224.stgit-ewv44WTpT0t9HhUboXbp9zCvJB+x5qRC@public.gmane.org>
2008-09-26 23:09 ` J. Bruce Fields
2008-10-01 16:17 ` Chuck Lever
2008-10-01 18:18 ` J. Bruce Fields
2008-10-01 19:40 ` Chuck Lever
2008-10-01 20:08 ` J. Bruce Fields
2008-10-01 20:33 ` J. Bruce Fields
2008-10-01 20:48 ` Chuck Lever
2008-10-01 20:55 ` J. Bruce Fields
2008-10-01 21:16 ` Chuck Lever
2008-10-01 21:30 ` J. Bruce Fields
2008-10-01 20:42 ` Chuck Lever
2008-10-01 20:51 ` J. Bruce Fields
2008-10-01 20:52 ` J. Bruce Fields
2008-09-17 16:18 ` [PATCH 09/10] lockd: IPv6 support for SM_MON / SM_UNMON Chuck Lever
2008-09-17 16:18 ` [PATCH 10/10] lockd: Use "unsigned short" for lockd_up() "proto" argument Chuck Lever
2008-09-26 23:21 ` [PATCH 00/10] Next series of IPv6 patches for lockd J. Bruce Fields
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20080926224316.GH7138@fieldses.org \
--to=bfields@fieldses.org \
--cc=chuck.lever@oracle.com \
--cc=linux-nfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.