From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Johannes Berg <johannes.berg@intel.com>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>,
linux-decnet-user@lists.sourceforge.net, netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.4 59/68] decnet: fix DN_IFREQ_SIZE
Date: Fri, 22 Nov 2019 01:12:52 -0500 [thread overview]
Message-ID: <20191122061301.4947-58-sashal@kernel.org> (raw)
In-Reply-To: <20191122061301.4947-1-sashal@kernel.org>
From: Johannes Berg <johannes.berg@intel.com>
[ Upstream commit 50c2936634bcb1db78a8ca63249236810c11a80f ]
Digging through the ioctls with Al because of the previous
patches, we found that on 64-bit decnet's dn_dev_ioctl()
is wrong, because struct ifreq::ifr_ifru is actually 24
bytes (not 16 as expected from struct sockaddr) due to the
ifru_map and ifru_settings members.
Clearly, decnet expects the ioctl to be called with a struct
like
struct ifreq_dn {
char ifr_name[IFNAMSIZ];
struct sockaddr_dn ifr_addr;
};
since it does
struct ifreq *ifr = ...;
struct sockaddr_dn *sdn = (struct sockaddr_dn *)&ifr->ifr_addr;
This means that DN_IFREQ_SIZE is too big for what it wants on
64-bit, as it is
sizeof(struct ifreq) - sizeof(struct sockaddr) +
sizeof(struct sockaddr_dn)
This assumes that sizeof(struct sockaddr) is the size of ifr_ifru
but that isn't true.
Fix this to use offsetof(struct ifreq, ifr_ifru).
This indeed doesn't really matter much - the result is that we
copy in/out 8 bytes more than we should on 64-bit platforms. In
case the "struct ifreq_dn" lands just on the end of a page though
it might lead to faults.
As far as I can tell, it has been like this forever, so it seems
very likely that nobody cares.
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/decnet/dn_dev.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c
index b2c26b081134a..80554e7e9a0f6 100644
--- a/net/decnet/dn_dev.c
+++ b/net/decnet/dn_dev.c
@@ -55,7 +55,7 @@
#include <net/dn_neigh.h>
#include <net/dn_fib.h>
-#define DN_IFREQ_SIZE (sizeof(struct ifreq) - sizeof(struct sockaddr) + sizeof(struct sockaddr_dn))
+#define DN_IFREQ_SIZE (offsetof(struct ifreq, ifr_ifru) + sizeof(struct sockaddr_dn))
static char dn_rt_all_end_mcast[ETH_ALEN] = {0xAB,0x00,0x00,0x04,0x00,0x00};
static char dn_rt_all_rt_mcast[ETH_ALEN] = {0xAB,0x00,0x00,0x03,0x00,0x00};
--
2.20.1
next prev parent reply other threads:[~2019-11-22 6:15 UTC|newest]
Thread overview: 85+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-22 6:11 [PATCH AUTOSEL 4.4 01/68] scsi: lpfc: Fix dif and first burst use in write commands Sasha Levin
2019-11-22 6:11 ` [PATCH AUTOSEL 4.4 03/68] ARM: dts: imx53-voipac-dmm-668: Fix memory node duplication Sasha Levin
2019-11-22 6:11 ` Sasha Levin
2019-11-22 6:11 ` [PATCH AUTOSEL 4.4 04/68] parisc: Fix serio address output Sasha Levin
2019-11-22 6:11 ` [PATCH AUTOSEL 4.4 05/68] parisc: Fix HP SDC hpa " Sasha Levin
2019-11-22 6:11 ` [PATCH AUTOSEL 4.4 06/68] arm64: smp: Handle errors reported by the firmware Sasha Levin
2019-11-22 6:11 ` Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 07/68] PM / AVS: SmartReflex: NULL check before some freeing functions is not needed Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 08/68] ARM: ks8695: fix section mismatch warning Sasha Levin
2019-11-22 6:12 ` Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 09/68] ACPI / LPSS: Ignore acpi_device_fix_up_power() return value Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 10/68] crypto: user - support incremental algorithm dumps Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 11/68] mwifiex: fix potential NULL dereference and use after free Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 12/68] mwifiex: debugfs: correct histogram spacing, formatting Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 13/68] rtl818x: fix potential use after free Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 14/68] xfs: require both realtime inodes to mount Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 15/68] ubi: Put MTD device after it is not used Sasha Levin
2019-11-22 6:12 ` Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 16/68] ubi: Do not drop UBI device reference before using Sasha Levin
2019-11-22 6:12 ` Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 17/68] microblaze: adjust the help to the real behavior Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 18/68] microblaze: move "... is ready" messages to arch/microblaze/Makefile Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 19/68] gpiolib: Fix return value of gpio_to_desc() stub if !GPIOLIB Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 20/68] VSOCK: bind to random port for VMADDR_PORT_ANY Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 21/68] btrfs: only track ref_heads in delayed_ref_updates Sasha Levin
2019-11-22 6:12 ` [Xen-devel] [PATCH AUTOSEL 4.4 22/68] xen/pciback: Check dev_data before using it Sasha Levin
2019-11-22 6:12 ` Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 23/68] KVM: s390: unregister debug feature on failing arch init Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 24/68] pinctrl: sh-pfc: sh7264: Fix PFCR3 and PFCR0 register configuration Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 25/68] pinctrl: sh-pfc: sh7734: Fix shifted values in IPSR10 Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 26/68] HID: doc: fix wrong data structure reference for UHID_OUTPUT Sasha Levin
2019-11-22 6:12 ` [Cluster-devel] [PATCH AUTOSEL 4.4 27/68] gfs2: take jdata unstuff into account in do_grow Sasha Levin
2019-11-22 6:12 ` Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 28/68] xfs: Align compat attrlist_by_handle with native implementation Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 29/68] IB/qib: Fix an error code in qib_sdma_verbs_send() Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 30/68] powerpc/book3s/32: fix number of bats in p/v_block_mapped() Sasha Levin
2019-11-22 6:12 ` Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 31/68] powerpc/xmon: fix dump_segments() Sasha Levin
2019-11-22 6:12 ` Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 32/68] drivers/regulator: fix a missing check of return value Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 33/68] serial: max310x: Fix tx_empty() callback Sasha Levin
2019-11-22 6:12 ` [OpenRISC] [PATCH AUTOSEL 4.4 34/68] openrisc: Fix broken paths to arch/or32 Sasha Levin
2019-11-22 6:12 ` Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 35/68] RDMA/srp: Propagate ib_post_send() failures to the SCSI mid-layer Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 36/68] scsi: qla2xxx: deadlock by configfs_depend_item Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 37/68] scsi: csiostor: fix incorrect dma device in case of vport Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 38/68] ath6kl: Only use match sets when firmware supports it Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 39/68] ath6kl: Fix off by one error in scan completion Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 40/68] powerpc/prom: fix early DEBUG messages Sasha Levin
2019-11-22 6:12 ` Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 41/68] powerpc/mm: Make NULL pointer deferences explicit on bad page faults Sasha Levin
2019-11-22 6:12 ` Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 42/68] powerpc/44x/bamboo: Fix PCI range Sasha Levin
2019-11-22 6:12 ` Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 43/68] drbd: reject attach of unsuitable uuids even if connected Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 44/68] drbd: fix print_st_err()'s prototype to match the definition Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 45/68] regulator: tps65910: fix a missing check of return value Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 46/68] net/net_namespace: Check the return value of register_pernet_subsys() Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 47/68] um: Make GCOV depend on !KCOV Sasha Levin
2019-11-22 6:12 ` Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 48/68] net: stmicro: fix a missing check of clk_prepare Sasha Levin
2019-11-22 6:12 ` Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 49/68] atl1e: checking the status of atl1e_write_phy_reg Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 50/68] tipc: fix a missing check of genlmsg_put Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 51/68] ocfs2: clear journal dirty flag after shutdown journal Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 52/68] lib/genalloc.c: use vzalloc_node() to allocate the bitmap Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 53/68] lib/genalloc.c: include vmalloc.h Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 54/68] mtd: Check add_mtd_device() ret code Sasha Levin
2019-11-22 6:12 ` Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 55/68] tipc: fix memory leak in tipc_nl_compat_publ_dump Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 56/68] net/core/neighbour: tell kmemleak about hash tables Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 57/68] net/core/neighbour: fix kmemleak minimal reference count for " Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 58/68] sfc: suppress duplicate nvmem partition types in efx_ef10_mtd_probe Sasha Levin
2019-11-22 6:12 ` Sasha Levin [this message]
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 60/68] tipc: fix skb may be leaky in tipc_link_input Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 61/68] sfc: initialise found bitmap in efx_ef10_mtd_probe Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 62/68] net: fix possible overflow in __sk_mem_raise_allocated() Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 63/68] net: dev: Use unsigned integer as an argument to left-shift Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 64/68] scsi: libsas: Support SATA PHY connection rate unmatch fixing during discovery Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 65/68] ACPI / APEI: Switch estatus pool to use vmalloc memory Sasha Levin
2019-11-22 6:12 ` [PATCH AUTOSEL 4.4 66/68] scsi: libsas: Check SMP PHY control function result Sasha Levin
2019-11-22 6:13 ` [PATCH AUTOSEL 4.4 67/68] powerpc/pseries/dlpar: Fix a missing check in dlpar_parse_cc_property() Sasha Levin
2019-11-22 6:13 ` Sasha Levin
2019-11-22 6:13 ` [PATCH AUTOSEL 4.4 68/68] mtd: Remove a debug trace in mtdpart.c Sasha Levin
2019-11-22 6:13 ` Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191122061301.4947-58-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=davem@davemloft.net \
--cc=johannes.berg@intel.com \
--cc=linux-decnet-user@lists.sourceforge.net \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.