From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To: Christoph Hellwig <hch@lst.de>
Cc: netdev@vger.kernel.org, Neil Horman <nhorman@tuxdriver.com>,
linux-sctp@vger.kernel.org
Subject: Re: [PATCH net-next] sctp: fix slab-out-of-bounds in SCTP_DELAYED_SACK processing
Date: Thu, 23 Jul 2020 15:30:25 +0000 [thread overview]
Message-ID: <20200723153025.GF3307@localhost.localdomain> (raw)
In-Reply-To: <20200723092238.GA21143@lst.de>
On Thu, Jul 23, 2020 at 11:22:38AM +0200, Christoph Hellwig wrote:
> On Wed, Jul 22, 2020 at 05:42:31PM -0300, Marcelo Ricardo Leitner wrote:
> > Cc'ing linux-sctp@vger.kernel.org.
>
> What do you think of this version, which I think is a little cleaner?
It splits up the argument parsing from the actual handling, ok. Looks
good. Just one point:
> +static int sctp_setsockopt_delayed_ack(struct sock *sk,
> + struct sctp_sack_info *params,
> + unsigned int optlen)
> +{
> + if (optlen = sizeof(struct sctp_assoc_value)) {
> + struct sctp_sack_info p;
> +
> + pr_warn_ratelimited(DEPRECATED
> + "%s (pid %d) "
> + "Use of struct sctp_assoc_value in delayed_ack socket option.\n"
> + "Use struct sctp_sack_info instead\n",
> + current->comm, task_pid_nr(current));
> +
> + memcpy(&p, params, sizeof(struct sctp_assoc_value));
> + p.sack_freq = p.sack_delay ? 0 : 1;
Please add a comment saying that sctp_sack_info.sack_delay maps
exactly to sctp_assoc_value.assoc_value, so that's why we can do
memcpy and read assoc_value as sack_delay. I think it will help us not
trip on this again in the future.
> + return __sctp_setsockopt_delayed_ack(sk, &p);
> + }
> +
> + if (optlen != sizeof(struct sctp_sack_info))
> + return -EINVAL;
> + if (params->sack_delay = 0 && params->sack_freq = 0)
> + return 0;
> + return __sctp_setsockopt_delayed_ack(sk, params);
> +}
> +
> /* 7.1.3 Initialization Parameters (SCTP_INITMSG)
> *
> * Applications can specify protocol parameters for the default association
WARNING: multiple messages have this Message-ID (diff)
From: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
To: Christoph Hellwig <hch@lst.de>
Cc: netdev@vger.kernel.org, Neil Horman <nhorman@tuxdriver.com>,
linux-sctp@vger.kernel.org
Subject: Re: [PATCH net-next] sctp: fix slab-out-of-bounds in SCTP_DELAYED_SACK processing
Date: Thu, 23 Jul 2020 12:30:25 -0300 [thread overview]
Message-ID: <20200723153025.GF3307@localhost.localdomain> (raw)
In-Reply-To: <20200723092238.GA21143@lst.de>
On Thu, Jul 23, 2020 at 11:22:38AM +0200, Christoph Hellwig wrote:
> On Wed, Jul 22, 2020 at 05:42:31PM -0300, Marcelo Ricardo Leitner wrote:
> > Cc'ing linux-sctp@vger.kernel.org.
>
> What do you think of this version, which I think is a little cleaner?
It splits up the argument parsing from the actual handling, ok. Looks
good. Just one point:
> +static int sctp_setsockopt_delayed_ack(struct sock *sk,
> + struct sctp_sack_info *params,
> + unsigned int optlen)
> +{
> + if (optlen == sizeof(struct sctp_assoc_value)) {
> + struct sctp_sack_info p;
> +
> + pr_warn_ratelimited(DEPRECATED
> + "%s (pid %d) "
> + "Use of struct sctp_assoc_value in delayed_ack socket option.\n"
> + "Use struct sctp_sack_info instead\n",
> + current->comm, task_pid_nr(current));
> +
> + memcpy(&p, params, sizeof(struct sctp_assoc_value));
> + p.sack_freq = p.sack_delay ? 0 : 1;
Please add a comment saying that sctp_sack_info.sack_delay maps
exactly to sctp_assoc_value.assoc_value, so that's why we can do
memcpy and read assoc_value as sack_delay. I think it will help us not
trip on this again in the future.
> + return __sctp_setsockopt_delayed_ack(sk, &p);
> + }
> +
> + if (optlen != sizeof(struct sctp_sack_info))
> + return -EINVAL;
> + if (params->sack_delay == 0 && params->sack_freq == 0)
> + return 0;
> + return __sctp_setsockopt_delayed_ack(sk, params);
> +}
> +
> /* 7.1.3 Initialization Parameters (SCTP_INITMSG)
> *
> * Applications can specify protocol parameters for the default association
next prev parent reply other threads:[~2020-07-23 15:30 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-07-22 20:38 [PATCH net-next] sctp: fix slab-out-of-bounds in SCTP_DELAYED_SACK processing Marcelo Ricardo Leitner
2020-07-22 20:42 ` Marcelo Ricardo Leitner
2020-07-22 20:42 ` Marcelo Ricardo Leitner
2020-07-23 9:22 ` Christoph Hellwig
2020-07-23 9:22 ` Christoph Hellwig
2020-07-23 15:30 ` Marcelo Ricardo Leitner [this message]
2020-07-23 15:30 ` Marcelo Ricardo Leitner
2020-07-24 6:46 ` Christoph Hellwig
2020-07-24 6:46 ` Christoph Hellwig
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200723153025.GF3307@localhost.localdomain \
--to=marcelo.leitner@gmail.com \
--cc=hch@lst.de \
--cc=linux-sctp@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=nhorman@tuxdriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.