From: Kees Cook <kees@kernel.org>
To: Kuniyuki Iwashima <kuniyu@amazon.com>
Cc: Kees Cook <kees@kernel.org>,
Willem de Bruijn <willemdebruijn.kernel@gmail.com>,
Jason Wang <jasowang@redhat.com>,
Andrew Lunn <andrew+netdev@lunn.ch>,
"David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Simon Horman <horms@kernel.org>,
Stanislav Fomichev <sdf@fomichev.me>,
Cosmin Ratiu <cratiu@nvidia.com>,
Vladimir Oltean <vladimir.oltean@nxp.com>,
Florian Fainelli <florian.fainelli@broadcom.com>,
Kory Maincent <kory.maincent@bootlin.com>,
Maxim Georgiev <glipus@gmail.com>,
netdev@vger.kernel.org,
"Martin K. Petersen" <martin.petersen@oracle.com>,
Christoph Hellwig <hch@lst.de>, Sagi Grimberg <sagi@grimberg.me>,
Chaitanya Kulkarni <kch@nvidia.com>,
Mike Christie <michael.christie@oracle.com>,
Max Gurtovoy <mgurtovoy@nvidia.com>,
Maurizio Lombardi <mlombard@redhat.com>,
Dmitry Bogdanov <d.bogdanov@yadro.com>,
Mingzhe Zou <mingzhe.zou@easystack.cn>,
Christophe Leroy <christophe.leroy@csgroup.eu>,
"Dr. David Alan Gilbert" <linux@treblig.org>,
"Gustavo A. R. Silva" <gustavoars@kernel.org>,
Lei Yang <leiyang@redhat.com>, Ido Schimmel <idosch@nvidia.com>,
Samuel Mendoza-Jonas <sam@mendozajonas.com>,
Paul Fertser <fercerpav@gmail.com>,
Alexander Aring <alex.aring@gmail.com>,
Stefan Schmidt <stefan@datenfreihafen.org>,
Miquel Raynal <miquel.raynal@bootlin.com>,
Hayes Wang <hayeswang@realtek.com>,
Douglas Anderson <dianders@chromium.org>,
Grant Grundler <grundler@chromium.org>,
Jay Vosburgh <jv@jvosburgh.net>,
"K. Y. Srinivasan" <kys@microsoft.com>,
Haiyang Zhang <haiyangz@microsoft.com>,
Wei Liu <wei.liu@kernel.org>, Dexuan Cui <decui@microsoft.com>,
Jiri Pirko <jiri@resnulli.us>,
Aleksander Jan Bajkowski <olek2@wp.pl>,
Philipp Hahn <phahn-oss@avm.de>,
Eric Biggers <ebiggers@google.com>,
Ard Biesheuvel <ardb@kernel.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Ahmed Zaki <ahmed.zaki@intel.com>,
Alexander Lobakin <aleksander.lobakin@intel.com>,
Xiao Liang <shaw.leon@gmail.com>,
linux-kernel@vger.kernel.org, linux-nvme@lists.infradead.org,
linux-scsi@vger.kernel.org, target-devel@vger.kernel.org,
linux-wpan@vger.kernel.org, linux-usb@vger.kernel.org,
linux-hyperv@vger.kernel.org, linux-hardening@vger.kernel.org
Subject: [PATCH net-next v2 8/8] net: core: Convert dev_set_mac_address_user() to use struct sockaddr_storage
Date: Wed, 21 May 2025 13:46:16 -0700 [thread overview]
Message-ID: <20250521204619.2301870-8-kees@kernel.org> (raw)
In-Reply-To: <20250521204310.it.500-kees@kernel.org>
Convert callers of dev_set_mac_address_user() to use struct
sockaddr_storage. Add sanity checks on dev->addr_len usage.
Signed-off-by: Kees Cook <kees@kernel.org>
---
Cc: Willem de Bruijn <willemdebruijn.kernel@gmail.com>
Cc: Jason Wang <jasowang@redhat.com>
Cc: Andrew Lunn <andrew+netdev@lunn.ch>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: Simon Horman <horms@kernel.org>
Cc: Stanislav Fomichev <sdf@fomichev.me>
Cc: Cosmin Ratiu <cratiu@nvidia.com>
Cc: Vladimir Oltean <vladimir.oltean@nxp.com>
Cc: Florian Fainelli <florian.fainelli@broadcom.com>
Cc: Kory Maincent <kory.maincent@bootlin.com>
Cc: Maxim Georgiev <glipus@gmail.com>
Cc: Kuniyuki Iwashima <kuniyu@amazon.com>
Cc: <netdev@vger.kernel.org>
---
include/linux/netdevice.h | 2 +-
drivers/net/tap.c | 14 +++++++++-----
drivers/net/tun.c | 8 +++++++-
net/core/dev_api.c | 5 +++--
net/core/dev_ioctl.c | 6 ++++--
5 files changed, 24 insertions(+), 11 deletions(-)
diff --git a/include/linux/netdevice.h b/include/linux/netdevice.h
index b4242b997373..adb14db25798 100644
--- a/include/linux/netdevice.h
+++ b/include/linux/netdevice.h
@@ -4216,7 +4216,7 @@ int netif_set_mac_address(struct net_device *dev, struct sockaddr_storage *ss,
struct netlink_ext_ack *extack);
int dev_set_mac_address(struct net_device *dev, struct sockaddr_storage *ss,
struct netlink_ext_ack *extack);
-int dev_set_mac_address_user(struct net_device *dev, struct sockaddr *sa,
+int dev_set_mac_address_user(struct net_device *dev, struct sockaddr_storage *ss,
struct netlink_ext_ack *extack);
int dev_get_mac_address(struct sockaddr *sa, struct net *net, char *dev_name);
int dev_get_port_parent_id(struct net_device *dev,
diff --git a/drivers/net/tap.c b/drivers/net/tap.c
index d4ece538f1b2..bdf0788d8e66 100644
--- a/drivers/net/tap.c
+++ b/drivers/net/tap.c
@@ -923,7 +923,7 @@ static long tap_ioctl(struct file *file, unsigned int cmd,
unsigned int __user *up = argp;
unsigned short u;
int __user *sp = argp;
- struct sockaddr sa;
+ struct sockaddr_storage ss;
int s;
int ret;
@@ -1000,16 +1000,17 @@ static long tap_ioctl(struct file *file, unsigned int cmd,
return -ENOLINK;
}
ret = 0;
- dev_get_mac_address(&sa, dev_net(tap->dev), tap->dev->name);
+ dev_get_mac_address((struct sockaddr *)&ss, dev_net(tap->dev),
+ tap->dev->name);
if (copy_to_user(&ifr->ifr_name, tap->dev->name, IFNAMSIZ) ||
- copy_to_user(&ifr->ifr_hwaddr, &sa, sizeof(sa)))
+ copy_to_user(&ifr->ifr_hwaddr, &ss, sizeof(ifr->ifr_hwaddr)))
ret = -EFAULT;
tap_put_tap_dev(tap);
rtnl_unlock();
return ret;
case SIOCSIFHWADDR:
- if (copy_from_user(&sa, &ifr->ifr_hwaddr, sizeof(sa)))
+ if (copy_from_user(&ss, &ifr->ifr_hwaddr, sizeof(ifr->ifr_hwaddr)))
return -EFAULT;
rtnl_lock();
tap = tap_get_tap_dev(q);
@@ -1017,7 +1018,10 @@ static long tap_ioctl(struct file *file, unsigned int cmd,
rtnl_unlock();
return -ENOLINK;
}
- ret = dev_set_mac_address_user(tap->dev, &sa, NULL);
+ if (tap->dev->addr_len > sizeof(ifr->ifr_hwaddr))
+ ret = -EINVAL;
+ else
+ ret = dev_set_mac_address_user(tap->dev, &ss, NULL);
tap_put_tap_dev(tap);
rtnl_unlock();
return ret;
diff --git a/drivers/net/tun.c b/drivers/net/tun.c
index 7babd1e9a378..1207196cbbed 100644
--- a/drivers/net/tun.c
+++ b/drivers/net/tun.c
@@ -3193,7 +3193,13 @@ static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
case SIOCSIFHWADDR:
/* Set hw address */
- ret = dev_set_mac_address_user(tun->dev, &ifr.ifr_hwaddr, NULL);
+ if (tun->dev->addr_len > sizeof(ifr.ifr_hwaddr)) {
+ ret = -EINVAL;
+ break;
+ }
+ ret = dev_set_mac_address_user(tun->dev,
+ (struct sockaddr_storage *)&ifr.ifr_hwaddr,
+ NULL);
break;
case TUNGETSNDBUF:
diff --git a/net/core/dev_api.c b/net/core/dev_api.c
index 6011a5ef649d..1bf0153195f2 100644
--- a/net/core/dev_api.c
+++ b/net/core/dev_api.c
@@ -84,14 +84,15 @@ void dev_set_group(struct net_device *dev, int new_group)
netdev_unlock_ops(dev);
}
-int dev_set_mac_address_user(struct net_device *dev, struct sockaddr *sa,
+int dev_set_mac_address_user(struct net_device *dev,
+ struct sockaddr_storage *ss,
struct netlink_ext_ack *extack)
{
int ret;
down_write(&dev_addr_sem);
netdev_lock_ops(dev);
- ret = netif_set_mac_address(dev, (struct sockaddr_storage *)sa, extack);
+ ret = netif_set_mac_address(dev, ss, extack);
netdev_unlock_ops(dev);
up_write(&dev_addr_sem);
diff --git a/net/core/dev_ioctl.c b/net/core/dev_ioctl.c
index fff13a8b48f1..616479e71466 100644
--- a/net/core/dev_ioctl.c
+++ b/net/core/dev_ioctl.c
@@ -572,9 +572,11 @@ static int dev_ifsioc(struct net *net, struct ifreq *ifr, void __user *data,
return dev_set_mtu(dev, ifr->ifr_mtu);
case SIOCSIFHWADDR:
- if (dev->addr_len > sizeof(struct sockaddr))
+ if (dev->addr_len > sizeof(ifr->ifr_hwaddr))
return -EINVAL;
- return dev_set_mac_address_user(dev, &ifr->ifr_hwaddr, NULL);
+ return dev_set_mac_address_user(dev,
+ (struct sockaddr_storage *)&ifr->ifr_hwaddr,
+ NULL);
case SIOCSIFHWBROADCAST:
if (ifr->ifr_hwaddr.sa_family != dev->type)
--
2.34.1
next prev parent reply other threads:[~2025-05-21 20:46 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-21 20:46 [PATCH net-next v2 0/8] net: Convert dev_set_mac_address() to struct sockaddr_storage Kees Cook
2025-05-21 20:46 ` [PATCH net-next v2 1/8] net: core: Convert inet_addr_is_any() to sockaddr_storage Kees Cook
2025-05-21 20:46 ` [PATCH net-next v2 2/8] net: core: Switch netif_set_mac_address() to struct sockaddr_storage Kees Cook
2025-05-21 20:46 ` [PATCH net-next v2 3/8] net/ncsi: Use struct sockaddr_storage for pending_mac Kees Cook
2025-05-21 20:46 ` [PATCH net-next v2 4/8] ieee802154: Use struct sockaddr_storage with dev_set_mac_address() Kees Cook
2025-05-21 20:46 ` [PATCH net-next v2 5/8] net: usb: r8152: Convert to use struct sockaddr_storage internally Kees Cook
2025-05-21 20:46 ` [PATCH net-next v2 6/8] net: core: Convert dev_set_mac_address() to struct sockaddr_storage Kees Cook
2025-05-21 20:46 ` [PATCH net-next v2 7/8] rtnetlink: do_setlink: Use " Kees Cook
2025-05-21 20:46 ` Kees Cook [this message]
2025-05-21 23:07 ` [PATCH net-next v2 8/8] net: core: Convert dev_set_mac_address_user() to use " Gustavo A. R. Silva
2025-05-27 7:02 ` Paolo Abeni
2025-05-27 18:43 ` Kees Cook
2025-05-27 7:10 ` [PATCH net-next v2 0/8] net: Convert dev_set_mac_address() to " patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250521204619.2301870-8-kees@kernel.org \
--to=kees@kernel.org \
--cc=ahmed.zaki@intel.com \
--cc=aleksander.lobakin@intel.com \
--cc=alex.aring@gmail.com \
--cc=andrew+netdev@lunn.ch \
--cc=ardb@kernel.org \
--cc=christophe.leroy@csgroup.eu \
--cc=cratiu@nvidia.com \
--cc=d.bogdanov@yadro.com \
--cc=davem@davemloft.net \
--cc=decui@microsoft.com \
--cc=dianders@chromium.org \
--cc=ebiggers@google.com \
--cc=edumazet@google.com \
--cc=fercerpav@gmail.com \
--cc=florian.fainelli@broadcom.com \
--cc=glipus@gmail.com \
--cc=grundler@chromium.org \
--cc=gustavoars@kernel.org \
--cc=haiyangz@microsoft.com \
--cc=hayeswang@realtek.com \
--cc=hch@lst.de \
--cc=horms@kernel.org \
--cc=idosch@nvidia.com \
--cc=jasowang@redhat.com \
--cc=jiri@resnulli.us \
--cc=jv@jvosburgh.net \
--cc=kch@nvidia.com \
--cc=kory.maincent@bootlin.com \
--cc=kuba@kernel.org \
--cc=kuniyu@amazon.com \
--cc=kys@microsoft.com \
--cc=leiyang@redhat.com \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-hyperv@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nvme@lists.infradead.org \
--cc=linux-scsi@vger.kernel.org \
--cc=linux-usb@vger.kernel.org \
--cc=linux-wpan@vger.kernel.org \
--cc=linux@treblig.org \
--cc=martin.petersen@oracle.com \
--cc=mgurtovoy@nvidia.com \
--cc=michael.christie@oracle.com \
--cc=mingzhe.zou@easystack.cn \
--cc=miquel.raynal@bootlin.com \
--cc=mlombard@redhat.com \
--cc=netdev@vger.kernel.org \
--cc=olek2@wp.pl \
--cc=pabeni@redhat.com \
--cc=phahn-oss@avm.de \
--cc=sagi@grimberg.me \
--cc=sam@mendozajonas.com \
--cc=sdf@fomichev.me \
--cc=shaw.leon@gmail.com \
--cc=stefan@datenfreihafen.org \
--cc=target-devel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=vladimir.oltean@nxp.com \
--cc=wei.liu@kernel.org \
--cc=willemdebruijn.kernel@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.