* [PATCH 0/2] ip_tunnel fixes
@ 2014-12-16 20:05 Thomas Graf
2014-12-16 20:05 ` [PATCH 1/2] ip_tunnel: Add sanity checks to ip_tunnel_encap_add_ops() Thomas Graf
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Thomas Graf @ 2014-12-16 20:05 UTC (permalink / raw)
To: davem; +Cc: netdev, therbert
Thomas Graf (2):
ip_tunnel: Add sanity checks to ip_tunnel_encap_add_ops()
ip_tunnel: Add missing validation of encap type to
ip_tunnel_encap_setup()
net/ipv4/ip_tunnel.c | 9 +++++++++
1 file changed, 9 insertions(+)
--
1.9.3
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/2] ip_tunnel: Add sanity checks to ip_tunnel_encap_add_ops()
2014-12-16 20:05 [PATCH 0/2] ip_tunnel fixes Thomas Graf
@ 2014-12-16 20:05 ` Thomas Graf
2014-12-16 20:05 ` [PATCH 2/2] ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup() Thomas Graf
2014-12-16 20:22 ` [PATCH 0/2] ip_tunnel fixes David Miller
2 siblings, 0 replies; 6+ messages in thread
From: Thomas Graf @ 2014-12-16 20:05 UTC (permalink / raw)
To: davem; +Cc: netdev, therbert
The symbols are exported and could be used by external modules.
Fixes: a8c5f9 ("ip_tunnel: Ops registration for secondary encap (fou, gue)")
Signed-off-by: Thomas Graf <tgraf@suug.ch>
---
net/ipv4/ip_tunnel.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index 63e745a..2f498f8 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -514,6 +514,9 @@ const struct ip_tunnel_encap_ops __rcu *
int ip_tunnel_encap_add_ops(const struct ip_tunnel_encap_ops *ops,
unsigned int num)
{
+ if (num >= MAX_IPTUN_ENCAP_OPS)
+ return -ERANGE;
+
return !cmpxchg((const struct ip_tunnel_encap_ops **)
&iptun_encaps[num],
NULL, ops) ? 0 : -1;
@@ -525,6 +528,9 @@ int ip_tunnel_encap_del_ops(const struct ip_tunnel_encap_ops *ops,
{
int ret;
+ if (num >= MAX_IPTUN_ENCAP_OPS)
+ return -ERANGE;
+
ret = (cmpxchg((const struct ip_tunnel_encap_ops **)
&iptun_encaps[num],
ops, NULL) == ops) ? 0 : -1;
--
1.9.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/2] ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup()
2014-12-16 20:05 [PATCH 0/2] ip_tunnel fixes Thomas Graf
2014-12-16 20:05 ` [PATCH 1/2] ip_tunnel: Add sanity checks to ip_tunnel_encap_add_ops() Thomas Graf
@ 2014-12-16 20:05 ` Thomas Graf
2014-12-16 20:23 ` Tom Herbert
2014-12-16 20:22 ` [PATCH 0/2] ip_tunnel fixes David Miller
2 siblings, 1 reply; 6+ messages in thread
From: Thomas Graf @ 2014-12-16 20:05 UTC (permalink / raw)
To: davem; +Cc: netdev, therbert
The encap->type comes straight from Netlink. Validate it against
max supported encap types just like ip_encap_hlen() already does.
Fixes: a8c5f9 ("ip_tunnel: Ops registration for secondary encap (fou, gue)")
Signed-off-by: Thomas Graf <tgraf@suug.ch>
---
net/ipv4/ip_tunnel.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index 2f498f8..d3e4479 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -573,6 +573,9 @@ int ip_tunnel_encap(struct sk_buff *skb, struct ip_tunnel *t,
if (t->encap.type == TUNNEL_ENCAP_NONE)
return 0;
+ if (t->encap.type >= MAX_IPTUN_ENCAP_OPS)
+ return -EINVAL;
+
rcu_read_lock();
ops = rcu_dereference(iptun_encaps[t->encap.type]);
if (likely(ops && ops->build_header))
--
1.9.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 0/2] ip_tunnel fixes
2014-12-16 20:05 [PATCH 0/2] ip_tunnel fixes Thomas Graf
2014-12-16 20:05 ` [PATCH 1/2] ip_tunnel: Add sanity checks to ip_tunnel_encap_add_ops() Thomas Graf
2014-12-16 20:05 ` [PATCH 2/2] ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup() Thomas Graf
@ 2014-12-16 20:22 ` David Miller
2 siblings, 0 replies; 6+ messages in thread
From: David Miller @ 2014-12-16 20:22 UTC (permalink / raw)
To: tgraf; +Cc: netdev, therbert
From: Thomas Graf <tgraf@suug.ch>
Date: Tue, 16 Dec 2014 21:05:19 +0100
> Thomas Graf (2):
> ip_tunnel: Add sanity checks to ip_tunnel_encap_add_ops()
> ip_tunnel: Add missing validation of encap type to
> ip_tunnel_encap_setup()
Both applied, thanks Thomas.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup()
2014-12-16 20:05 ` [PATCH 2/2] ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup() Thomas Graf
@ 2014-12-16 20:23 ` Tom Herbert
2014-12-16 20:50 ` Thomas Graf
0 siblings, 1 reply; 6+ messages in thread
From: Tom Herbert @ 2014-12-16 20:23 UTC (permalink / raw)
To: Thomas Graf; +Cc: David Miller, Linux Netdev List
On Tue, Dec 16, 2014 at 12:05 PM, Thomas Graf <tgraf@suug.ch> wrote:
> The encap->type comes straight from Netlink. Validate it against
> max supported encap types just like ip_encap_hlen() already does.
>
> Fixes: a8c5f9 ("ip_tunnel: Ops registration for secondary encap (fou, gue)")
> Signed-off-by: Thomas Graf <tgraf@suug.ch>
> ---
> net/ipv4/ip_tunnel.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
> index 2f498f8..d3e4479 100644
> --- a/net/ipv4/ip_tunnel.c
> +++ b/net/ipv4/ip_tunnel.c
> @@ -573,6 +573,9 @@ int ip_tunnel_encap(struct sk_buff *skb, struct ip_tunnel *t,
> if (t->encap.type == TUNNEL_ENCAP_NONE)
> return 0;
>
> + if (t->encap.type >= MAX_IPTUN_ENCAP_OPS)
> + return -EINVAL;
> +
I don't think this is technically needed, we should have already
verified the type when setting up the tunnel (ip_encap_hlen).
> rcu_read_lock();
> ops = rcu_dereference(iptun_encaps[t->encap.type]);
> if (likely(ops && ops->build_header))
> --
> 1.9.3
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup()
2014-12-16 20:23 ` Tom Herbert
@ 2014-12-16 20:50 ` Thomas Graf
0 siblings, 0 replies; 6+ messages in thread
From: Thomas Graf @ 2014-12-16 20:50 UTC (permalink / raw)
To: Tom Herbert; +Cc: David Miller, Linux Netdev List
On 12/16/14 at 12:23pm, Tom Herbert wrote:
> On Tue, Dec 16, 2014 at 12:05 PM, Thomas Graf <tgraf@suug.ch> wrote:
> > The encap->type comes straight from Netlink. Validate it against
> > max supported encap types just like ip_encap_hlen() already does.
> >
> > Fixes: a8c5f9 ("ip_tunnel: Ops registration for secondary encap (fou, gue)")
> > Signed-off-by: Thomas Graf <tgraf@suug.ch>
> > ---
> > net/ipv4/ip_tunnel.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
> > index 2f498f8..d3e4479 100644
> > --- a/net/ipv4/ip_tunnel.c
> > +++ b/net/ipv4/ip_tunnel.c
> > @@ -573,6 +573,9 @@ int ip_tunnel_encap(struct sk_buff *skb, struct ip_tunnel *t,
> > if (t->encap.type == TUNNEL_ENCAP_NONE)
> > return 0;
> >
> > + if (t->encap.type >= MAX_IPTUN_ENCAP_OPS)
> > + return -EINVAL;
> > +
>
> I don't think this is technically needed, we should have already
> verified the type when setting up the tunnel (ip_encap_hlen).
Right, assuming that every API user always calls ip_tunnel_encap_setup()
on changelink. It's currently the case but since this is a exported
API I figured we better be safe than sorry, in particular as
ip_tunnel_encap() is called before ip_encap_hlen() on xmit.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-12-16 20:50 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-12-16 20:05 [PATCH 0/2] ip_tunnel fixes Thomas Graf
2014-12-16 20:05 ` [PATCH 1/2] ip_tunnel: Add sanity checks to ip_tunnel_encap_add_ops() Thomas Graf
2014-12-16 20:05 ` [PATCH 2/2] ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup() Thomas Graf
2014-12-16 20:23 ` Tom Herbert
2014-12-16 20:50 ` Thomas Graf
2014-12-16 20:22 ` [PATCH 0/2] ip_tunnel fixes David Miller
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.