[PATCH ipsec-next] xfrm: Do not parse 32bits compiled xfrm netlink msg on 64bits host

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH ipsec-next] xfrm: Do not parse 32bits compiled xfrm netlink msg on 64bits host
@ 2015-01-27  2:54 Fan Du
  2015-01-27  7:39 ` David Miller
  0 siblings, 1 reply; 5+ messages in thread
From: Fan Du @ 2015-01-27  2:54 UTC (permalink / raw)
  To: steffen.klassert; +Cc: herbert, davem, netdev, fengyuleidian0615

structure like xfrm_usersa_info or xfrm_userpolicy_info
has different sizeof when compiled as 32bits and 64bits
due to not appending pack attribute in their definition.
This will result in broken SA and SP information when user
trying to configure them through netlink interface.

Inform user land about this situation instead of keeping
silent, the upper test scripts would behave accordingly.

Quotes from: http://marc.info/?l=linux-netdev&m=142226348715503&w=2
>
> Before a clean solution show up, I think it's better to warn user in some way
> like http://patchwork.ozlabs.org/patch/323842/ did. Otherwise, many people
> who stuck there will always spend time and try to fix this issue in whatever way.

Yes, this is the first thing we should do. I'm willing to accept a patch

Signed-off-by: Fan Du <fan.du@intel.com>
---
ChangeLog:
v2:
  - Rebase with latest tree

---
 net/xfrm/xfrm_user.c |    5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 8128594..f960bd9 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2419,6 +2419,11 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
 	const struct xfrm_link *link;
 	int type, err;
 
+#ifdef CONFIG_COMPAT
+	if (is_compat_task())
+		return -EPERM;
+#endif
+
 	type = nlh->nlmsg_type;
 	if (type > XFRM_MSG_MAX)
 		return -EINVAL;
-- 
1.7.9.5

^ permalink raw reply related	[flat|nested] 5+ messages in thread

* Re: [PATCH ipsec-next] xfrm: Do not parse 32bits compiled xfrm netlink msg on 64bits host
  2015-01-27  2:54 [PATCH ipsec-next] xfrm: Do not parse 32bits compiled xfrm netlink msg on 64bits host Fan Du
@ 2015-01-27  7:39 ` David Miller
  2015-01-27  7:44   ` Fan Du
  0 siblings, 1 reply; 5+ messages in thread
From: David Miller @ 2015-01-27  7:39 UTC (permalink / raw)
  To: fan.du; +Cc: steffen.klassert, herbert, netdev, fengyuleidian0615

From: Fan Du <fan.du@intel.com>
Date: Tue, 27 Jan 2015 10:54:22 +0800

> @@ -2419,6 +2419,11 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
>  	const struct xfrm_link *link;
>  	int type, err;
>  
> +#ifdef CONFIG_COMPAT
> +	if (is_compat_task())
> +		return -EPERM;
> +#endif
> +

This seems more like an unsupported operation rather then a permission
problem.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH ipsec-next] xfrm: Do not parse 32bits compiled xfrm netlink msg on 64bits host
  2015-01-27  7:39 ` David Miller
@ 2015-01-27  7:44   ` Fan Du
  2015-01-27  8:12     ` David Miller
  0 siblings, 1 reply; 5+ messages in thread
From: Fan Du @ 2015-01-27  7:44 UTC (permalink / raw)
  To: David Miller; +Cc: fan.du, steffen.klassert, herbert, netdev

于 2015年01月27日 15:39, David Miller 写道:
> From: Fan Du <fan.du@intel.com>
> Date: Tue, 27 Jan 2015 10:54:22 +0800
>
>> @@ -2419,6 +2419,11 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
>>   	const struct xfrm_link *link;
>>   	int type, err;
>>
>> +#ifdef CONFIG_COMPAT
>> +	if (is_compat_task())
>> +		return -EPERM;
>> +#endif
>> +
>
> This seems more like an unsupported operation rather then a permission
> problem.
>
how about *ENOTSUPP* ?

-- 
No zuo no die but I have to try.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH ipsec-next] xfrm: Do not parse 32bits compiled xfrm netlink msg on 64bits host
  2015-01-27  7:44   ` Fan Du
@ 2015-01-27  8:12     ` David Miller
  2015-01-27 23:32       ` Bill Fink
  0 siblings, 1 reply; 5+ messages in thread
From: David Miller @ 2015-01-27  8:12 UTC (permalink / raw)
  To: fengyuleidian0615; +Cc: fan.du, steffen.klassert, herbert, netdev

From: Fan Du <fengyuleidian0615@gmail.com>
Date: Tue, 27 Jan 2015 15:44:36 +0800

> 于 2015年01月27日 15:39, David Miller 写道:
>> From: Fan Du <fan.du@intel.com>
>> Date: Tue, 27 Jan 2015 10:54:22 +0800
>>
>>> @@ -2419,6 +2419,11 @@ static int xfrm_user_rcv_msg(struct sk_buff
>>> *skb, struct nlmsghdr *nlh)
>>>   	const struct xfrm_link *link;
>>>   	int type, err;
>>>
>>> +#ifdef CONFIG_COMPAT
>>> +	if (is_compat_task())
>>> +		return -EPERM;
>>> +#endif
>>> +
>>
>> This seems more like an unsupported operation rather then a permission
>> problem.
>>
> how about *ENOTSUPP* ?

Unquestionably, that is an improvement over EPERM.

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [PATCH ipsec-next] xfrm: Do not parse 32bits compiled xfrm netlink msg on 64bits host
  2015-01-27  8:12     ` David Miller
@ 2015-01-27 23:32       ` Bill Fink
  0 siblings, 0 replies; 5+ messages in thread
From: Bill Fink @ 2015-01-27 23:32 UTC (permalink / raw)
  To: David Miller; +Cc: fengyuleidian0615, fan.du, steffen.klassert, herbert, netdev

On Tue, 27 Jan 2015, David Miller wrote:

> From: Fan Du <fengyuleidian0615@gmail.com>
> Date: Tue, 27 Jan 2015 15:44:36 +0800
> 
> > 于 2015年01月27日 15:39, David Miller 写道:
> >> From: Fan Du <fan.du@intel.com>
> >> Date: Tue, 27 Jan 2015 10:54:22 +0800
> >>
> >>> @@ -2419,6 +2419,11 @@ static int xfrm_user_rcv_msg(struct sk_buff
> >>> *skb, struct nlmsghdr *nlh)
> >>>   	const struct xfrm_link *link;
> >>>   	int type, err;
> >>>
> >>> +#ifdef CONFIG_COMPAT
> >>> +	if (is_compat_task())
> >>> +		return -EPERM;
> >>> +#endif
> >>> +
> >>
> >> This seems more like an unsupported operation rather then a permission
> >> problem.
> >>
> > how about *ENOTSUPP* ?
> 
> Unquestionably, that is an improvement over EPERM.

But it should be EOPNOTSUPP rather than ENOTSUP, right?

					-Bill

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2015-01-27 23:37 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-01-27  2:54 [PATCH ipsec-next] xfrm: Do not parse 32bits compiled xfrm netlink msg on 64bits host Fan Du
2015-01-27  7:39 ` David Miller
2015-01-27  7:44   ` Fan Du
2015-01-27  8:12     ` David Miller
2015-01-27 23:32       ` Bill Fink

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).