* [PATCH] [NET]: fix multicast list when cloning sockets @ 2007-07-30 16:04 Flavio Leitner 2007-07-31 2:01 ` David Miller 0 siblings, 1 reply; 5+ messages in thread From: Flavio Leitner @ 2007-07-30 16:04 UTC (permalink / raw) To: David L Stevens; +Cc: davem, acme, netdev The sock_copy() function uses memcpy() to clone the socket including the struct ip_mc_socklist *mc_list pointer. The ip_mc_drop_socket() function is called when socket is closed to free these objects leaving the other sockets cloned from the same master socket with invalid pointers. This patch sets mc_list of cloned socket to NULL. Signed-off-by: Flavio Leitner <fleitner@redhat.com> diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c index fbe7714..8ee0f54 100644 --- a/net/ipv4/inet_connection_sock.c +++ b/net/ipv4/inet_connection_sock.c @@ -506,6 +506,8 @@ struct sock *inet_csk_clone(struct sock *sk, const struct request_sock *req, newicsk->icsk_backoff = 0; newicsk->icsk_probes_out = 0; + inet_sk(inet)->mc_list = NULL; + /* Deinitialize accept_queue to trap illegal accesses. */ memset(&newicsk->icsk_accept_queue, 0, sizeof(newicsk->icsk_accept_queue)); -- 1.5.2.4 -- Flavio ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] [NET]: fix multicast list when cloning sockets 2007-07-30 16:04 [PATCH] [NET]: fix multicast list when cloning sockets Flavio Leitner @ 2007-07-31 2:01 ` David Miller 2007-07-31 3:00 ` Arnaldo Carvalho de Melo 0 siblings, 1 reply; 5+ messages in thread From: David Miller @ 2007-07-31 2:01 UTC (permalink / raw) To: fleitner; +Cc: dlstevens, acme, netdev From: Flavio Leitner <fleitner@redhat.com> Date: Mon, 30 Jul 2007 13:04:48 -0300 > > The sock_copy() function uses memcpy() to clone the socket > including the struct ip_mc_socklist *mc_list pointer. > > The ip_mc_drop_socket() function is called when socket is closed > to free these objects leaving the other sockets cloned from the > same master socket with invalid pointers. > > This patch sets mc_list of cloned socket to NULL. > > Signed-off-by: Flavio Leitner <fleitner@redhat.com> Allowing non-datagram sockets to end up with a non-NULL inet->mc_list in the first place is a bug. Multicast subscriptions cannot even be used with TCP and DCCP, which are the only two users of these connection oriented socket functions. The first thing that TCP and DCCP do, in fact, for input packet processing is drop the packet if it is not unicast. Therefore the fix really is for the inet layer to reject multicast subscription requests on sockets for which that absolutely does not make sense. There is no reason these functions in inet_connection_sock.c should need to be mindful of multicast state. :-) ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] [NET]: fix multicast list when cloning sockets 2007-07-31 2:01 ` David Miller @ 2007-07-31 3:00 ` Arnaldo Carvalho de Melo 2007-07-31 18:29 ` Flavio Leitner 0 siblings, 1 reply; 5+ messages in thread From: Arnaldo Carvalho de Melo @ 2007-07-31 3:00 UTC (permalink / raw) To: David Miller; +Cc: fleitner, dlstevens, netdev On 7/30/07, David Miller <davem@davemloft.net> wrote: > From: Flavio Leitner <fleitner@redhat.com> > Date: Mon, 30 Jul 2007 13:04:48 -0300 > > > > > The sock_copy() function uses memcpy() to clone the socket > > including the struct ip_mc_socklist *mc_list pointer. > > > > The ip_mc_drop_socket() function is called when socket is closed > > to free these objects leaving the other sockets cloned from the > > same master socket with invalid pointers. > > > > This patch sets mc_list of cloned socket to NULL. > > > > Signed-off-by: Flavio Leitner <fleitner@redhat.com> > > Allowing non-datagram sockets to end up with a non-NULL inet->mc_list > in the first place is a bug. > > Multicast subscriptions cannot even be used with TCP and DCCP, which > are the only two users of these connection oriented socket functions. > > The first thing that TCP and DCCP do, in fact, for input packet > processing is drop the packet if it is not unicast. > > Therefore the fix really is for the inet layer to reject multicast > subscription requests on sockets for which that absolutely does not > make sense. There is no reason these functions in > inet_connection_sock.c should need to be mindful of multicast > state. :-) Well, we can add a BUG_ON there then 8) Flavio, take a look at do_ip_setsockopt in net/ipv4/ip_sockglue.c, in the IP_{ADD,DROP}_MEMBERSHIP labels. Don't forget IPV6 (net/ipv6/ipv6_sockglue.c) - Arnaldo ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] [NET]: fix multicast list when cloning sockets 2007-07-31 3:00 ` Arnaldo Carvalho de Melo @ 2007-07-31 18:29 ` Flavio Leitner 2007-08-25 5:16 ` David Miller 0 siblings, 1 reply; 5+ messages in thread From: Flavio Leitner @ 2007-07-31 18:29 UTC (permalink / raw) To: netdev; +Cc: David Miller, dlstevens, Arnaldo Carvalho de Melo On Tue, Jul 31, 2007 at 12:00:41AM -0300, Arnaldo Carvalho de Melo wrote: > On 7/30/07, David Miller <davem@davemloft.net> wrote: > > Allowing non-datagram sockets to end up with a non-NULL inet->mc_list > > in the first place is a bug. > > > > Multicast subscriptions cannot even be used with TCP and DCCP, which > > are the only two users of these connection oriented socket functions. > > > > The first thing that TCP and DCCP do, in fact, for input packet > > processing is drop the packet if it is not unicast. > > > > Therefore the fix really is for the inet layer to reject multicast > > subscription requests on sockets for which that absolutely does not > > make sense. There is no reason these functions in > > inet_connection_sock.c should need to be mindful of multicast > > state. :-) > > Well, we can add a BUG_ON there then 8) > > Flavio, take a look at do_ip_setsockopt in net/ipv4/ip_sockglue.c, in > the IP_{ADD,DROP}_MEMBERSHIP labels. > > Don't forget IPV6 (net/ipv6/ipv6_sockglue.c) yes, right. What about the one below? [NET]: Fix IP_ADD/DROP_MEMBERSHIP to handle only connectionless Fix IP[V6]_ADD_MEMBERSHIP and IP[V6]_DROP_MEMBERSHIP to return -EPROTO for connection oriented sockets. Signed-off-by: Flavio Leitner <fleitner@redhat.com> diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c index 4d54457..6b420ae 100644 --- a/net/ipv4/ip_sockglue.c +++ b/net/ipv4/ip_sockglue.c @@ -625,6 +625,10 @@ static int do_ip_setsockopt(struct sock *sk, int level, { struct ip_mreqn mreq; + err = -EPROTO; + if (inet_sk(sk)->is_icsk) + break; + if (optlen < sizeof(struct ip_mreq)) goto e_inval; err = -EFAULT; diff --git a/net/ipv6/ipv6_sockglue.c b/net/ipv6/ipv6_sockglue.c index d684639..350e584 100644 --- a/net/ipv6/ipv6_sockglue.c +++ b/net/ipv6/ipv6_sockglue.c @@ -554,6 +554,10 @@ done: { struct ipv6_mreq mreq; + retv = -EPROTO; + if (inet_sk(sk)->is_icsk) + break; + retv = -EFAULT; if (copy_from_user(&mreq, optval, sizeof(struct ipv6_mreq))) break; -- 1.5.2.4 -- Flavio ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] [NET]: fix multicast list when cloning sockets 2007-07-31 18:29 ` Flavio Leitner @ 2007-08-25 5:16 ` David Miller 0 siblings, 0 replies; 5+ messages in thread From: David Miller @ 2007-08-25 5:16 UTC (permalink / raw) To: fleitner; +Cc: netdev, dlstevens, acme From: Flavio Leitner <fleitner@redhat.com> Date: Tue, 31 Jul 2007 15:29:40 -0300 > On Tue, Jul 31, 2007 at 12:00:41AM -0300, Arnaldo Carvalho de Melo wrote: > > On 7/30/07, David Miller <davem@davemloft.net> wrote: > > > Allowing non-datagram sockets to end up with a non-NULL inet->mc_list > > > in the first place is a bug. > > > > > > Multicast subscriptions cannot even be used with TCP and DCCP, which > > > are the only two users of these connection oriented socket functions. > > > > > > The first thing that TCP and DCCP do, in fact, for input packet > > > processing is drop the packet if it is not unicast. > > > > > > Therefore the fix really is for the inet layer to reject multicast > > > subscription requests on sockets for which that absolutely does not > > > make sense. There is no reason these functions in > > > inet_connection_sock.c should need to be mindful of multicast > > > state. :-) > > > > Well, we can add a BUG_ON there then 8) > > > > Flavio, take a look at do_ip_setsockopt in net/ipv4/ip_sockglue.c, in > > the IP_{ADD,DROP}_MEMBERSHIP labels. > > > > Don't forget IPV6 (net/ipv6/ipv6_sockglue.c) > > yes, right. What about the one below? > > [NET]: Fix IP_ADD/DROP_MEMBERSHIP to handle only connectionless > > Fix IP[V6]_ADD_MEMBERSHIP and IP[V6]_DROP_MEMBERSHIP to > return -EPROTO for connection oriented sockets. > > Signed-off-by: Flavio Leitner <fleitner@redhat.com> This looks great, patch applied. Thanks! ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2007-08-25 5:16 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2007-07-30 16:04 [PATCH] [NET]: fix multicast list when cloning sockets Flavio Leitner 2007-07-31 2:01 ` David Miller 2007-07-31 3:00 ` Arnaldo Carvalho de Melo 2007-07-31 18:29 ` Flavio Leitner 2007-08-25 5:16 ` David Miller
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).