* [RFC PATCH v2 08/18] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.
@ 2016-01-08 9:52 Huw Davies
2016-02-07 19:56 ` Paul Moore
0 siblings, 1 reply; 3+ messages in thread
From: Huw Davies @ 2016-01-08 9:52 UTC (permalink / raw)
To: netdev, linux-security-module, selinux; +Cc: Paul Moore
The functionality is equivalent to ipv6_renew_options() except
that the newopt pointer is in kernel, not user, memory
The kernel memory implementation will be used by the CALIPSO network
labelling engine, which needs to be able to set IPv6 hop-by-hop
options.
Signed-off-by: Huw Davies <huw@codeweavers.com>
---
include/net/ipv6.h | 6 ++++++
net/ipv6/exthdrs.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
2 files changed, 55 insertions(+)
diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 9a5c9f0..5a72ffd 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -304,6 +304,12 @@ struct ipv6_txoptions *ipv6_renew_options(struct sock *sk,
int newtype,
struct ipv6_opt_hdr __user *newopt,
int newoptlen);
+struct ipv6_txoptions *
+ipv6_renew_options_kern(struct sock *sk,
+ struct ipv6_txoptions *opt,
+ int newtype,
+ struct ipv6_opt_hdr *newopt,
+ int newoptlen);
struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
struct ipv6_txoptions *opt);
diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c
index ea7c4d6..d5fd3e7 100644
--- a/net/ipv6/exthdrs.c
+++ b/net/ipv6/exthdrs.c
@@ -758,6 +758,27 @@ static int ipv6_renew_option(void *ohdr,
return 0;
}
+/**
+ * ipv6_renew_options - replace a specific ext hdr with a new one.
+ *
+ * @sk: sock from which to allocate memory
+ * @opt: original options
+ * @newtype: option type to replace in @opt
+ * @newopt: new option of type @newtype to replace (user-mem)
+ * @newoptlen: length of @newopt
+ *
+ * Returns a new set of options which is a copy of @opt with the
+ * option type @newtype replaced with @newopt.
+ *
+ * @opt may be NULL, in which case a new set of options is returned
+ * containing just @newopt.
+ *
+ * @newopt may be NULL, in which case the specified option type is
+ * not copied into the new set of options.
+ *
+ * The new set of options is allocated from the socket option memory
+ * buffer of @sk.
+ */
struct ipv6_txoptions *
ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt,
int newtype,
@@ -830,6 +851,34 @@ out:
return ERR_PTR(err);
}
+/**
+ * ipv6_renew_options_kern - replace a specific ext hdr with a new one.
+ *
+ * @sk: sock from which to allocate memory
+ * @opt: original options
+ * @newtype: option type to replace in @opt
+ * @newopt: new option of type @newtype to replace (kernel-mem)
+ * @newoptlen: length of @newopt
+ *
+ * See ipv6_renew_options(). The difference is that @newopt is
+ * kernel memory, rather than user memory.
+ */
+struct ipv6_txoptions *
+ipv6_renew_options_kern(struct sock *sk, struct ipv6_txoptions *opt,
+ int newtype, struct ipv6_opt_hdr *newopt,
+ int newoptlen)
+{
+ struct ipv6_txoptions *ret_val;
+ const mm_segment_t old_fs = get_fs();
+
+ set_fs(KERNEL_DS);
+ ret_val = ipv6_renew_options(sk, opt, newtype,
+ (struct ipv6_opt_hdr __user *)newopt,
+ newoptlen);
+ set_fs(old_fs);
+ return ret_val;
+}
+
struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
struct ipv6_txoptions *opt)
{
--
1.8.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [RFC PATCH v2 08/18] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.
2016-01-08 9:52 [RFC PATCH v2 08/18] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer Huw Davies
@ 2016-02-07 19:56 ` Paul Moore
2016-02-11 14:52 ` Huw Davies
0 siblings, 1 reply; 3+ messages in thread
From: Paul Moore @ 2016-02-07 19:56 UTC (permalink / raw)
To: Huw Davies; +Cc: netdev, linux-security-module, selinux
On Friday, January 08, 2016 09:52:44 AM Huw Davies wrote:
> The functionality is equivalent to ipv6_renew_options() except
> that the newopt pointer is in kernel, not user, memory
>
> The kernel memory implementation will be used by the CALIPSO network
> labelling engine, which needs to be able to set IPv6 hop-by-hop
> options.
>
> Signed-off-by: Huw Davies <huw@codeweavers.com>
...
> +/**
> + * ipv6_renew_options_kern - replace a specific ext hdr with a new one.
> + *
> + * @sk: sock from which to allocate memory
> + * @opt: original options
> + * @newtype: option type to replace in @opt
> + * @newopt: new option of type @newtype to replace (kernel-mem)
> + * @newoptlen: length of @newopt
> + *
> + * See ipv6_renew_options(). The difference is that @newopt is
> + * kernel memory, rather than user memory.
> + */
> +struct ipv6_txoptions *
> +ipv6_renew_options_kern(struct sock *sk, struct ipv6_txoptions *opt,
> + int newtype, struct ipv6_opt_hdr *newopt,
> + int newoptlen)
> +{
> + struct ipv6_txoptions *ret_val;
> + const mm_segment_t old_fs = get_fs();
> +
> + set_fs(KERNEL_DS);
> + ret_val = ipv6_renew_options(sk, opt, newtype,
> + (struct ipv6_opt_hdr __user *)newopt,
> + newoptlen);
> + set_fs(old_fs);
> + return ret_val;
> +}
I should preface this by saying that I don't have a strong opinion on this
either way, and given where the code lives it is really up to DaveM, but I
wonder if it might be better to create ipv6_renew_options_kern() as the common
helper function that is called by ipv6_renew_options().
--
paul moore
security @ redhat
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [RFC PATCH v2 08/18] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer.
2016-02-07 19:56 ` Paul Moore
@ 2016-02-11 14:52 ` Huw Davies
0 siblings, 0 replies; 3+ messages in thread
From: Huw Davies @ 2016-02-11 14:52 UTC (permalink / raw)
To: Paul Moore; +Cc: netdev, linux-security-module, selinux
On Sun, Feb 07, 2016 at 02:56:05PM -0500, Paul Moore wrote:
> On Friday, January 08, 2016 09:52:44 AM Huw Davies wrote:
> > The functionality is equivalent to ipv6_renew_options() except
> > that the newopt pointer is in kernel, not user, memory
> >
> > The kernel memory implementation will be used by the CALIPSO network
> > labelling engine, which needs to be able to set IPv6 hop-by-hop
> > options.
> >
> > Signed-off-by: Huw Davies <huw@codeweavers.com>
>
> ...
>
> > +/**
> > + * ipv6_renew_options_kern - replace a specific ext hdr with a new one.
> > + *
> > + * @sk: sock from which to allocate memory
> > + * @opt: original options
> > + * @newtype: option type to replace in @opt
> > + * @newopt: new option of type @newtype to replace (kernel-mem)
> > + * @newoptlen: length of @newopt
> > + *
> > + * See ipv6_renew_options(). The difference is that @newopt is
> > + * kernel memory, rather than user memory.
> > + */
> > +struct ipv6_txoptions *
> > +ipv6_renew_options_kern(struct sock *sk, struct ipv6_txoptions *opt,
> > + int newtype, struct ipv6_opt_hdr *newopt,
> > + int newoptlen)
> > +{
> > + struct ipv6_txoptions *ret_val;
> > + const mm_segment_t old_fs = get_fs();
> > +
> > + set_fs(KERNEL_DS);
> > + ret_val = ipv6_renew_options(sk, opt, newtype,
> > + (struct ipv6_opt_hdr __user *)newopt,
> > + newoptlen);
> > + set_fs(old_fs);
> > + return ret_val;
> > +}
>
> I should preface this by saying that I don't have a strong opinion on this
> either way, and given where the code lives it is really up to DaveM, but I
> wonder if it might be better to create ipv6_renew_options_kern() as the common
> helper function that is called by ipv6_renew_options().
Ok, I'll leave this as it as for v3, and the network guys can shout if
they want me to change it.
Huw.
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-02-11 14:52 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-01-08 9:52 [RFC PATCH v2 08/18] ipv6: Add ipv6_renew_options_kern() that accepts a kernel mem pointer Huw Davies
2016-02-07 19:56 ` Paul Moore
2016-02-11 14:52 ` Huw Davies
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).