From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lindbergh.monkeyblade.net (lindbergh.monkeyblade.net [23.128.96.19])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id D8264CA4D
	for <netdev@vger.kernel.org>; Fri,  1 Sep 2023 22:52:08 +0000 (UTC)
Received: from smtp-fw-80009.amazon.com (smtp-fw-80009.amazon.com [99.78.197.220])
	by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2E368A1
	for <netdev@vger.kernel.org>; Fri,  1 Sep 2023 15:52:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
  d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209;
  t=1693608725; x=1725144725;
  h=from:to:cc:subject:date:message-id:in-reply-to:
   references:mime-version:content-transfer-encoding;
  bh=pdbTGd1m0T5OmgFgCSf0aci7JD8p1w9CJNc59HMivbI=;
  b=pC6RcCZaiX7ZGC3jD3cFNpXxiwCrf1cNqyOHKibhFplvlDoiA5O+DH8n
   513Hacs9Vxqu+VLv59GkX9BJpTJPceFKJD1pTKJz+qXDgjdHg9/jwap3h
   9VDxqWdopdxEJApYXOJ52wKYhQyBiluirstkiip8qYSrto4aLow3N8tSA
   c=;
X-IronPort-AV: E=Sophos;i="6.02,221,1688428800"; 
   d="scan'208";a="26487116"
Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO email-inbound-relay-iad-1d-m6i4x-153b24bc.us-east-1.amazon.com) ([10.25.36.210])
  by smtp-border-fw-80009.pdx80.corp.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 01 Sep 2023 22:52:02 +0000
Received: from EX19MTAUWC002.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan3.iad.amazon.com [10.40.163.38])
	by email-inbound-relay-iad-1d-m6i4x-153b24bc.us-east-1.amazon.com (Postfix) with ESMTPS id 3531AC6D5C;
	Fri,  1 Sep 2023 22:51:58 +0000 (UTC)
Received: from EX19D004ANA001.ant.amazon.com (10.37.240.138) by
 EX19MTAUWC002.ant.amazon.com (10.250.64.143) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1118.37; Fri, 1 Sep 2023 22:51:58 +0000
Received: from 88665a182662.ant.amazon.com (10.187.170.14) by
 EX19D004ANA001.ant.amazon.com (10.37.240.138) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.2.1118.37; Fri, 1 Sep 2023 22:51:55 +0000
From: Kuniyuki Iwashima <kuniyu@amazon.com>
To: <kuniyu@amazon.com>
CC: <aleksandr.mikhalitsyn@canonical.com>, <brauner@kernel.org>,
	<davem@davemloft.net>, <edumazet@google.com>, <hca@linux.ibm.com>,
	<kuba@kernel.org>, <kuni1840@gmail.com>, <netdev@vger.kernel.org>,
	<pabeni@redhat.com>
Subject: Re: [PATCH v1 net] af_unix: Fix msg_controllen test in scm_pidfd_recv() for MSG_CMSG_COMPAT.
Date: Fri, 1 Sep 2023 15:51:47 -0700
Message-ID: <20230901225147.76613-1-kuniyu@amazon.com>
X-Mailer: git-send-email 2.30.2
In-Reply-To: <20230901222033.71400-1-kuniyu@amazon.com>
References: <20230901222033.71400-1-kuniyu@amazon.com>
Precedence: bulk
X-Mailing-List: netdev@vger.kernel.org
List-Id: <netdev.vger.kernel.org>
List-Subscribe: <mailto:netdev+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:netdev+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Originating-IP: [10.187.170.14]
X-ClientProxiedBy: EX19D041UWA003.ant.amazon.com (10.13.139.105) To
 EX19D004ANA001.ant.amazon.com (10.37.240.138)
Precedence: Bulk
X-Spam-Status: No, score=-4.0 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
	DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,
	RCVD_IN_DNSWL_MED,RCVD_IN_MSPIKE_H5,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,
	T_SPF_PERMERROR autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
	lindbergh.monkeyblade.net

From: Kuniyuki Iwashima <kuniyu@amazon.com>
Date: Fri, 1 Sep 2023 15:20:33 -0700
> Heiko Carstens reported that SCM_PIDFD does not work with MSG_CMSG_COMPAT
> because scm_pidfd_recv() always checks msg_controllen against sizeof(struct
> cmsghdr).
> 
> We need to use sizeof(struct compat_cmsghdr) for the compat case.
> 
> Fixes: 5e2ff6704a27 ("scm: add SO_PASSPIDFD and SCM_PIDFD")
> Reported-by: Heiko Carstens <hca@linux.ibm.com>
> Closes: https://lore.kernel.org/netdev/20230901200517.8742-A-hca@linux.ibm.com/
> Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
> Tested-by: Heiko Carstens <hca@linux.ibm.com>
> Reviewed-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
> ---
>  include/net/scm.h | 14 +++++++++-----
>  1 file changed, 9 insertions(+), 5 deletions(-)
> 
> diff --git a/include/net/scm.h b/include/net/scm.h
> index c5bcdf65f55c..c5608ca03a40 100644
> --- a/include/net/scm.h
> +++ b/include/net/scm.h
> @@ -9,6 +9,7 @@
>  #include <linux/pid.h>
>  #include <linux/nsproxy.h>
>  #include <linux/sched/signal.h>
> +#include <net/compat.h>
>  
>  /* Well, we should have at least one descriptor open
>   * to accept passed FDs 8)
> @@ -123,14 +124,17 @@ static inline bool scm_has_secdata(struct socket *sock)
>  static __inline__ void scm_pidfd_recv(struct msghdr *msg, struct scm_cookie *scm)
>  {
>  	struct file *pidfd_file = NULL;
> -	int pidfd;
> +	int len, pidfd;
>  
> -	/*
> -	 * put_cmsg() doesn't return an error if CMSG is truncated,
> +	/* put_cmsg() doesn't return an error if CMSG is truncated,
>  	 * that's why we need to opencode these checks here.
>  	 */
> -	if ((msg->msg_controllen <= sizeof(struct cmsghdr)) ||
> -	    (msg->msg_controllen - sizeof(struct cmsghdr)) < sizeof(int)) {
> +	if (msg->msg_flags & MSG_CMSG_COMPAT)
> +		len = sizeof(struct cmsghdr) + sizeof(int);
> +	else
> +		len = sizeof(struct compat_cmsghdr) + sizeof(int);

Ugh.. apparently I did wrong copy-and-paste while refactoring.
Will fix in v2.

pw-bot: cr

> +
> +	if (msg->msg_controllen < len) {
>  		msg->msg_flags |= MSG_CTRUNC;
>  		return;
>  	}
> -- 
> 2.30.2