* [PATCH 0/2] ip_tunnel fixes
@ 2014-12-16 20:05 Thomas Graf
2014-12-16 20:05 ` [PATCH 1/2] ip_tunnel: Add sanity checks to ip_tunnel_encap_add_ops() Thomas Graf
` (2 more replies)
0 siblings, 3 replies; 6+ messages in thread
From: Thomas Graf @ 2014-12-16 20:05 UTC (permalink / raw)
To: davem; +Cc: netdev, therbert
Thomas Graf (2):
ip_tunnel: Add sanity checks to ip_tunnel_encap_add_ops()
ip_tunnel: Add missing validation of encap type to
ip_tunnel_encap_setup()
net/ipv4/ip_tunnel.c | 9 +++++++++
1 file changed, 9 insertions(+)
--
1.9.3
^ permalink raw reply [flat|nested] 6+ messages in thread
* [PATCH 1/2] ip_tunnel: Add sanity checks to ip_tunnel_encap_add_ops()
2014-12-16 20:05 [PATCH 0/2] ip_tunnel fixes Thomas Graf
@ 2014-12-16 20:05 ` Thomas Graf
2014-12-16 20:05 ` [PATCH 2/2] ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup() Thomas Graf
2014-12-16 20:22 ` [PATCH 0/2] ip_tunnel fixes David Miller
2 siblings, 0 replies; 6+ messages in thread
From: Thomas Graf @ 2014-12-16 20:05 UTC (permalink / raw)
To: davem; +Cc: netdev, therbert
The symbols are exported and could be used by external modules.
Fixes: a8c5f9 ("ip_tunnel: Ops registration for secondary encap (fou, gue)")
Signed-off-by: Thomas Graf <tgraf@suug.ch>
---
net/ipv4/ip_tunnel.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index 63e745a..2f498f8 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -514,6 +514,9 @@ const struct ip_tunnel_encap_ops __rcu *
int ip_tunnel_encap_add_ops(const struct ip_tunnel_encap_ops *ops,
unsigned int num)
{
+ if (num >= MAX_IPTUN_ENCAP_OPS)
+ return -ERANGE;
+
return !cmpxchg((const struct ip_tunnel_encap_ops **)
&iptun_encaps[num],
NULL, ops) ? 0 : -1;
@@ -525,6 +528,9 @@ int ip_tunnel_encap_del_ops(const struct ip_tunnel_encap_ops *ops,
{
int ret;
+ if (num >= MAX_IPTUN_ENCAP_OPS)
+ return -ERANGE;
+
ret = (cmpxchg((const struct ip_tunnel_encap_ops **)
&iptun_encaps[num],
ops, NULL) == ops) ? 0 : -1;
--
1.9.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* [PATCH 2/2] ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup()
2014-12-16 20:05 [PATCH 0/2] ip_tunnel fixes Thomas Graf
2014-12-16 20:05 ` [PATCH 1/2] ip_tunnel: Add sanity checks to ip_tunnel_encap_add_ops() Thomas Graf
@ 2014-12-16 20:05 ` Thomas Graf
2014-12-16 20:23 ` Tom Herbert
2014-12-16 20:22 ` [PATCH 0/2] ip_tunnel fixes David Miller
2 siblings, 1 reply; 6+ messages in thread
From: Thomas Graf @ 2014-12-16 20:05 UTC (permalink / raw)
To: davem; +Cc: netdev, therbert
The encap->type comes straight from Netlink. Validate it against
max supported encap types just like ip_encap_hlen() already does.
Fixes: a8c5f9 ("ip_tunnel: Ops registration for secondary encap (fou, gue)")
Signed-off-by: Thomas Graf <tgraf@suug.ch>
---
net/ipv4/ip_tunnel.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index 2f498f8..d3e4479 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -573,6 +573,9 @@ int ip_tunnel_encap(struct sk_buff *skb, struct ip_tunnel *t,
if (t->encap.type == TUNNEL_ENCAP_NONE)
return 0;
+ if (t->encap.type >= MAX_IPTUN_ENCAP_OPS)
+ return -EINVAL;
+
rcu_read_lock();
ops = rcu_dereference(iptun_encaps[t->encap.type]);
if (likely(ops && ops->build_header))
--
1.9.3
^ permalink raw reply related [flat|nested] 6+ messages in thread
* Re: [PATCH 0/2] ip_tunnel fixes
2014-12-16 20:05 [PATCH 0/2] ip_tunnel fixes Thomas Graf
2014-12-16 20:05 ` [PATCH 1/2] ip_tunnel: Add sanity checks to ip_tunnel_encap_add_ops() Thomas Graf
2014-12-16 20:05 ` [PATCH 2/2] ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup() Thomas Graf
@ 2014-12-16 20:22 ` David Miller
2 siblings, 0 replies; 6+ messages in thread
From: David Miller @ 2014-12-16 20:22 UTC (permalink / raw)
To: tgraf; +Cc: netdev, therbert
From: Thomas Graf <tgraf@suug.ch>
Date: Tue, 16 Dec 2014 21:05:19 +0100
> Thomas Graf (2):
> ip_tunnel: Add sanity checks to ip_tunnel_encap_add_ops()
> ip_tunnel: Add missing validation of encap type to
> ip_tunnel_encap_setup()
Both applied, thanks Thomas.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup()
2014-12-16 20:05 ` [PATCH 2/2] ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup() Thomas Graf
@ 2014-12-16 20:23 ` Tom Herbert
2014-12-16 20:50 ` Thomas Graf
0 siblings, 1 reply; 6+ messages in thread
From: Tom Herbert @ 2014-12-16 20:23 UTC (permalink / raw)
To: Thomas Graf; +Cc: David Miller, Linux Netdev List
On Tue, Dec 16, 2014 at 12:05 PM, Thomas Graf <tgraf@suug.ch> wrote:
> The encap->type comes straight from Netlink. Validate it against
> max supported encap types just like ip_encap_hlen() already does.
>
> Fixes: a8c5f9 ("ip_tunnel: Ops registration for secondary encap (fou, gue)")
> Signed-off-by: Thomas Graf <tgraf@suug.ch>
> ---
> net/ipv4/ip_tunnel.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
> index 2f498f8..d3e4479 100644
> --- a/net/ipv4/ip_tunnel.c
> +++ b/net/ipv4/ip_tunnel.c
> @@ -573,6 +573,9 @@ int ip_tunnel_encap(struct sk_buff *skb, struct ip_tunnel *t,
> if (t->encap.type == TUNNEL_ENCAP_NONE)
> return 0;
>
> + if (t->encap.type >= MAX_IPTUN_ENCAP_OPS)
> + return -EINVAL;
> +
I don't think this is technically needed, we should have already
verified the type when setting up the tunnel (ip_encap_hlen).
> rcu_read_lock();
> ops = rcu_dereference(iptun_encaps[t->encap.type]);
> if (likely(ops && ops->build_header))
> --
> 1.9.3
>
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PATCH 2/2] ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup()
2014-12-16 20:23 ` Tom Herbert
@ 2014-12-16 20:50 ` Thomas Graf
0 siblings, 0 replies; 6+ messages in thread
From: Thomas Graf @ 2014-12-16 20:50 UTC (permalink / raw)
To: Tom Herbert; +Cc: David Miller, Linux Netdev List
On 12/16/14 at 12:23pm, Tom Herbert wrote:
> On Tue, Dec 16, 2014 at 12:05 PM, Thomas Graf <tgraf@suug.ch> wrote:
> > The encap->type comes straight from Netlink. Validate it against
> > max supported encap types just like ip_encap_hlen() already does.
> >
> > Fixes: a8c5f9 ("ip_tunnel: Ops registration for secondary encap (fou, gue)")
> > Signed-off-by: Thomas Graf <tgraf@suug.ch>
> > ---
> > net/ipv4/ip_tunnel.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
> > index 2f498f8..d3e4479 100644
> > --- a/net/ipv4/ip_tunnel.c
> > +++ b/net/ipv4/ip_tunnel.c
> > @@ -573,6 +573,9 @@ int ip_tunnel_encap(struct sk_buff *skb, struct ip_tunnel *t,
> > if (t->encap.type == TUNNEL_ENCAP_NONE)
> > return 0;
> >
> > + if (t->encap.type >= MAX_IPTUN_ENCAP_OPS)
> > + return -EINVAL;
> > +
>
> I don't think this is technically needed, we should have already
> verified the type when setting up the tunnel (ip_encap_hlen).
Right, assuming that every API user always calls ip_tunnel_encap_setup()
on changelink. It's currently the case but since this is a exported
API I figured we better be safe than sorry, in particular as
ip_tunnel_encap() is called before ip_encap_hlen() on xmit.
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-12-16 20:50 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2014-12-16 20:05 [PATCH 0/2] ip_tunnel fixes Thomas Graf
2014-12-16 20:05 ` [PATCH 1/2] ip_tunnel: Add sanity checks to ip_tunnel_encap_add_ops() Thomas Graf
2014-12-16 20:05 ` [PATCH 2/2] ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup() Thomas Graf
2014-12-16 20:23 ` Tom Herbert
2014-12-16 20:50 ` Thomas Graf
2014-12-16 20:22 ` [PATCH 0/2] ip_tunnel fixes David Miller
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).