From patchwork Sat Nov 25 20:26:16 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siddh Raman Pant X-Patchwork-Id: 169794 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp2142447vqx; Sat, 25 Nov 2023 12:27:28 -0800 (PST) X-Google-Smtp-Source: AGHT+IEOKBR9+dCpFcmyJh0CCYcFwrqfWY+OpK+VGLmTVL1sQRMREhIw00CL7r3rWddmMG1Ddr7b X-Received: by 2002:a17:902:f550:b0:1cf:a5a0:5f85 with SMTP id h16-20020a170902f55000b001cfa5a05f85mr8247817plf.25.1700944048286; Sat, 25 Nov 2023 12:27:28 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1700944048; cv=pass; d=google.com; s=arc-20160816; b=Po3Y16BvAnQj1Wr3t6C81+Wb1M4gcLtIHRbwD49z+8MLqyEOkTkeOvHt3BeaxoYDWw /sHvDrfVSnPCbWTIWUaedeggI0PmIkDo3RJH9lVTmu7qE0cjQmClB6qwLCCmOg5/63t+ TCMBO6L2hpRxud+7+XbB3Xc/WfbBPc8T+5GCzmOXP5hQBFT7dCmn1t8NV/iSaJ5PsTon 121N3A3gIFd25KlP0pUXizfDHCd6zh25NlO8TIzaQCGeXDtFZFH42b/XyH650H0tQi9J 3hrHEHJQ0YWnlBkxZWYWBbls2GMdcS7X9u+jm2scveDsd5FGBBpRegsLCjjaVu94PWEJ T06Q== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=khXX+6WIAnh+nbfhSLVUt+KViQdJnf6YZ3f3zq0qJyA=; fh=lWFC9d7jJSiNqATg8HCbo845G0U9cpMSp26bBLEa5gM=; b=hXIT5EwAoZV3Kn/RFm0Zd85ZzazGD3C7Va1UxUFzhWkXDK73Fu4kv73mKwyzTtfbAQ vyxSXq4NtIsTKu01BS6C94+vXqsPTFwWvxZ6wyCo3mX/mmIvOdeKcSjGGpPwIywiW04j qsFMi+V9YZUJMprWx9dEYODT5GRCoQIvTay2LuDE/sG8B22YRP2n6NJTYt5Pt/Vozby8 WvST4ss2Uzty+hqFgFFuiBFpcV2fQS7bPvPjVmTMbYXmodm4Cmv2fgSDjFs13Re+cOd+ QnGghKaXwMrcukMOzxiMEtk2cwLK2vOsQ3rAfc8xtYAezRyAYuLy1oGb09yb28kHS+V+ /rCg== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@siddh.me header.s=zmail header.b=kfic7x93; arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me dmarc=pass fromdomain=siddh.me>); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siddh.me Received: from snail.vger.email (snail.vger.email. [2620:137:e000::3:7]) by mx.google.com with ESMTPS id t13-20020a1709028c8d00b001c60f6cf46bsi5807850plo.12.2023.11.25.12.27.27 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 25 Nov 2023 12:27:28 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) client-ip=2620:137:e000::3:7; Authentication-Results: mx.google.com; dkim=pass header.i=@siddh.me header.s=zmail header.b=kfic7x93; arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me dmarc=pass fromdomain=siddh.me>); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:7 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siddh.me Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by snail.vger.email (Postfix) with ESMTP id 844C48092EE0; Sat, 25 Nov 2023 12:27:26 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at snail.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230037AbjKYU1M (ORCPT + 99 others); Sat, 25 Nov 2023 15:27:12 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35742 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229521AbjKYU1F (ORCPT ); Sat, 25 Nov 2023 15:27:05 -0500 Received: from sender-of-o51.zoho.in (sender-of-o51.zoho.in [103.117.158.51]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 8667F127; Sat, 25 Nov 2023 12:27:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700943997; cv=none; d=zohomail.in; s=zohoarc; b=BGfGn3DCDFmOnkDsztjNxOlpWIHIH2sruFlmgC7D8pkdi9qKFpSlaYh+ugi8u8cgDMdWM3KNN0FGXlX57MLnelbQhc9lv40CgfgbssO5FKhZHazb5jeH2W5nmwQXJq/3Vvw4hvPmS0ZWP1lMqfSXfuK8Nk6tTlRuLq/pyN3Lq7c= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.in; s=zohoarc; t=1700943997; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=khXX+6WIAnh+nbfhSLVUt+KViQdJnf6YZ3f3zq0qJyA=; b=Ncih+qyH3NB0WdbOHkljRWMEgbiratVKpxabNsTYoETjMo2gF0Af6WgPwIjA9LotQ3M59jDhH2O4MyeRZ3N0R4iv2B2sKaR/6l5u5txcAs62zCDmLSQkIJUHEk0m490/JR8F5hyJ1dZuBLePXuwSV4spADb3LrCor1iMvvbSijo= ARC-Authentication-Results: i=1; mx.zohomail.in; dkim=pass header.i=siddh.me; spf=pass smtp.mailfrom=code@siddh.me; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1700943997; s=zmail; d=siddh.me; i=code@siddh.me; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-ID:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Message-Id:Reply-To; bh=khXX+6WIAnh+nbfhSLVUt+KViQdJnf6YZ3f3zq0qJyA=; b=kfic7x93BI2BMMABAGJ7+jpOVjI7JhUXRyUg1ZCPqgR4fqJisHvm9T5DTztDiHIL QeImSU3M7tV6efOBTccqiEGas8C+0QsaVNUK/etmQl305JMlar9YSipc8NxwYgtC7MH 9LVhKie744FkyWWj+DWy22VBX4w01fmJBjjUQ+Sc= Received: from kampyooter.. (110.226.61.26 [110.226.61.26]) by mx.zoho.in with SMTPS id 1700943994641928.1437515996658; Sun, 26 Nov 2023 01:56:34 +0530 (IST) From: Siddh Raman Pant To: Krzysztof Kozlowski , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 1/4] nfc: Extract nfc_dev access from nfc_alloc_send_skb() into the callers Date: Sun, 26 Nov 2023 01:56:16 +0530 Message-ID: X-Mailer: git-send-email 2.42.0 In-Reply-To: References: MIME-Version: 1.0 X-ZohoMailClient: External X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (snail.vger.email [0.0.0.0]); Sat, 25 Nov 2023 12:27:26 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783569106235223975 X-GMAIL-MSGID: 1783569106235223975 The only reason why nfc_dev was accessed inside nfc_alloc_send_skb() is for getting the headroom and tailroom values. This can cause UAF to be reported from nfc_alloc_send_skb(), but the callers are responsible for managing the device access, and thus the UAF being reported, as the callers (like nfc_llcp_send_ui_frame()) may repeatedly call this function, and this function will repeatedly try to get the same headroom and tailroom values. Thus, put the nfc_dev access responsibility on the callers and accept the headroom and tailroom values directly. Signed-off-by: Siddh Raman Pant --- include/net/nfc/nfc.h | 6 +++--- net/nfc/core.c | 14 +++++++------- net/nfc/llcp_commands.c | 20 ++++++++++++++------ net/nfc/rawsock.c | 8 ++++++-- 4 files changed, 30 insertions(+), 18 deletions(-) diff --git a/include/net/nfc/nfc.h b/include/net/nfc/nfc.h index 5dee575fbe86..efe20a9a8499 100644 --- a/include/net/nfc/nfc.h +++ b/include/net/nfc/nfc.h @@ -260,9 +260,9 @@ static inline const char *nfc_device_name(const struct nfc_dev *dev) return dev_name(&dev->dev); } -struct sk_buff *nfc_alloc_send_skb(struct nfc_dev *dev, struct sock *sk, - unsigned int flags, unsigned int size, - unsigned int *err); +struct sk_buff *nfc_alloc_send_skb(struct sock *sk, unsigned int flags, + unsigned int size, int headroom, + int tailroom, unsigned int *err); struct sk_buff *nfc_alloc_recv_skb(unsigned int size, gfp_t gfp); int nfc_set_remote_general_bytes(struct nfc_dev *dev, diff --git a/net/nfc/core.c b/net/nfc/core.c index eb2c0959e5b6..1f7d20971f6f 100644 --- a/net/nfc/core.c +++ b/net/nfc/core.c @@ -705,25 +705,25 @@ EXPORT_SYMBOL(nfc_tm_deactivated); /** * nfc_alloc_send_skb - allocate a skb for data exchange responses * - * @dev: device sending the response * @sk: socket sending the response * @flags: MSG_DONTWAIT flag * @size: size to allocate + * @headroom: Extra headroom, in addition to size + * @tailroom: Extra tailroom, in addition to size * @err: pointer to memory to store the error code */ -struct sk_buff *nfc_alloc_send_skb(struct nfc_dev *dev, struct sock *sk, - unsigned int flags, unsigned int size, - unsigned int *err) +struct sk_buff *nfc_alloc_send_skb(struct sock *sk, unsigned int flags, + unsigned int size, int headroom, + int tailroom, unsigned int *err) { struct sk_buff *skb; unsigned int total_size; - total_size = size + - dev->tx_headroom + dev->tx_tailroom + NFC_HEADER_SIZE; + total_size = size + headroom + tailroom + NFC_HEADER_SIZE; skb = sock_alloc_send_skb(sk, total_size, flags & MSG_DONTWAIT, err); if (skb) - skb_reserve(skb, dev->tx_headroom + NFC_HEADER_SIZE); + skb_reserve(skb, headroom + NFC_HEADER_SIZE); return skb; } diff --git a/net/nfc/llcp_commands.c b/net/nfc/llcp_commands.c index e2680a3bef79..39c7c59bbf66 100644 --- a/net/nfc/llcp_commands.c +++ b/net/nfc/llcp_commands.c @@ -314,13 +314,17 @@ static struct sk_buff *llcp_allocate_pdu(struct nfc_llcp_sock *sock, u8 cmd, u16 size) { struct sk_buff *skb; - int err; + int err, headroom, tailroom; if (sock->ssap == 0) return NULL; - skb = nfc_alloc_send_skb(sock->dev, &sock->sk, MSG_DONTWAIT, - size + LLCP_HEADER_SIZE, &err); + headroom = sock->dev->tx_headroom; + tailroom = sock->dev->tx_tailroom; + + skb = nfc_alloc_send_skb(&sock->sk, MSG_DONTWAIT, + size + LLCP_HEADER_SIZE, headroom, tailroom, + &err); if (skb == NULL) { pr_err("Could not allocate PDU\n"); return NULL; @@ -734,7 +738,7 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, size_t frag_len = 0, remaining_len; u8 *msg_ptr, *msg_data; u16 remote_miu; - int err; + int err, headroom, tailroom; pr_debug("Send UI frame len %zd\n", len); @@ -751,6 +755,9 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, return -EFAULT; } + headroom = sock->dev->tx_headroom; + tailroom = sock->dev->tx_tailroom; + remaining_len = len; msg_ptr = msg_data; @@ -763,8 +770,9 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, pr_debug("Fragment %zd bytes remaining %zd", frag_len, remaining_len); - pdu = nfc_alloc_send_skb(sock->dev, &sock->sk, 0, - frag_len + LLCP_HEADER_SIZE, &err); + pdu = nfc_alloc_send_skb(&sock->sk, 0, + frag_len + LLCP_HEADER_SIZE, + headroom, tailroom, &err); if (pdu == NULL) { pr_err("Could not allocate PDU (error=%d)\n", err); len -= remaining_len; diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c index 5125392bb68e..fab1facb7105 100644 --- a/net/nfc/rawsock.c +++ b/net/nfc/rawsock.c @@ -207,7 +207,7 @@ static int rawsock_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) struct sock *sk = sock->sk; struct nfc_dev *dev = nfc_rawsock(sk)->dev; struct sk_buff *skb; - int rc; + int rc, headroom, tailroom; pr_debug("sock=%p sk=%p len=%zu\n", sock, sk, len); @@ -217,7 +217,11 @@ static int rawsock_sendmsg(struct socket *sock, struct msghdr *msg, size_t len) if (sock->state != SS_CONNECTED) return -ENOTCONN; - skb = nfc_alloc_send_skb(dev, sk, msg->msg_flags, len, &rc); + headroom = dev->tx_headroom; + tailroom = dev->tx_tailroom; + + skb = nfc_alloc_send_skb(sk, msg->msg_flags, len, headroom, tailroom, + &rc); if (skb == NULL) return rc; From patchwork Sat Nov 25 20:26:17 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siddh Raman Pant X-Patchwork-Id: 169796 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp2142489vqx; Sat, 25 Nov 2023 12:27:33 -0800 (PST) X-Google-Smtp-Source: AGHT+IEOdiouVO4S75U1TAzbiTA/GpsydjZg/Jh8wXrO//9pkpr1LXWrSmbXDtgW7S/1yvZwutmg X-Received: by 2002:a05:6a00:330a:b0:6c3:41fd:3a3e with SMTP id cq10-20020a056a00330a00b006c341fd3a3emr7296043pfb.27.1700944053085; Sat, 25 Nov 2023 12:27:33 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1700944053; cv=pass; d=google.com; s=arc-20160816; b=qvCe6YoTjgQEnwpCliSUWhqD9S6y+HJKiRONH2gnotYvkezlRb6dPAIDUuiJBK6Yh/ RoNAvMDSIcBA3gNbHDCbJn87lC/NIZTg3Bpccw7PUhMR6dWOtsFpztQjH9dCmLjkeiHc uRZQaEhVhEdc01Vi7sMBvI6Ke577cArOXCBnPZcCSgHn9rBN1EAcWpYwP7ep7i6BSwGM +vsC0PWt4v8OJyIzuj7RopEqGX05Ks0s+Q4lP7PKB0v5u/OmSgR1hWW9NEsWxB85fm67 FlGXBWcmsUv9L6lg5ONCQuZVPZtNHztjo50Y1nmLS4rT68gNLl0Nc8dhrKRyi/whbhxU gxIg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=BEgkYV/g4NVqjVg4g/pZSrbzunesAbsgXj6OKtD8qnY=; fh=XKJFm/Q3+n6z/9S33QjbNKtJHOEhhrl6nNHxAeO+AIE=; b=FZoLdzr12UB0f0gIsrHBhFUQ0JrzIOTe61kVeinbJFtWhoBaN7cjzwlOBJz4p+0lTH zgvkMsPrSP8Ddk0t8D2dtWsYkRC03eR0uC3XqA6nvBpdtPXF9IeWM46pPUXw5xMwHPrr WHMHlJoGKFbhawtKoH8aEZoBY9i6h/mNQeWQb2rTffJmYMOTs2VieNsV2kwdvJSmpnHF zcjNb+4AYExprUgfDEOfNohuGl1pfwWnlut0AW6LbT7wjO0wOMrR6m+HWosdP+h7SCfZ lQcWgsdnGQJefqRHhv+8dGfkjOQwpoYnIPxo0nIkQ7ZeI/yYEacJ0e+aXGkdbGLETzyH SPvQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@siddh.me header.s=zmail header.b=RLde9bkg; arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me dmarc=pass fromdomain=siddh.me>); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siddh.me Received: from groat.vger.email (groat.vger.email. [23.128.96.35]) by mx.google.com with ESMTPS id m1-20020a056a00080100b006cbd24b3407si6346613pfk.15.2023.11.25.12.27.32 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 25 Nov 2023 12:27:33 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) client-ip=23.128.96.35; Authentication-Results: mx.google.com; dkim=pass header.i=@siddh.me header.s=zmail header.b=RLde9bkg; arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me dmarc=pass fromdomain=siddh.me>); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.35 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siddh.me Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by groat.vger.email (Postfix) with ESMTP id 0608F806139A; Sat, 25 Nov 2023 12:27:30 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at groat.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232237AbjKYU1Q (ORCPT + 99 others); Sat, 25 Nov 2023 15:27:16 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35726 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229511AbjKYU1F (ORCPT ); Sat, 25 Nov 2023 15:27:05 -0500 Received: from sender-of-o51.zoho.in (sender-of-o51.zoho.in [103.117.158.51]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 39C0710B; Sat, 25 Nov 2023 12:27:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700943997; cv=none; d=zohomail.in; s=zohoarc; b=E8pah2PkEyu0QS7s/qU7SRkza+Lo2QrfNd8H2RvTuTTW98TFkbP0eFvnIypIW8EYd/VA6Z5IWyE6ruqwi7PEPSZa4I6w0kcpfg/N0/v7LRdAUmgFGV6V0f4bm//ZygCARLOdUILMi+x5JFocB7C1LC5GC1KmkkZjkTpJOmBQyJo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.in; s=zohoarc; t=1700943997; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=BEgkYV/g4NVqjVg4g/pZSrbzunesAbsgXj6OKtD8qnY=; b=LkK8FuB9+0K1zgJJzuOWWpy0/A6KrVm5/bB5ATAPM5D4ooYdoqfjCdvpe4iOeNRAWpH4ZN7kV6QHPsxmzMT5M+xE1VWl6+SwrsZM+FMqvUMusNOMV1+TD2LEIH2zWV7zmanP3rnmFN+mj+bOvuYq1GnVSrfyWUHrh4P9KDcVdp0= ARC-Authentication-Results: i=1; mx.zohomail.in; dkim=pass header.i=siddh.me; spf=pass smtp.mailfrom=code@siddh.me; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1700943997; s=zmail; d=siddh.me; i=code@siddh.me; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-ID:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Message-Id:Reply-To; bh=BEgkYV/g4NVqjVg4g/pZSrbzunesAbsgXj6OKtD8qnY=; b=RLde9bkgAi7h1vbXSpCfVyrbn5NIW/vzyqsmig0vjGOF7ocCwiuNI/FLKMgWdg9+ PcE6wrzCT8VrkZYMi61PSl3x9i2LQtCDAl+jr7ghPTQs55Fe1eXbbW3sk7u15pG5WQX W94W4cdUGV1j4L4DinGAyVRNxmb1iG/jXSuhU954= Received: from kampyooter.. (110.226.61.26 [110.226.61.26]) by mx.zoho.in with SMTPS id 1700943995162403.864052366456; Sun, 26 Nov 2023 01:56:35 +0530 (IST) From: Siddh Raman Pant To: Krzysztof Kozlowski , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org, syzbot+bbe84a4010eeea00982d@syzkaller.appspotmail.com Subject: [PATCH 2/4] nfc: Protect access to nfc_dev in an llcp_sock with a rwlock Date: Sun, 26 Nov 2023 01:56:17 +0530 Message-ID: <7c198c2aa08b34045b8f9e0afe3d0b3bf5802180.1700943019.git.code@siddh.me> X-Mailer: git-send-email 2.42.0 In-Reply-To: References: MIME-Version: 1.0 X-ZohoMailClient: External X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on groat.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (groat.vger.email [0.0.0.0]); Sat, 25 Nov 2023 12:27:30 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783569111216493672 X-GMAIL-MSGID: 1783569111216493672 llcp_sock_sendmsg() calls nfc_llcp_send_ui_frame(), which accesses the nfc_dev from the llcp_sock for getting the headroom and tailroom needed for skb allocation. Parallely, the nfc_dev can be freed via the nfc_unregister_device() codepath (nfc_release() being called due to the class unregister in nfc_exit()), leading to the UAF reported by Syzkaller. We have the following call tree before freeing: nfc_unregister_device() -> nfc_llcp_unregister_device() -> local_cleanup() -> nfc_llcp_socket_release() nfc_llcp_socket_release() sets the state of sockets to LLCP_CLOSED, and this is encountered necessarily before any freeing of nfc_dev. Thus, add a rwlock in struct llcp_sock to synchronize access to nfc_dev. nfc_dev in an llcp_sock will be NULLed in a write critical section when socket state has been set to closed. Thus, we can avoid the UAF by bailing out from a read critical section upon seeing NULL. Since this is repeated multiple times in nfc_llcp_socket_release(), extract the behaviour into a new function. Reported-and-tested-by: syzbot+bbe84a4010eeea00982d@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=bbe84a4010eeea00982d Signed-off-by: Siddh Raman Pant --- net/nfc/llcp.h | 1 + net/nfc/llcp_commands.c | 27 ++++++++++++++++++++++++--- net/nfc/llcp_core.c | 31 +++++++++++++++++++------------ net/nfc/llcp_sock.c | 2 ++ 4 files changed, 46 insertions(+), 15 deletions(-) diff --git a/net/nfc/llcp.h b/net/nfc/llcp.h index d8345ed57c95..800cbe8e3d6b 100644 --- a/net/nfc/llcp.h +++ b/net/nfc/llcp.h @@ -102,6 +102,7 @@ struct nfc_llcp_local { struct nfc_llcp_sock { struct sock sk; struct nfc_dev *dev; + rwlock_t rw_dev_lock; struct nfc_llcp_local *local; u32 target_idx; u32 nfc_protocol; diff --git a/net/nfc/llcp_commands.c b/net/nfc/llcp_commands.c index 39c7c59bbf66..b132830bc206 100644 --- a/net/nfc/llcp_commands.c +++ b/net/nfc/llcp_commands.c @@ -315,13 +315,24 @@ static struct sk_buff *llcp_allocate_pdu(struct nfc_llcp_sock *sock, { struct sk_buff *skb; int err, headroom, tailroom; + unsigned long irq_flags; if (sock->ssap == 0) return NULL; + read_lock_irqsave(&sock->rw_dev_lock, irq_flags); + + if (!sock->dev) { + read_unlock_irqrestore(&sock->rw_dev_lock, irq_flags); + pr_err("NFC device does not exit\n"); + return NULL; + } + headroom = sock->dev->tx_headroom; tailroom = sock->dev->tx_tailroom; + read_unlock_irqrestore(&sock->rw_dev_lock, irq_flags); + skb = nfc_alloc_send_skb(&sock->sk, MSG_DONTWAIT, size + LLCP_HEADER_SIZE, headroom, tailroom, &err); @@ -739,6 +750,7 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, u8 *msg_ptr, *msg_data; u16 remote_miu; int err, headroom, tailroom; + unsigned long irq_flags; pr_debug("Send UI frame len %zd\n", len); @@ -746,6 +758,18 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, if (local == NULL) return -ENODEV; + read_lock_irqsave(&sock->rw_dev_lock, irq_flags); + + if (!sock->dev) { + read_unlock_irqrestore(&sock->rw_dev_lock, irq_flags); + return -ENODEV; + } + + headroom = sock->dev->tx_headroom; + tailroom = sock->dev->tx_tailroom; + + read_unlock_irqrestore(&sock->rw_dev_lock, irq_flags); + msg_data = kmalloc(len, GFP_USER | __GFP_NOWARN); if (msg_data == NULL) return -ENOMEM; @@ -755,9 +779,6 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap, return -EFAULT; } - headroom = sock->dev->tx_headroom; - tailroom = sock->dev->tx_tailroom; - remaining_len = len; msg_ptr = msg_data; diff --git a/net/nfc/llcp_core.c b/net/nfc/llcp_core.c index 1dac28136e6a..a565712d7db8 100644 --- a/net/nfc/llcp_core.c +++ b/net/nfc/llcp_core.c @@ -20,6 +20,22 @@ static LIST_HEAD(llcp_devices); /* Protects llcp_devices list */ static DEFINE_SPINLOCK(llcp_devices_lock); +static inline void nfc_llcp_sock_close(struct nfc_llcp_sock *llcp_sock, int err) +{ + struct sock *sk = &llcp_sock->sk; + unsigned long irq_flags; + + if (err) + sk->sk_err = err; + + sk->sk_state = LLCP_CLOSED; + sk->sk_state_change(sk); + + write_lock_irqsave(&llcp_sock->rw_dev_lock, irq_flags); + llcp_sock->dev = NULL; + write_unlock_irqrestore(&llcp_sock->rw_dev_lock, irq_flags); +} + static void nfc_llcp_rx_skb(struct nfc_llcp_local *local, struct sk_buff *skb); void nfc_llcp_sock_link(struct llcp_sock_list *l, struct sock *sk) @@ -96,19 +112,13 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool device, nfc_llcp_accept_unlink(accept_sk); - if (err) - accept_sk->sk_err = err; - accept_sk->sk_state = LLCP_CLOSED; - accept_sk->sk_state_change(sk); + nfc_llcp_sock_close(lsk, err); bh_unlock_sock(accept_sk); } } - if (err) - sk->sk_err = err; - sk->sk_state = LLCP_CLOSED; - sk->sk_state_change(sk); + nfc_llcp_sock_close(llcp_sock, err); bh_unlock_sock(sk); @@ -130,10 +140,7 @@ static void nfc_llcp_socket_release(struct nfc_llcp_local *local, bool device, nfc_llcp_socket_purge(llcp_sock); - if (err) - sk->sk_err = err; - sk->sk_state = LLCP_CLOSED; - sk->sk_state_change(sk); + nfc_llcp_sock_close(llcp_sock, err); bh_unlock_sock(sk); diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c index 645677f84dba..ef1ab88a5e4f 100644 --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -983,6 +983,8 @@ struct sock *nfc_llcp_sock_alloc(struct socket *sock, int type, gfp_t gfp, int k sk->sk_type = type; sk->sk_destruct = llcp_sock_destruct; + rwlock_init(&llcp_sock->rw_dev_lock); + llcp_sock->ssap = 0; llcp_sock->dsap = LLCP_SAP_SDP; llcp_sock->rw = LLCP_MAX_RW + 1; From patchwork Sat Nov 25 20:26:18 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siddh Raman Pant X-Patchwork-Id: 169795 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp2142465vqx; Sat, 25 Nov 2023 12:27:31 -0800 (PST) X-Google-Smtp-Source: AGHT+IFBZFtgwDLr8FfgKouPkxgnpmtKlJ9iHParzg8XIimO22dqqqvIR2UcZr9NxjiQEjnoENvF X-Received: by 2002:a05:6a20:158b:b0:18b:985e:8035 with SMTP id h11-20020a056a20158b00b0018b985e8035mr8186781pzj.12.1700944051169; Sat, 25 Nov 2023 12:27:31 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1700944051; cv=pass; d=google.com; s=arc-20160816; b=A9y75vGbJPlEUMn7JYdW/efb6lpqixt1S8O+OqVnDZhqe4nEfsrVA+o+w5Fo/DmD1r trXDFh2FjdtPntBvsl9v2wtmMj9HWe9AsNXor/WIixsE0JYJ5T1w8DtiSAvZLGwZFWoR nvimy6RQQaIvMCswsy93JqhT7tBTkby9+qj++NRi/A8QFQv0cog7PWMT7RLB0R3+xHWY ynkcVXX2J2Y2O1ZCNzmjQyb6UU8LuyNxsPNylNbzPKcQvHxDghnuRHqpmDChuaDcH/R8 bfN1o+mupmLQOJot8Zr/g5l0eDwu8dok3EoLgRMdeaGZurQR3M3cHfxpT5wsgscXmWLt EHxg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=zRlFgAJrtEWCzZS3K60IRfSk2CnQKoHBXTn6uGX5VTg=; fh=lWFC9d7jJSiNqATg8HCbo845G0U9cpMSp26bBLEa5gM=; b=zCOajzg/tZglMJnMUCz329f+gSTGJNHF8axHCQpVls+SbQKbYf7ZIMPs4yKH4xXyrg OMepk6f/EuZ+diC4c1ppqJCmWejR9JPEo4yr0xu0lTaWlOqtQp9LtqxE+Cxi2KJmfcr2 xZTdl3KvUh6Kj3wSfI/+44po6luCfwLjqwVVGepZyV7Fd+DXBgUEloGBLOQ3dNLzk0zY BTjIP4jRlk8oh+tvjcygOWsa5ZS1IO7jyVJUcFpOlewIRNfTfomwo1rcwnZz4Fkw9T1k Y4Sk7LQ/80mYqLocKk5jzUbe6ixst+VeZw+uMVk1C81KIa4/8jMStLu4Ui3Ou3CSMw0E kytw== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@siddh.me header.s=zmail header.b=AY+2kf2S; arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me dmarc=pass fromdomain=siddh.me>); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siddh.me Received: from fry.vger.email (fry.vger.email. [2620:137:e000::3:8]) by mx.google.com with ESMTPS id oc3-20020a17090b1c0300b002859a20ecc3si3583247pjb.138.2023.11.25.12.27.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 25 Nov 2023 12:27:31 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) client-ip=2620:137:e000::3:8; Authentication-Results: mx.google.com; dkim=pass header.i=@siddh.me header.s=zmail header.b=AY+2kf2S; arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me dmarc=pass fromdomain=siddh.me>); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:8 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siddh.me Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by fry.vger.email (Postfix) with ESMTP id E37668096881; Sat, 25 Nov 2023 12:27:25 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at fry.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229804AbjKYU1H (ORCPT + 99 others); Sat, 25 Nov 2023 15:27:07 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35712 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229505AbjKYU1F (ORCPT ); Sat, 25 Nov 2023 15:27:05 -0500 Received: from sender-of-o51.zoho.in (sender-of-o51.zoho.in [103.117.158.51]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 79D38119; Sat, 25 Nov 2023 12:27:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700943997; cv=none; d=zohomail.in; s=zohoarc; b=dqsZItpanhNpUQhMs5iWna0XZrthWxu22M1e+Vhd1fiZ5ekGGfU8EXJtccoXEY1cp8HDLYnj+4F1UZ7f6sRuJsveD7q+hbYkTUUTZGS+LEwqT5MkZn2gnC+pgSJaLAkfyhNAw3JBM09OTrIhk2+XFpZY30ZL5+5CkI7sMtW0gHo= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.in; s=zohoarc; t=1700943997; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=zRlFgAJrtEWCzZS3K60IRfSk2CnQKoHBXTn6uGX5VTg=; b=ZoRGS+zGGPM3gYlAP5ciNLZ3GR0vOtkq3y6UzaH0n5pTnUBLYczkvPhC8QSgLwsk8R0l/lBfR/GZjoIWPu+vDOaRyGWXZfdN8KPN7whoKC9jD6siLLBECx/z4/mydkSEAq7H8yXLf4H5chnIVOSdTbMCh2xf23EuRKngPjkqc14= ARC-Authentication-Results: i=1; mx.zohomail.in; dkim=pass header.i=siddh.me; spf=pass smtp.mailfrom=code@siddh.me; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1700943997; s=zmail; d=siddh.me; i=code@siddh.me; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-ID:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Message-Id:Reply-To; bh=zRlFgAJrtEWCzZS3K60IRfSk2CnQKoHBXTn6uGX5VTg=; b=AY+2kf2SDxD9sh2zXy27svfV+rJHAtS9zqCRP72MnjNRYAbEGViY2TKp/tRym9/Z nkMOXC986gaW8bpRP6D7+ZHirvEkRuEdyeJ8c0hRdpmrUj4dvv7tfEArJXjMeAjPf8i 3iXJcHNITq6uVFkB0TME/9NQawWby3R4ZG46dvFo= Received: from kampyooter.. (110.226.61.26 [110.226.61.26]) by mx.zoho.in with SMTPS id 1700943995667656.7460159615724; Sun, 26 Nov 2023 01:56:35 +0530 (IST) From: Siddh Raman Pant To: Krzysztof Kozlowski , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 3/4] nfc: Do not send datagram if socket state isn't LLCP_BOUND Date: Sun, 26 Nov 2023 01:56:18 +0530 Message-ID: X-Mailer: git-send-email 2.42.0 In-Reply-To: References: MIME-Version: 1.0 X-ZohoMailClient: External X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on fry.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (fry.vger.email [0.0.0.0]); Sat, 25 Nov 2023 12:27:26 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783569109388797357 X-GMAIL-MSGID: 1783569109388797357 As we know we cannot send the datagram (state can be set to LLCP_CLOSED by nfc_llcp_socket_release()), there is no need to proceed further. Thus, bail out early from llcp_sock_sendmsg(). Signed-off-by: Siddh Raman Pant Reviewed-by: Krzysztof Kozlowski --- net/nfc/llcp_sock.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c index ef1ab88a5e4f..603f2219b62f 100644 --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -796,6 +796,11 @@ static int llcp_sock_sendmsg(struct socket *sock, struct msghdr *msg, } if (sk->sk_type == SOCK_DGRAM) { + if (sk->sk_state != LLCP_BOUND) { + release_sock(sk); + return -ENOTCONN; + } + DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr, msg->msg_name); From patchwork Sat Nov 25 20:26:19 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Siddh Raman Pant X-Patchwork-Id: 169797 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a59:ce62:0:b0:403:3b70:6f57 with SMTP id o2csp2142524vqx; Sat, 25 Nov 2023 12:27:38 -0800 (PST) X-Google-Smtp-Source: AGHT+IFd6VVfs4GB8oCL/w8Zv1DhGoDqeSzUz4vuP/4rphOw/72x3HUcllguiToaDa5JBmxZSPof X-Received: by 2002:a17:902:c10c:b0:1cf:7cfc:c39b with SMTP id 12-20020a170902c10c00b001cf7cfcc39bmr9094316pli.7.1700944058451; Sat, 25 Nov 2023 12:27:38 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1700944058; cv=pass; d=google.com; s=arc-20160816; b=ncgU1rWlFED+HfLQtacgbAX1025K3+YRucs3c6N1I56A5fFEgR+VI4P9d2CG6MRJsn EntNw6DXoVQBPBKzZj0N4z/XGFocao41/nXWMb7qVo2SNyirhShkhYLd8XdJjfNqLsYb HCv/zfHwz/hJE8TiulDIt4mZlz347pGqWW5TPKlu99+y38/MA3zeObMqklTW32G/5f9Y jWsxigR/gSfpP+ViEhbg/byQg+7kJvmusem5eQgLqk7vStUOMBYWPcPX+fJ/Ove0y2Ym owiShuUAcFqwasZxZceZidFTIf/LBGXpYG3QB6Wer7tAGXFg9+saY96g+J8zXiN7kdA/ pxAQ== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from :dkim-signature; bh=jokTckctzJGZx54kn2OoTfaUts6J5fPPiEFPTgkvFQU=; fh=lWFC9d7jJSiNqATg8HCbo845G0U9cpMSp26bBLEa5gM=; b=j02Xh3zAyLrh7uLw8v+FLAVElUGosI6/FUx1tGHnix3dK84bP329WoW8vKFjjb69bZ mNrkZXl1pmK1wCZUZKT9Vsvc1OTm5/YCrm1SZBNB05Y2WxHz0BYIHvKD+P3TOzLmOf/F lkNn/Sac/IFNu4Kfq//Q/cDP+xDoXs7Qh3b5Nj9fWqFWgeyTXBJ7wRRHLtMZOKfu0Ork sXotAW9dxc9s7Qty+56JYt8VFBxfaUuw8juUUZ3aqqzWKMGs+71cbSEuz4ogUuEQ4LJH o30WIxMwvRbTXzKuCssSr4KwiFalALhS+Y9X4hSdmMhWik78NhmXfT/qRN4bdk+TNA8z r9KQ== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@siddh.me header.s=zmail header.b=aDWr574r; arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me dmarc=pass fromdomain=siddh.me>); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siddh.me Received: from howler.vger.email (howler.vger.email. [23.128.96.34]) by mx.google.com with ESMTPS id k2-20020a170902ce0200b001bdc10170casi6705098plg.36.2023.11.25.12.27.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sat, 25 Nov 2023 12:27:38 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) client-ip=23.128.96.34; Authentication-Results: mx.google.com; dkim=pass header.i=@siddh.me header.s=zmail header.b=aDWr574r; arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me dmarc=pass fromdomain=siddh.me>); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.34 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siddh.me Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id BEBA8801E0FE; Sat, 25 Nov 2023 12:27:35 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229989AbjKYU1K (ORCPT + 99 others); Sat, 25 Nov 2023 15:27:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:35706 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229507AbjKYU1F (ORCPT ); Sat, 25 Nov 2023 15:27:05 -0500 Received: from sender-of-o51.zoho.in (sender-of-o51.zoho.in [103.117.158.51]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4B582110; Sat, 25 Nov 2023 12:27:08 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1700943997; cv=none; d=zohomail.in; s=zohoarc; b=CG/6YhYXSiA5o5lvnsjgbz7aLpPRNl4YXm976la8f/2GIZvRCRzdhQb2f4dKW/TT/QNVQaG5auUOiW0MNHU3dIXOfP1xzLahWzQ1BGH6e1E9FL3uJ49uwfJXBNdeLJ3kLLZnfMgDO985BxpQQk6v95aS/gcjB0FniKVyYcaxTWU= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.in; s=zohoarc; t=1700943997; h=Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=jokTckctzJGZx54kn2OoTfaUts6J5fPPiEFPTgkvFQU=; b=P7LvR7B5qeEGzTC+VoxGb//U+UGwUXPt4R7tYkjO9TwhGl/uQAu87JPGOadm6DIYmqBzd8OG++Tv27oWUrCpVhihB0PbXC/s6qJ4lGOQK3y6lMMKGaMBUaOoM9qoMmWvqkqlMyeS083z02Z3eNVpVR+O1jqSK5+NzhFHoL2OLWg= ARC-Authentication-Results: i=1; mx.zohomail.in; dkim=pass header.i=siddh.me; spf=pass smtp.mailfrom=code@siddh.me; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1700943997; s=zmail; d=siddh.me; i=code@siddh.me; h=From:From:To:To:Cc:Cc:Subject:Subject:Date:Date:Message-ID:In-Reply-To:References:MIME-Version:Content-Transfer-Encoding:Message-Id:Reply-To; bh=jokTckctzJGZx54kn2OoTfaUts6J5fPPiEFPTgkvFQU=; b=aDWr574rrke4JA3n2T/oeX65rRJaWiCazf5v/whS1uwzqo7U6qyXXk28tmoNPI9Q lpTlK02r6wV1f5BkhKTouF+Ae+DLCwPVn4EnNxOMh5plyBRoNAZLKFm59OPQUzOs5/E YacV251mdlRVJQx+A/bz0yu8+Q+5Ckxaw0nVbUK4= Received: from kampyooter.. (110.226.61.26 [110.226.61.26]) by mx.zoho.in with SMTPS id 1700943996154743.8918060401706; Sun, 26 Nov 2023 01:56:36 +0530 (IST) From: Siddh Raman Pant To: Krzysztof Kozlowski , "David S. Miller" , Eric Dumazet , Jakub Kicinski , Paolo Abeni Cc: netdev@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH 4/4] nfc: llcp_sock_sendmsg: Reformat code to make the smaller block indented Date: Sun, 26 Nov 2023 01:56:19 +0530 Message-ID: X-Mailer: git-send-email 2.42.0 In-Reply-To: References: MIME-Version: 1.0 X-ZohoMailClient: External X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Sat, 25 Nov 2023 12:27:35 -0800 (PST) X-getmail-retrieved-from-mailbox: INBOX X-GMAIL-THRID: 1783569117392724903 X-GMAIL-MSGID: 1783569117392724903 The block for datagram sending is a significantly bigger chunk of the function compared to the other scenario. Thus, put the significantly smaller block inside the if-block. Signed-off-by: Siddh Raman Pant --- net/nfc/llcp_sock.c | 32 +++++++++++++++----------------- 1 file changed, 15 insertions(+), 17 deletions(-) diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c index 603f2219b62f..3f1a39e54aa1 100644 --- a/net/nfc/llcp_sock.c +++ b/net/nfc/llcp_sock.c @@ -795,34 +795,32 @@ static int llcp_sock_sendmsg(struct socket *sock, struct msghdr *msg, return -ENODEV; } - if (sk->sk_type == SOCK_DGRAM) { - if (sk->sk_state != LLCP_BOUND) { - release_sock(sk); - return -ENOTCONN; - } + if (sk->sk_type != SOCK_DGRAM) { + release_sock(sk); - DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr, - msg->msg_name); + if (sk->sk_state != LLCP_CONNECTED) + return -ENOTCONN; - if (msg->msg_namelen < sizeof(*addr)) { - release_sock(sk); - return -EINVAL; - } + return nfc_llcp_send_i_frame(llcp_sock, msg, len); + } + if (sk->sk_state != LLCP_BOUND) { release_sock(sk); - - return nfc_llcp_send_ui_frame(llcp_sock, addr->dsap, addr->ssap, - msg, len); + return -ENOTCONN; } - if (sk->sk_state != LLCP_CONNECTED) { + DECLARE_SOCKADDR(struct sockaddr_nfc_llcp *, addr, msg->msg_name); + + if (msg->msg_namelen < sizeof(*addr)) { release_sock(sk); - return -ENOTCONN; + return -EINVAL; } release_sock(sk); - return nfc_llcp_send_i_frame(llcp_sock, msg, len); + return nfc_llcp_send_ui_frame(llcp_sock, addr->dsap, addr->ssap, + msg, len); + } static int llcp_sock_recvmsg(struct socket *sock, struct msghdr *msg,