From patchwork Wed Nov 16 08:16:40 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 20785 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp22508wru; Wed, 16 Nov 2022 00:26:17 -0800 (PST) X-Google-Smtp-Source: AA0mqf6UNrGwlNgJar4sgH3BV5EPMmm9zCuTJhjtr2F3k62YDXij7gjEqt5UwGnSPo8DDGJcDjYW X-Received: by 2002:a17:90b:3944:b0:214:1df0:fe53 with SMTP id oe4-20020a17090b394400b002141df0fe53mr2506062pjb.214.1668587177288; Wed, 16 Nov 2022 00:26:17 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668587177; cv=none; d=google.com; s=arc-20160816; b=EsiKdIFelLoJXvSxh7ioU8TTzAdZRKJtCUNqPO9pD/8b4qhD4l47XYauHOj+AMt8OM G4fMyHy9l2Ro2D94JQvTl+BPT8Hzq4e2ig5F2hPNn4dH+1hDkM3mH04sR9LwOEWP9pKj uQD3uUPSqn3jxYrbu4+YN33D+v/c/4Xty8VDcAux7tsxtKcGZ4idaNrQRO6UnAa1oY22 JLvDTTsr6RUvgcJUzQ7+lRginfpC6j7CVN3hWu3BAMnjuqrOsf9oyxqr7yyhlgz+EVgQ qWg1I4VTq165Aqe0jxXQOyMptfPXao+xiknNtpAQkqf1QAS8anU4xKApeA6uASQsc2ww yngg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:cc:to:from :subject:organization:dkim-signature; bh=i9d1x3IOEClUC0qavYogMQagsbboIJFcHLUHadOyzrg=; b=IR8yRBHsr45tj9eXkHXeBnIJpkP/U/zViEhi8UlbvN8er2tnzVzqpfJYEXb2wusBCL 3zvjWMXTD5KfAofmu1P07ZBJelKY9cW+pqXyDFSDt1gAZmWGclq/Oc0Bmya3gUwoK/cV vTshfuTkotOD8PCbQF7YIzLWvfyBhbJwCa1zDdgd6srypODQml1dlmkKhGBhvktNZDvF SIVmOMUc3L7R+WlVtNT51FFDPFqLs+WjM/9cmoNM3rugAh418l0cqYgTexaydMfRy1DB HwxXAf1/mhL7cegUN7bdfOR8KAXPW+h0/LGaOxAAx+Bmk/7w9osebq2vn/VPZye21Be8 QsNA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=fXIcC0xN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id f12-20020a170902ce8c00b001769b63ec65si16796731plg.483.2022.11.16.00.26.03; Wed, 16 Nov 2022 00:26:17 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=fXIcC0xN; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S232170AbiKPISK (ORCPT + 99 others); Wed, 16 Nov 2022 03:18:10 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51278 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S237857AbiKPIRo (ORCPT ); Wed, 16 Nov 2022 03:17:44 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id B5293BBA for ; Wed, 16 Nov 2022 00:16:46 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1668586606; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=i9d1x3IOEClUC0qavYogMQagsbboIJFcHLUHadOyzrg=; b=fXIcC0xNySq2teBggHM6rgpolIYY/cT4qBRksiZf8ZCUFSKWU7Vo60EuW6mRndojpal043 K8SgSNWjAKIjKZ5CdggrzYi+WDeG/fKuJsAlR980VPXImjY4H1vC4EOuOEigTaXTU6m4TR rYcrDzJuqrKjgx+f7/nJHG744qBpays= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-407-wIQBQWIKOBG1HOOwGEY4Aw-1; Wed, 16 Nov 2022 03:16:44 -0500 X-MC-Unique: wIQBQWIKOBG1HOOwGEY4Aw-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 25AF8381494B; Wed, 16 Nov 2022 08:16:44 +0000 (UTC) Received: from warthog.procyon.org.uk (unknown [10.33.36.24]) by smtp.corp.redhat.com (Postfix) with ESMTP id 9A20E140EBF3; Wed, 16 Nov 2022 08:16:43 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH net-next 1/3] rxrpc: Fix missing IPV6 #ifdef From: David Howells To: netdev@vger.kernel.org Cc: dhowells@redhat.com, linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org Date: Wed, 16 Nov 2022 08:16:40 +0000 Message-ID: <166858660085.2154965.8163437106785496427.stgit@warthog.procyon.org.uk> In-Reply-To: <166858659236.2154965.18023032361364343888.stgit@warthog.procyon.org.uk> References: <166858659236.2154965.18023032361364343888.stgit@warthog.procyon.org.uk> User-Agent: StGit/1.5 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749640467764972778?= X-GMAIL-MSGID: =?utf-8?q?1749640467764972778?= Fix rxrpc_encap_err_rcv() to make the call to ipv6_icmp_error conditional on IPV6 support being enabled. Fixes: b6c66c4324e7 ("rxrpc: Use the core ICMP/ICMP6 parsers") Reported-by: kernel test robot Signed-off-by: David Howells cc: Marc Dionne cc: linux-afs@lists.infradead.org cc: netdev@vger.kernel.org --- net/rxrpc/local_object.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/net/rxrpc/local_object.c b/net/rxrpc/local_object.c index a178f71e5082..a943fdf91e24 100644 --- a/net/rxrpc/local_object.c +++ b/net/rxrpc/local_object.c @@ -33,7 +33,8 @@ static void rxrpc_encap_err_rcv(struct sock *sk, struct sk_buff *skb, int err, { if (ip_hdr(skb)->version == IPVERSION) return ip_icmp_error(sk, skb, err, port, info, payload); - return ipv6_icmp_error(sk, skb, err, port, info, payload); + if (IS_ENABLED(CONFIG_AF_RXRPC_IPV6)) + return ipv6_icmp_error(sk, skb, err, port, info, payload); } /* From patchwork Wed Nov 16 08:16:49 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 20786 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp22593wru; Wed, 16 Nov 2022 00:26:39 -0800 (PST) X-Google-Smtp-Source: AA0mqf6zqOCSM+80p1Enw+MEBSAyi0zEtCKfPczKrOVVXF0W+pYp7Bcph3XUqYTWzmrpg6+/cqjz X-Received: by 2002:a17:903:120a:b0:186:9849:5c1a with SMTP id l10-20020a170903120a00b0018698495c1amr7910272plh.110.1668587199315; Wed, 16 Nov 2022 00:26:39 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668587199; cv=none; d=google.com; s=arc-20160816; b=dXdvtSKCzrMnBuF5iF893J3R3mcJWxmYBvN3FEEpQ8Y4z9juBYsVX70hd4XonMYM97 tGoq17RgDJeEOeUfsjIcYUQx8ElHaHlO350pVrR+SRYTQ4zcYLNzaFcIKRwMWTNeUBqQ h2t5nMR1RQ/5J4zeuwcFJnpYdSHu2bGIOX5ENVOaJngF7sCb1BoyHXOfYbBy4lwiDnSD j4+23OHBDtmuFGBtrjo/VGGSoi536gUDPgRbdoe6LHtUWJ4zqGoreRNpA5PYzPDFJTWP DIXqSpFVIcOqw9Oq+pqehL09CVr6U5ZZ+Gsq6VWZ/DqrHBjM7GLZPp1wA55GPlavMc+0 o4Lw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:cc:to:from :subject:organization:dkim-signature; bh=UjChVR3JL0IE4M+ycBoVPEnLs7suZyUWAlBSRhFsres=; b=ikGG5KkoyzD8AyBbFHa6MSrES3WMgRjcoCqxig0rjsDBaE6e8g6aORnr/WSSJX2G4i VPN11zK9Sqv9pq6PS9QnNB+Jhs571edQJcZ77Nuh84j9gdVvJodZzNDs2BSFA3f98hOP Im+Nx4L1z22VzgwsZRF1hba0xG5SQPGqo7JVG+ToB9J+6jmSNezIL7BzZYJvwbBj0hUz sWkeYwqFv+rZpoLSQYsphEdyPR1u/qAKCtZCkpmYfFU/baRGQIkWXsP2+IipZCt9wJsW OwnvhA6bdAUgq4m6w0LDB8zDGcIalhls4bLAU2cjPSflwh8nSrusy2guTuUv1ePLfSsp KXVA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=BNnYwN8Y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id h63-20020a638342000000b00476f101ef48si482259pge.7.2022.11.16.00.26.26; Wed, 16 Nov 2022 00:26:39 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=BNnYwN8Y; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S238792AbiKPITE (ORCPT + 99 others); Wed, 16 Nov 2022 03:19:04 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51478 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232115AbiKPISN (ORCPT ); Wed, 16 Nov 2022 03:18:13 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 07A6A60CF for ; Wed, 16 Nov 2022 00:17:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1668586631; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=UjChVR3JL0IE4M+ycBoVPEnLs7suZyUWAlBSRhFsres=; b=BNnYwN8YyQ0KHG+vz0+XxJuR3w8BsmMCg9QQV9D/M4H3NVBtXRQ0gV+ZOiINFqnWRA3JYi tBosOIPbzzARekDPVTesTdJvq8Zg2de8+ci1gq9RZffchirJ5aRUNk5fctT5y741ILuyDp sy+7GUPbImhSNAw48oxWg8NsfTjgVgA= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-389-D4sxpjaUPC-sqN_MCLADiw-1; Wed, 16 Nov 2022 03:16:52 -0500 X-MC-Unique: D4sxpjaUPC-sqN_MCLADiw-1 Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.rdu2.redhat.com [10.11.54.1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 911C9101A528; Wed, 16 Nov 2022 08:16:52 +0000 (UTC) Received: from warthog.procyon.org.uk (unknown [10.33.36.24]) by smtp.corp.redhat.com (Postfix) with ESMTP id 1088140C2086; Wed, 16 Nov 2022 08:16:51 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH net-next 2/3] rxrpc: Fix oops from calling udpv6_sendmsg() on AF_INET socket From: David Howells To: netdev@vger.kernel.org Cc: dhowells@redhat.com, linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org Date: Wed, 16 Nov 2022 08:16:49 +0000 Message-ID: <166858660930.2154965.8554587152080422824.stgit@warthog.procyon.org.uk> In-Reply-To: <166858659236.2154965.18023032361364343888.stgit@warthog.procyon.org.uk> References: <166858659236.2154965.18023032361364343888.stgit@warthog.procyon.org.uk> User-Agent: StGit/1.5 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.1 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749640490796500654?= X-GMAIL-MSGID: =?utf-8?q?1749640490796500654?= If rxrpc sees an IPv6 address, it assumes it can call udpv6_sendmsg() on it - even if it got it on an IPv4 socket. Fix do_udp_sendmsg() to give an error in such a case. general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000000-0x0000000000000007] ... RIP: 0010:ipv6_addr_v4mapped include/net/ipv6.h:749 [inline] RIP: 0010:udpv6_sendmsg+0xd0a/0x2c70 net/ipv6/udp.c:1361 ... Call Trace: do_udp_sendmsg net/rxrpc/output.c:27 [inline] do_udp_sendmsg net/rxrpc/output.c:21 [inline] rxrpc_send_abort_packet+0x73b/0x860 net/rxrpc/output.c:367 rxrpc_release_calls_on_socket+0x211/0x300 net/rxrpc/call_object.c:595 rxrpc_release_sock net/rxrpc/af_rxrpc.c:886 [inline] rxrpc_release+0x263/0x5a0 net/rxrpc/af_rxrpc.c:917 __sock_release+0xcd/0x280 net/socket.c:650 sock_close+0x18/0x20 net/socket.c:1365 __fput+0x27c/0xa90 fs/file_table.c:320 task_work_run+0x16b/0x270 kernel/task_work.c:179 exit_task_work include/linux/task_work.h:38 [inline] do_exit+0xb35/0x2a20 kernel/exit.c:820 do_group_exit+0xd0/0x2a0 kernel/exit.c:950 __do_sys_exit_group kernel/exit.c:961 [inline] __se_sys_exit_group kernel/exit.c:959 [inline] __x64_sys_exit_group+0x3a/0x50 kernel/exit.c:959 Fixes: ed472b0c8783 ("rxrpc: Call udp_sendmsg() directly") Reported-by: Eric Dumazet Suggested-by: Eric Dumazet Signed-off-by: David Howells cc: Marc Dionne cc: linux-afs@lists.infradead.org --- net/rxrpc/output.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/net/rxrpc/output.c b/net/rxrpc/output.c index 46432e70a16b..a2fe1a262f8a 100644 --- a/net/rxrpc/output.c +++ b/net/rxrpc/output.c @@ -18,15 +18,21 @@ extern int udpv6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len); -static ssize_t do_udp_sendmsg(struct socket *sk, struct msghdr *msg, size_t len) +static ssize_t do_udp_sendmsg(struct socket *socket, struct msghdr *msg, size_t len) { -#if IS_ENABLED(CONFIG_AF_RXRPC_IPV6) struct sockaddr *sa = msg->msg_name; + struct sock *sk = socket->sk; - if (sa->sa_family == AF_INET6) - return udpv6_sendmsg(sk->sk, msg, len); -#endif - return udp_sendmsg(sk->sk, msg, len); + if (IS_ENABLED(CONFIG_AF_RXRPC_IPV6)) { + if (sa->sa_family == AF_INET6) { + if (sk->sk_family != AF_INET6) { + pr_warn("AF_INET6 address on AF_INET socket\n"); + return -ENOPROTOOPT; + } + return udpv6_sendmsg(sk, msg, len); + } + } + return udp_sendmsg(sk, msg, len); } struct rxrpc_abort_buffer { From patchwork Wed Nov 16 08:16:57 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Howells X-Patchwork-Id: 20787 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:a5d:6687:0:0:0:0:0 with SMTP id l7csp22611wru; Wed, 16 Nov 2022 00:26:43 -0800 (PST) X-Google-Smtp-Source: AA0mqf4GXHWoL5CYxdlR4//T3CeyPx5BSzuhLLN9DKHHcVNOzbNpk8u9Jt+2yRqp5iJsVKOGyOny X-Received: by 2002:aa7:d58b:0:b0:468:4c9a:7c6c with SMTP id r11-20020aa7d58b000000b004684c9a7c6cmr4804413edq.397.1668587203244; Wed, 16 Nov 2022 00:26:43 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1668587203; cv=none; d=google.com; s=arc-20160816; b=o/uXR1aOjPTD448ix9XKmYu9k7FY81Fkhw+dkxSJzqG31N90Hl4RsWaLljXXnWuRGH IIYtWKL0DEhyBvqDCZ61yyiVbRYu18ZZwFeXYTZiZcg8Zf6bSn2de3bu63WjxzhfavKy QEcaRvfNl84GvGEQNHM+iPc1kCP/TRdKuhgVRzY5Oe3NolN+JCmhojTnmtcQXxxUTvjk lrShkUJWIp6NupSAwXgJe9gdGGe+NB6dolBXV+OxcK/YPNZCvtHrX6ODNG7Uw1HJgqig f02GFdMHBiT2pwHXxg44xtZtQTqRJAKTTG6WF7eqX/xo70NcC1a9PKc1SAKZoyUalXEP kc8g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:cc:to:from :subject:organization:dkim-signature; bh=4FUxSmniLD14VLHoPL3KFajG/AKabia6aRRvo1/Xox4=; b=OlQ2LWhCij3B8Gj9Oz+3oEUbJWQb69UhgYB9T2ejqa8tvt0uFHCY28Tu3c7xmBTWAN fI2wub8MEGue13Ov3hF0QKTJSnG03wa6whhQ3pSfwxR27Mq3SridtmKpRiXq4KARBhL+ 1vhTgTjLsg5+MVfqS4srYLb7UcE4B0++J705U/2AOmeqtwFdUxe/Y2lKy+LeDYntzvj2 /DRSLVRBEWhI+oObd83oa6xyGStjSvyI4mbmmfr9m5LKPml8NASS9sqygerOPYskcNoW 4uu/DRJ9qYHG7g21uV+nZwpG75mqSYVyfKGovxQpnO24tblFMsvJFnBq0jL0u4rq09Ox vt8A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=hQpcj5Xj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id sa7-20020a1709076d0700b00780636887fesi13745690ejc.797.2022.11.16.00.26.19; Wed, 16 Nov 2022 00:26:43 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@redhat.com header.s=mimecast20190719 header.b=hQpcj5Xj; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233014AbiKPISq (ORCPT + 99 others); Wed, 16 Nov 2022 03:18:46 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:51378 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S238650AbiKPISG (ORCPT ); Wed, 16 Nov 2022 03:18:06 -0500 Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 158662652 for ; Wed, 16 Nov 2022 00:17:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1668586626; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=4FUxSmniLD14VLHoPL3KFajG/AKabia6aRRvo1/Xox4=; b=hQpcj5Xj5bhq8p76i5OCbYNXq7y71gPXjvPmB1cfBfE4+stADiCEUHbjaYwWEArb/OhCpQ eai8ODoUXAWBJCFiLX4Grx9n7CxXGs4I0LkJ/hS94qQroOMVJGMVH2nfARmSpoBg8nE0t9 9Q+FGvFYLGO7tQbyF3FhhH4jo3qmsjQ= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-635-D9a8XzmmPfG5YNHHKLdqnA-1; Wed, 16 Nov 2022 03:17:03 -0500 X-MC-Unique: D9a8XzmmPfG5YNHHKLdqnA-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com [10.11.54.8]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6162C3C10ED2; Wed, 16 Nov 2022 08:17:01 +0000 (UTC) Received: from warthog.procyon.org.uk (unknown [10.33.36.24]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7D559C1912A; Wed, 16 Nov 2022 08:17:00 +0000 (UTC) Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United Kingdom. Registered in England and Wales under Company Registration No. 3798903 Subject: [PATCH net-next 3/3] rxrpc: Fix network address validation From: David Howells To: netdev@vger.kernel.org Cc: dhowells@redhat.com, linux-afs@lists.infradead.org, linux-kernel@vger.kernel.org Date: Wed, 16 Nov 2022 08:16:57 +0000 Message-ID: <166858661773.2154965.17789493627949980987.stgit@warthog.procyon.org.uk> In-Reply-To: <166858659236.2154965.18023032361364343888.stgit@warthog.procyon.org.uk> References: <166858659236.2154965.18023032361364343888.stgit@warthog.procyon.org.uk> User-Agent: StGit/1.5 MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8 X-Spam-Status: No, score=-2.1 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1749640495256707766?= X-GMAIL-MSGID: =?utf-8?q?1749640495256707766?= Fix network address validation on entry to uapi functions such as connect() for AF_RXRPC. The check for address compatibility with the transport socket isn't correct and allows an AF_INET6 address to be given to an AF_INET socket, resulting in an oops now that rxrpc is calling udp_sendmsg() directly. Sample program: #define _GNU_SOURCE #include #include #include #include #include static unsigned char ctrl[256] = "\x18\x00\x00\x00\x00\x00\x00\x00\x10\x01\x00\x00\x01"; int main(void) { struct sockaddr_rxrpc srx = { .srx_family = AF_RXRPC, .transport_type = SOCK_DGRAM, .transport_len = 28, .transport.sin6.sin6_family = AF_INET6, }; struct mmsghdr vec = { .msg_hdr.msg_control = ctrl, .msg_hdr.msg_controllen = 0x18, }; int s; s = socket(AF_RXRPC, SOCK_DGRAM, AF_INET); if (s < 0) { perror("socket"); exit(1); } if (connect(s, (struct sockaddr *)&srx, sizeof(srx)) < 0) { perror("connect"); exit(1); } if (sendmmsg(s, &vec, 1, MSG_NOSIGNAL | MSG_MORE) < 0) { perror("sendmmsg"); exit(1); } return 0; } If working properly, connect() should fail with EAFNOSUPPORT. Fixes: ed472b0c8783 ("rxrpc: Call udp_sendmsg() directly") Reported-by: Eric Dumazet Signed-off-by: David Howells cc: Marc Dionne cc: linux-afs@lists.infradead.org --- net/rxrpc/af_rxrpc.c | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c index 2f3991cf8715..aacdd96a9886 100644 --- a/net/rxrpc/af_rxrpc.c +++ b/net/rxrpc/af_rxrpc.c @@ -93,12 +93,11 @@ static int rxrpc_validate_address(struct rxrpc_sock *rx, srx->transport_len > len) return -EINVAL; - if (srx->transport.family != rx->family && - srx->transport.family == AF_INET && rx->family != AF_INET6) - return -EAFNOSUPPORT; - switch (srx->transport.family) { case AF_INET: + if (rx->family != AF_INET && + rx->family != AF_INET6) + return -EAFNOSUPPORT; if (srx->transport_len < sizeof(struct sockaddr_in)) return -EINVAL; tail = offsetof(struct sockaddr_rxrpc, transport.sin.__pad); @@ -106,6 +105,8 @@ static int rxrpc_validate_address(struct rxrpc_sock *rx, #ifdef CONFIG_AF_RXRPC_IPV6 case AF_INET6: + if (rx->family != AF_INET6) + return -EAFNOSUPPORT; if (srx->transport_len < sizeof(struct sockaddr_in6)) return -EINVAL; tail = offsetof(struct sockaddr_rxrpc, transport) +