[RFC,3/5] rtnetlink: do_setlink: Use sockaddr_storage

Message ID	20241104222513.3469025-3-kees@kernel.org (mailing list archive)
State	New
Headers	show Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id D4A8E1FCF4D; Mon, 4 Nov 2024 22:25:16 +0000 (UTC) From: Kees Cook <kees@kernel.org> To: Jakub Kicinski <kuba@kernel.org> Cc: Kees Cook <kees@kernel.org>, linux-kernel@vger.kernel.org, netdev@vger.kernel.org, linux-hardening@vger.kernel.org Subject: [PATCH RFC 3/5] rtnetlink: do_setlink: Use sockaddr_storage Date: Mon, 4 Nov 2024 14:25:05 -0800 Message-Id: <20241104222513.3469025-3-kees@kernel.org> In-Reply-To: <20241104221450.work.053-kees@kernel.org> References: <20241104221450.work.053-kees@kernel.org> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	sockaddr usage removal \| expand [RFC,0/5] sockaddr usage removal [RFC,1/5] Revert "net: dev: Convert sa_data to flexible array in struct sockaddr" [RFC,2/5] net: core: dev.c confirmed to use classic sockaddr [RFC,3/5] rtnetlink: do_setlink: Use sockaddr_storage [RFC,4/5] net: core: Convert inet_addr_is_any() to sockaddr_storage [RFC,5/5] net: Convert proto_ops::getname to sockaddr_storage

Message ID

20241104222513.3469025-3-kees@kernel.org (mailing list archive)

State

New

Headers

From: Kees Cook <kees@kernel.org>
To: Jakub Kicinski <kuba@kernel.org>
Cc: Kees Cook <kees@kernel.org>,
	linux-kernel@vger.kernel.org,
	netdev@vger.kernel.org,
	linux-hardening@vger.kernel.org
Subject: [PATCH RFC 3/5] rtnetlink: do_setlink: Use sockaddr_storage
Date: Mon,  4 Nov 2024 14:25:05 -0800
Message-Id: <20241104222513.3469025-3-kees@kernel.org>
In-Reply-To: <20241104221450.work.053-kees@kernel.org>
References: <20241104221450.work.053-kees@kernel.org>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

sockaddr usage removal | expand

Commit Message

Kees Cook Nov. 4, 2024, 10:25 p.m. UTC

Instead of a heap allocation use a stack allocated sockaddr_storage to
support arbitrary length addr_len value (but bounds check it against the
maximum address length).

Signed-off-by: Kees Cook <kees@kernel.org>
---
 net/core/rtnetlink.c | 12 ++++--------
 1 file changed, 4 insertions(+), 8 deletions(-)

Comments

Eric Dumazet Nov. 5, 2024, 10:59 a.m. UTC | #1

On 11/4/24 11:25 PM, Kees Cook wrote:
> Instead of a heap allocation use a stack allocated sockaddr_storage to
> support arbitrary length addr_len value (but bounds check it against the
> maximum address length).
>
> Signed-off-by: Kees Cook <kees@kernel.org>
> ---
>   net/core/rtnetlink.c | 12 ++++--------
>   1 file changed, 4 insertions(+), 8 deletions(-)
>
> diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
> index f0a520987085..eddd10b74f06 100644
> --- a/net/core/rtnetlink.c
> +++ b/net/core/rtnetlink.c
> @@ -2839,21 +2839,17 @@ static int do_setlink(const struct sk_buff *skb,
>   	}
>   
>   	if (tb[IFLA_ADDRESS]) {
> -		struct sockaddr *sa;
> -		int len;
> +		struct sockaddr_storage addr;
> +		struct sockaddr *sa = (struct sockaddr *)&addr;


We already use too much stack space.


Please move addr into struct rtnl_newlink_tbs ?


>   
> -		len = sizeof(sa_family_t) + max_t(size_t, dev->addr_len,
> -						  sizeof(*sa));
> -		sa = kmalloc(len, GFP_KERNEL);
> -		if (!sa) {
> +		if (dev->addr_len > sizeof(addr.__data)) {
>   			err = -ENOMEM;
>   			goto errout;
>   		}
>   		sa->sa_family = dev->type;
> -		memcpy(sa->sa_data, nla_data(tb[IFLA_ADDRESS]),
> +		memcpy(addr.__data, nla_data(tb[IFLA_ADDRESS]),
>   		       dev->addr_len);
>   		err = dev_set_mac_address_user(dev, sa, extack);
> -		kfree(sa);
>   		if (err)
>   			goto errout;
>   		status |= DO_SETLINK_MODIFIED;

diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index f0a520987085..eddd10b74f06 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -2839,21 +2839,17 @@  static int do_setlink(const struct sk_buff *skb,
 	}
 
 	if (tb[IFLA_ADDRESS]) {
-		struct sockaddr *sa;
-		int len;
+		struct sockaddr_storage addr;
+		struct sockaddr *sa = (struct sockaddr *)&addr;
 
-		len = sizeof(sa_family_t) + max_t(size_t, dev->addr_len,
-						  sizeof(*sa));
-		sa = kmalloc(len, GFP_KERNEL);
-		if (!sa) {
+		if (dev->addr_len > sizeof(addr.__data)) {
 			err = -ENOMEM;
 			goto errout;
 		}
 		sa->sa_family = dev->type;
-		memcpy(sa->sa_data, nla_data(tb[IFLA_ADDRESS]),
+		memcpy(addr.__data, nla_data(tb[IFLA_ADDRESS]),
 		       dev->addr_len);
 		err = dev_set_mac_address_user(dev, sa, extack);
-		kfree(sa);
 		if (err)
 			goto errout;
 		status |= DO_SETLINK_MODIFIED;

[RFC,3/5] rtnetlink: do_setlink: Use sockaddr_storage

Commit Message

Comments

Patch