From patchwork Wed Jun  1 19:18:15 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Eric Dumazet <eric.dumazet@gmail.com>
X-Patchwork-Id: 9148009
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	70B7460467
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed,  1 Jun 2016 19:18:39 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 5FDA61FFBD
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed,  1 Jun 2016 19:18:39 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 54156265F9; Wed,  1 Jun 2016 19:18:39 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.8 required=2.0 tests=BAYES_00,
	DKIM_ADSP_CUSTOM_MED,
	DKIM_SIGNED, FREEMAIL_FROM, RCVD_IN_DNSWL_HI,
	T_DKIM_INVALID autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id C8EDF268AE
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed,  1 Jun 2016 19:18:37 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751445AbcFATSU (ORCPT
	<rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
	Wed, 1 Jun 2016 15:18:20 -0400
Received: from mail-pf0-f196.google.com ([209.85.192.196]:33103 "EHLO
	mail-pf0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751148AbcFATSS (ORCPT
	<rfc822;linux-security-module@vger.kernel.org>);
	Wed, 1 Jun 2016 15:18:18 -0400
Received: by mail-pf0-f196.google.com with SMTP id b124so5020450pfb.0;
	Wed, 01 Jun 2016 12:18:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=gmail.com; s=20120113;
	h=message-id:subject:from:to:cc:date:in-reply-to:references
	:mime-version:content-transfer-encoding;
	bh=nYtn6dEMM/HFzwgJAxg88G/qmye6uRN51/j69VXLALI=;
	b=Y9uKiRoaefQJ7LW53Dq4ppLl5kGa1c/gCSMqhibHrLRq0+dxIYJhahWSbhK0OE4O5r
	iuqloSmQJnHoILsLiLueZiGgV+kWZ4/DOtYDW6rw39T4gCpWxjPAHrLDSIddEhZ7wfVW
	cOuPNVWBrQP3oXpQriTi/M8hGUKNtyC1HjutcISKEHktvRIQQSjvrEzXt2Hzr8pYdbgp
	K3fHGjyLxrx9YNtGbE59cq4beYhqtrOENcHqLy1sl9kOz3bhG1Y8IIKvVDJ3byiEwniZ
	TnkC84QAuFy4RQjrBO5Eyj+TjCL4NV7HWs5GOV8GXIzUU+yhMW1nTwFCfu2JYC6nwCKV
	t/5w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20130820;
	h=x-gm-message-state:message-id:subject:from:to:cc:date:in-reply-to
	:references:mime-version:content-transfer-encoding;
	bh=nYtn6dEMM/HFzwgJAxg88G/qmye6uRN51/j69VXLALI=;
	b=i6pAq7Bi9QQz0B5D3rK5AHSsqlB4Na+m1y+CQPwmqzePZPIKQrz3EptKmKY6UX7QKc
	Hkflq/YZ8rQj6axv2ZFu4aQcTpRDZkoAkOQp95lELATUz9RL9dIgNb4q6pBTUVnwTUZe
	nhH/U7Mv67E5ZF2Cskd6BmldW3MqIXA4IV43FC2xfyblqUOqrkrUr1MhannACif+seL1
	d6Af1rYr/lv3QeptlZ0Jopjer8ud+3P8+gmCCDBz2DJ03zu6WGwks6gYqBXqRhO5way2
	SEgAL+Fc2qwjvVmRAEQ1NX509uNN1RqdKp3Srht6oRoiKYO145114+oyljk59kf+JMpL
	X6Eg==
X-Gm-Message-State: 
 ALyK8tJngk2BwDiVRmkNLJwH8R1yfHhR2j/qwm31fgItb14Cg3Ewo3u0dw59FcQwxK5qag==
X-Received: by 10.98.0.21 with SMTP id 21mr11513001pfa.81.1464808697375;
	Wed, 01 Jun 2016 12:18:17 -0700 (PDT)
Received: from ?IPv6:2620:0:1000:1704:1110:8176:3d64:e6a8?
	([2620:0:1000:1704:1110:8176:3d64:e6a8])
	by smtp.googlemail.com with ESMTPSA id
	fn3sm64530686pab.20.2016.06.01.12.18.15
	(version=TLSv1/SSLv3 cipher=OTHER);
	Wed, 01 Jun 2016 12:18:16 -0700 (PDT)
Message-ID: <1464808695.5939.167.camel@edumazet-glaptop3.roam.corp.google.com>
Subject: Re: Possible problem with e6afc8ac ("udp: remove headers from UDP
	packets before queueing")
From: Eric Dumazet <eric.dumazet@gmail.com>
To: Paul Moore <paul@paul-moore.com>
Cc: samanthakumar@google.com, netdev@vger.kernel.org,
	linux-security-module@vger.kernel.org, selinux@tycho.nsa.gov
Date: Wed, 01 Jun 2016 12:18:15 -0700
In-Reply-To: 
 <CAHC9VhS0oH8p55_3yOcQGJWx8WmokHW=kSrKOM6tKPM1XoPjGA@mail.gmail.com>
References: 
 <CAHC9VhS0oH8p55_3yOcQGJWx8WmokHW=kSrKOM6tKPM1XoPjGA@mail.gmail.com>
X-Mailer: Evolution 3.10.4-0ubuntu2 
Mime-Version: 1.0
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

On Wed, 2016-06-01 at 15:01 -0400, Paul Moore wrote:
> Hello,
> 
> I'm currently trying to debug a problem with 4.7-rc1 and labeled
> networking over UDP.  I'm having some difficulty with the latest
> 4.7-rc1 builds on my test system at the moment so I haven't been able
> to concisely identify the problem, but looking through the commits in
> 4.7-rc1 I think there may be a problem with the following:
> 
>   commit e6afc8ace6dd5cef5e812f26c72579da8806f5ac
>   Author: samanthakumar <samanthakumar@google.com>
>   Date:   Tue Apr 5 12:41:15 2016 -0400
> 
>    udp: remove headers from UDP packets before queueing
> 
>    Remove UDP transport headers before queueing packets for reception.
>    This change simplifies a follow-up patch to add MSG_PEEK support.
> 
>    Signed-off-by: Sam Kumar <samanthakumar@google.com>
>    Signed-off-by: Willem de Bruijn <willemb@google.com>
>    Signed-off-by: David S. Miller <davem@davemloft.net>
> 
> ... it appears that this commit changes things so that sk_filter() is
> only called when sk->sk_filter is not NULL.  While this is fine for
> the traditional socket filter case, it causes problems with LSMs that
> make use of security_sock_rcv_skb() to enforce per-packet access
> controls.
> 
> Hopefully I'll get 4.7-rc1 booting soon and I can do a proper
> bisection test around this patch, but I wanted to mention this now in
> case others are seeing the same problem.
> 

Thanks for the report. Please try following fix.

sk_filter() got additional features like the skb_pfmemalloc() things and
security_sock_rcv_skb()
Tested-by: Stephen Smalley <sds@tycho.nsa.gov>
Tested-by: Paul Moore <paul@paul-moore.com>
---
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index d56c0559b477..0ff31d97d485 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1618,12 +1618,12 @@ int udp_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
 		}
 	}
 
-	if (rcu_access_pointer(sk->sk_filter)) {
-		if (udp_lib_checksum_complete(skb))
+	if (rcu_access_pointer(sk->sk_filter) &&
+	    udp_lib_checksum_complete(skb))
 			goto csum_error;
-		if (sk_filter(sk, skb))
-			goto drop;
-	}
+
+	if (sk_filter(sk, skb))
+		goto drop;
 
 	udp_csum_pull_header(skb);
 	if (sk_rcvqueues_full(sk, sk->sk_rcvbuf)) {
diff --git a/net/ipv6/udp.c b/net/ipv6/udp.c
index 2da1896af934..f421c9f23c5b 100644
--- a/net/ipv6/udp.c
+++ b/net/ipv6/udp.c
@@ -653,12 +653,12 @@ int udpv6_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
 		}
 	}
 
-	if (rcu_access_pointer(sk->sk_filter)) {
-		if (udp_lib_checksum_complete(skb))
-			goto csum_error;
-		if (sk_filter(sk, skb))
-			goto drop;
-	}
+	if (rcu_access_pointer(sk->sk_filter) &&
+	    udp_lib_checksum_complete(skb))
+		goto csum_error;
+
+	if (sk_filter(sk, skb))
+		goto drop;
 
 	udp_csum_pull_header(skb);
 	if (sk_rcvqueues_full(sk, sk->sk_rcvbuf)) {