| Message ID | 20241119-sockptr-copy-fixes-v3-0-d752cac4be8e@rbox.co |
|---|---|
| Headers | show |
| Series | net: Fix some callers of copy_from_sockptr() | expand |
On 11/19/24 14:31, Michal Luczaj wrote: > Some callers misinterpret copy_from_sockptr()'s return value. The function > follows copy_from_user(), i.e. returns 0 for success, or the number of > bytes not copied on error. Simply returning the result in a non-zero case > isn't usually what was intended. > > Compile tested with CONFIG_LLC, CONFIG_AF_RXRPC, CONFIG_BT enabled. > > Last patch probably belongs more to net-next, if any. Here as an RFC. > > Suggested-by: Jakub Kicinski <kuba@kernel.org> > Signed-off-by: Michal Luczaj <mhal@rbox.co> > --- > Changes in v3: > - rxrpc/llc: Drop the non-essential changes > - rxrpc/llc: Replace the deprecated copy_from_sockptr() with > copy_safe_from_sockptr() [David Wei] > - Collect Reviewed-by [David Wei] > - Link to v2: https://lore.kernel.org/r/20241115-sockptr-copy-fixes-v2-0-9b1254c18b7a@rbox.co > > Changes in v2: > - Fix the fix of llc_ui_setsockopt() > - Switch "bluetooth:" to "Bluetooth:" [bluez.test.bot] > - Collect Reviewed-by [Luiz Augusto von Dentz] > - Link to v1: https://lore.kernel.org/r/20241115-sockptr-copy-fixes-v1-0-d183c87fcbd5@rbox.co > > --- > Michal Luczaj (4): > Bluetooth: Improve setsockopt() handling of malformed user input > llc: Improve setsockopt() handling of malformed user input > rxrpc: Improve setsockopt() handling of malformed user input > net: Comment copy_from_sockptr() explaining its behaviour I guess we can apply directly patch 2-4, but patch 1 should go via the BT tree. @Luiz, @David, are you ok with that? Thanks, Paolo
Hi Paolo, On Tue, Nov 26, 2024 at 4:00 AM Paolo Abeni <pabeni@redhat.com> wrote: > > On 11/19/24 14:31, Michal Luczaj wrote: > > Some callers misinterpret copy_from_sockptr()'s return value. The function > > follows copy_from_user(), i.e. returns 0 for success, or the number of > > bytes not copied on error. Simply returning the result in a non-zero case > > isn't usually what was intended. > > > > Compile tested with CONFIG_LLC, CONFIG_AF_RXRPC, CONFIG_BT enabled. > > > > Last patch probably belongs more to net-next, if any. Here as an RFC. > > > > Suggested-by: Jakub Kicinski <kuba@kernel.org> > > Signed-off-by: Michal Luczaj <mhal@rbox.co> > > --- > > Changes in v3: > > - rxrpc/llc: Drop the non-essential changes > > - rxrpc/llc: Replace the deprecated copy_from_sockptr() with > > copy_safe_from_sockptr() [David Wei] > > - Collect Reviewed-by [David Wei] > > - Link to v2: https://lore.kernel.org/r/20241115-sockptr-copy-fixes-v2-0-9b1254c18b7a@rbox.co > > > > Changes in v2: > > - Fix the fix of llc_ui_setsockopt() > > - Switch "bluetooth:" to "Bluetooth:" [bluez.test.bot] > > - Collect Reviewed-by [Luiz Augusto von Dentz] > > - Link to v1: https://lore.kernel.org/r/20241115-sockptr-copy-fixes-v1-0-d183c87fcbd5@rbox.co > > > > --- > > Michal Luczaj (4): > > Bluetooth: Improve setsockopt() handling of malformed user input > > llc: Improve setsockopt() handling of malformed user input > > rxrpc: Improve setsockopt() handling of malformed user input > > net: Comment copy_from_sockptr() explaining its behaviour > > I guess we can apply directly patch 2-4, but patch 1 should go via the > BT tree. @Luiz, @David, are you ok with that? Sure, I can apply that one if there is no dependency on the others. > Thanks, > > Paolo >
Hello: This series was applied to netdev/net.git (main) by Paolo Abeni <pabeni@redhat.com>: On Tue, 19 Nov 2024 14:31:39 +0100 you wrote: > Some callers misinterpret copy_from_sockptr()'s return value. The function > follows copy_from_user(), i.e. returns 0 for success, or the number of > bytes not copied on error. Simply returning the result in a non-zero case > isn't usually what was intended. > > Compile tested with CONFIG_LLC, CONFIG_AF_RXRPC, CONFIG_BT enabled. > > [...] Here is the summary with links: - [net,v3,1/4] Bluetooth: Improve setsockopt() handling of malformed user input (no matching commit) - [net,v3,2/4] llc: Improve setsockopt() handling of malformed user input https://git.kernel.org/netdev/net/c/1465036b10be - [net,v3,3/4] rxrpc: Improve setsockopt() handling of malformed user input https://git.kernel.org/netdev/net/c/020200566470 - [net,v3,4/4] net: Comment copy_from_sockptr() explaining its behaviour https://git.kernel.org/netdev/net/c/49b2b973325a You are awesome, thank you!
Hello: This series was applied to bluetooth/bluetooth-next.git (master) by Luiz Augusto von Dentz <luiz.von.dentz@intel.com>: On Tue, 19 Nov 2024 14:31:39 +0100 you wrote: > Some callers misinterpret copy_from_sockptr()'s return value. The function > follows copy_from_user(), i.e. returns 0 for success, or the number of > bytes not copied on error. Simply returning the result in a non-zero case > isn't usually what was intended. > > Compile tested with CONFIG_LLC, CONFIG_AF_RXRPC, CONFIG_BT enabled. > > [...] Here is the summary with links: - [net,v3,1/4] Bluetooth: Improve setsockopt() handling of malformed user input https://git.kernel.org/bluetooth/bluetooth-next/c/389eeaf59809 - [net,v3,2/4] llc: Improve setsockopt() handling of malformed user input (no matching commit) - [net,v3,3/4] rxrpc: Improve setsockopt() handling of malformed user input (no matching commit) - [net,v3,4/4] net: Comment copy_from_sockptr() explaining its behaviour (no matching commit) You are awesome, thank you!
Some callers misinterpret copy_from_sockptr()'s return value. The function follows copy_from_user(), i.e. returns 0 for success, or the number of bytes not copied on error. Simply returning the result in a non-zero case isn't usually what was intended. Compile tested with CONFIG_LLC, CONFIG_AF_RXRPC, CONFIG_BT enabled. Last patch probably belongs more to net-next, if any. Here as an RFC. Suggested-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Michal Luczaj <mhal@rbox.co> --- Changes in v3: - rxrpc/llc: Drop the non-essential changes - rxrpc/llc: Replace the deprecated copy_from_sockptr() with copy_safe_from_sockptr() [David Wei] - Collect Reviewed-by [David Wei] - Link to v2: https://lore.kernel.org/r/20241115-sockptr-copy-fixes-v2-0-9b1254c18b7a@rbox.co Changes in v2: - Fix the fix of llc_ui_setsockopt() - Switch "bluetooth:" to "Bluetooth:" [bluez.test.bot] - Collect Reviewed-by [Luiz Augusto von Dentz] - Link to v1: https://lore.kernel.org/r/20241115-sockptr-copy-fixes-v1-0-d183c87fcbd5@rbox.co --- Michal Luczaj (4): Bluetooth: Improve setsockopt() handling of malformed user input llc: Improve setsockopt() handling of malformed user input rxrpc: Improve setsockopt() handling of malformed user input net: Comment copy_from_sockptr() explaining its behaviour include/linux/sockptr.h | 2 ++ include/net/bluetooth/bluetooth.h | 9 --------- net/bluetooth/hci_sock.c | 14 +++++++------- net/bluetooth/iso.c | 10 +++++----- net/bluetooth/l2cap_sock.c | 20 +++++++++++--------- net/bluetooth/rfcomm/sock.c | 9 ++++----- net/bluetooth/sco.c | 11 ++++++----- net/llc/af_llc.c | 2 +- net/rxrpc/af_rxrpc.c | 7 ++++--- 9 files changed, 40 insertions(+), 44 deletions(-) --- base-commit: 66418447d27b7f4c027587582a133dd0bc0a663b change-id: 20241114-sockptr-copy-fixes-3999eaa81aa1 Best regards,