ip*_mc_gsfget(): lift copyout of struct group_filter into callers

pass the userland pointer to the array in its tail, so that part
gets copied out by our functions; copyout of everything else is
done in the callers.  Rationale: reuse for compat; the array
is the same in native and compat, the layout of parts before it
is different for compat.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro 2020-03-29 17:18:30 -04:00
Родитель e9c375fb5e
Коммит 931ca7ab7f
6 изменённых файлов: 38 добавлений и 31 удалений

Просмотреть файл

@ -123,7 +123,7 @@ extern int ip_mc_msfilter(struct sock *sk, struct ip_msfilter *msf,int ifindex);
extern int ip_mc_msfget(struct sock *sk, struct ip_msfilter *msf, extern int ip_mc_msfget(struct sock *sk, struct ip_msfilter *msf,
struct ip_msfilter __user *optval, int __user *optlen); struct ip_msfilter __user *optval, int __user *optlen);
extern int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf, extern int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf,
struct group_filter __user *optval, int __user *optlen); struct sockaddr_storage __user *p);
extern int ip_mc_sf_allow(struct sock *sk, __be32 local, __be32 rmt, extern int ip_mc_sf_allow(struct sock *sk, __be32 local, __be32 rmt,
int dif, int sdif); int dif, int sdif);
extern void ip_mc_init_dev(struct in_device *); extern void ip_mc_init_dev(struct in_device *);

Просмотреть файл

@ -1138,7 +1138,7 @@ int ip6_mc_source(int add, int omode, struct sock *sk,
struct group_source_req *pgsr); struct group_source_req *pgsr);
int ip6_mc_msfilter(struct sock *sk, struct group_filter *gsf); int ip6_mc_msfilter(struct sock *sk, struct group_filter *gsf);
int ip6_mc_msfget(struct sock *sk, struct group_filter *gsf, int ip6_mc_msfget(struct sock *sk, struct group_filter *gsf,
struct group_filter __user *optval, int __user *optlen); struct sockaddr_storage __user *p);
#ifdef CONFIG_PROC_FS #ifdef CONFIG_PROC_FS
int ac6_proc_init(struct net *net); int ac6_proc_init(struct net *net);

Просмотреть файл

@ -2565,9 +2565,9 @@ done:
} }
int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf, int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf,
struct group_filter __user *optval, int __user *optlen) struct sockaddr_storage __user *p)
{ {
int err, i, count, copycount; int i, count, copycount;
struct sockaddr_in *psin; struct sockaddr_in *psin;
__be32 addr; __be32 addr;
struct ip_mc_socklist *pmc; struct ip_mc_socklist *pmc;
@ -2583,37 +2583,29 @@ int ip_mc_gsfget(struct sock *sk, struct group_filter *gsf,
if (!ipv4_is_multicast(addr)) if (!ipv4_is_multicast(addr))
return -EINVAL; return -EINVAL;
err = -EADDRNOTAVAIL;
for_each_pmc_rtnl(inet, pmc) { for_each_pmc_rtnl(inet, pmc) {
if (pmc->multi.imr_multiaddr.s_addr == addr && if (pmc->multi.imr_multiaddr.s_addr == addr &&
pmc->multi.imr_ifindex == gsf->gf_interface) pmc->multi.imr_ifindex == gsf->gf_interface)
break; break;
} }
if (!pmc) /* must have a prior join */ if (!pmc) /* must have a prior join */
goto done; return -EADDRNOTAVAIL;
gsf->gf_fmode = pmc->sfmode; gsf->gf_fmode = pmc->sfmode;
psl = rtnl_dereference(pmc->sflist); psl = rtnl_dereference(pmc->sflist);
count = psl ? psl->sl_count : 0; count = psl ? psl->sl_count : 0;
copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc; copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc;
gsf->gf_numsrc = count; gsf->gf_numsrc = count;
if (put_user(GROUP_FILTER_SIZE(copycount), optlen) || for (i = 0; i < copycount; i++, p++) {
copy_to_user(optval, gsf, GROUP_FILTER_SIZE(0))) {
return -EFAULT;
}
for (i = 0; i < copycount; i++) {
struct sockaddr_storage ss; struct sockaddr_storage ss;
psin = (struct sockaddr_in *)&ss; psin = (struct sockaddr_in *)&ss;
memset(&ss, 0, sizeof(ss)); memset(&ss, 0, sizeof(ss));
psin->sin_family = AF_INET; psin->sin_family = AF_INET;
psin->sin_addr.s_addr = psl->sl_addr[i]; psin->sin_addr.s_addr = psl->sl_addr[i];
if (copy_to_user(&optval->gf_slist[i], &ss, sizeof(ss))) if (copy_to_user(p, &ss, sizeof(ss)))
return -EFAULT; return -EFAULT;
} }
return 0; return 0;
done:
return err;
} }
/* /*

Просмотреть файл

@ -1473,19 +1473,28 @@ static int do_ip_getsockopt(struct sock *sk, int level, int optname,
} }
case MCAST_MSFILTER: case MCAST_MSFILTER:
{ {
struct group_filter __user *p = (void __user *)optval;
struct group_filter gsf; struct group_filter gsf;
const int size0 = offsetof(struct group_filter, gf_slist);
int num;
if (len < GROUP_FILTER_SIZE(0)) { if (len < size0) {
err = -EINVAL; err = -EINVAL;
goto out; goto out;
} }
if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0))) { if (copy_from_user(&gsf, p, size0)) {
err = -EFAULT; err = -EFAULT;
goto out; goto out;
} }
err = ip_mc_gsfget(sk, &gsf, num = gsf.gf_numsrc;
(struct group_filter __user *)optval, err = ip_mc_gsfget(sk, &gsf, p->gf_slist);
optlen); if (err)
goto out;
if (gsf.gf_numsrc < num)
num = gsf.gf_numsrc;
if (put_user(GROUP_FILTER_SIZE(num), optlen) ||
copy_to_user(p, &gsf, size0))
err = -EFAULT;
goto out; goto out;
} }
case IP_MULTICAST_ALL: case IP_MULTICAST_ALL:

Просмотреть файл

@ -1056,18 +1056,28 @@ static int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
break; break;
case MCAST_MSFILTER: case MCAST_MSFILTER:
{ {
struct group_filter __user *p = (void __user *)optval;
struct group_filter gsf; struct group_filter gsf;
const int size0 = offsetof(struct group_filter, gf_slist);
int num;
int err; int err;
if (len < GROUP_FILTER_SIZE(0)) if (len < size0)
return -EINVAL; return -EINVAL;
if (copy_from_user(&gsf, optval, GROUP_FILTER_SIZE(0))) if (copy_from_user(&gsf, p, size0))
return -EFAULT; return -EFAULT;
if (gsf.gf_group.ss_family != AF_INET6) if (gsf.gf_group.ss_family != AF_INET6)
return -EADDRNOTAVAIL; return -EADDRNOTAVAIL;
num = gsf.gf_numsrc;
lock_sock(sk); lock_sock(sk);
err = ip6_mc_msfget(sk, &gsf, err = ip6_mc_msfget(sk, &gsf, p->gf_slist);
(struct group_filter __user *)optval, optlen); if (!err) {
if (num > gsf.gf_numsrc)
num = gsf.gf_numsrc;
if (put_user(GROUP_FILTER_SIZE(num), optlen) ||
copy_to_user(p, &gsf, size0))
err = -EFAULT;
}
release_sock(sk); release_sock(sk);
return err; return err;
} }

Просмотреть файл

@ -547,7 +547,7 @@ done:
} }
int ip6_mc_msfget(struct sock *sk, struct group_filter *gsf, int ip6_mc_msfget(struct sock *sk, struct group_filter *gsf,
struct group_filter __user *optval, int __user *optlen) struct sockaddr_storage *p)
{ {
int err, i, count, copycount; int err, i, count, copycount;
const struct in6_addr *group; const struct in6_addr *group;
@ -592,14 +592,10 @@ int ip6_mc_msfget(struct sock *sk, struct group_filter *gsf,
copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc; copycount = count < gsf->gf_numsrc ? count : gsf->gf_numsrc;
gsf->gf_numsrc = count; gsf->gf_numsrc = count;
if (put_user(GROUP_FILTER_SIZE(copycount), optlen) ||
copy_to_user(optval, gsf, GROUP_FILTER_SIZE(0))) {
return -EFAULT;
}
/* changes to psl require the socket lock, and a write lock /* changes to psl require the socket lock, and a write lock
* on pmc->sflock. We have the socket lock so reading here is safe. * on pmc->sflock. We have the socket lock so reading here is safe.
*/ */
for (i = 0; i < copycount; i++) { for (i = 0; i < copycount; i++, p++) {
struct sockaddr_in6 *psin6; struct sockaddr_in6 *psin6;
struct sockaddr_storage ss; struct sockaddr_storage ss;
@ -607,7 +603,7 @@ int ip6_mc_msfget(struct sock *sk, struct group_filter *gsf,
memset(&ss, 0, sizeof(ss)); memset(&ss, 0, sizeof(ss));
psin6->sin6_family = AF_INET6; psin6->sin6_family = AF_INET6;
psin6->sin6_addr = psl->sl_addr[i]; psin6->sin6_addr = psl->sl_addr[i];
if (copy_to_user(&optval->gf_slist[i], &ss, sizeof(ss))) if (copy_to_user(p, &ss, sizeof(ss)))
return -EFAULT; return -EFAULT;
} }
return 0; return 0;