diff mbox series

[5/9] rxrpc: Check address length before reading srx_service field

Message ID 1555066445-9488-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp
State Accepted
Delegated to: David Miller
Headers show
Series [1/9] net/rds: Check address length before reading address family | expand

Commit Message

Tetsuo Handa April 12, 2019, 10:54 a.m. UTC 
KMSAN will complain if valid address length passed to bind() is shorter
than sizeof(struct sockaddr_rxrpc) bytes.

Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
---
 net/rxrpc/af_rxrpc.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

Comments

David Howells April 12, 2019, 12:18 p.m. UTC | #1 
Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> wrote:

> KMSAN will complain if valid address length passed to bind() is shorter
> than sizeof(struct sockaddr_rxrpc) bytes.

Do you want me to add this to my rxrpc-fixes branch?

David
Tetsuo Handa April 12, 2019, 12:34 p.m. UTC | #2 
On 2019/04/12 21:18, David Howells wrote:
> Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> wrote:
> 
>> KMSAN will complain if valid address length passed to bind() is shorter
>> than sizeof(struct sockaddr_rxrpc) bytes.
> 
> Do you want me to add this to my rxrpc-fixes branch?
> 

Yes, please.

> David
>
David Howells April 12, 2019, 3:40 p.m. UTC | #3 
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp> wrote:

> > Do you want me to add this to my rxrpc-fixes branch?
> > 
> 
> Yes, please.

Sorry, saw your reply right after posting my patches.  Will forward yours on
next.

David
David Miller April 12, 2019, 5:25 p.m. UTC | #4 
From: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Date: Fri, 12 Apr 2019 19:54:05 +0900

> KMSAN will complain if valid address length passed to bind() is shorter
> than sizeof(struct sockaddr_rxrpc) bytes.
> 
> Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>

I know David said he'd take it, but I'll take it too, no harm in that.
diff mbox series

Patch

diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c
index 96f2952bbdfd..c54dce3ca0dd 100644
--- a/net/rxrpc/af_rxrpc.c
+++ b/net/rxrpc/af_rxrpc.c
@@ -135,7 +135,7 @@  static int rxrpc_bind(struct socket *sock, struct sockaddr *saddr, int len)
 	struct sockaddr_rxrpc *srx = (struct sockaddr_rxrpc *)saddr;
 	struct rxrpc_local *local;
 	struct rxrpc_sock *rx = rxrpc_sk(sock->sk);
-	u16 service_id = srx->srx_service;
+	u16 service_id;
 	int ret;
 
 	_enter("%p,%p,%d", rx, saddr, len);
@@ -143,6 +143,7 @@  static int rxrpc_bind(struct socket *sock, struct sockaddr *saddr, int len)
 	ret = rxrpc_validate_address(rx, srx, len);
 	if (ret < 0)
 		goto error;
+	service_id = srx->srx_service;
 
 	lock_sock(&rx->sk);