Message ID | 20200831235956.2143127-1-kuba@kernel.org |
---|---|
State | Not Applicable |
Delegated to: | David Miller |
Headers | show |
Series | [net-next] net: diag: add workaround for inode truncation | expand |
On 8/31/20 4:59 PM, Jakub Kicinski wrote: > Dave reports that struct inet_diag_msg::idiag_inode is 32 bit, > while inode's type is unsigned long. This leads to truncation. > > Since there is nothing we can do about the size of existing > fields - add a new attribute to carry 64 bit inode numbers. > > Reported-by: Dave Marchevsky <davemarchevsky@fb.com> > Signed-off-by: Jakub Kicinski <kuba@kernel.org> > --- > include/linux/inet_diag.h | 1 + > include/uapi/linux/inet_diag.h | 1 + > net/ipv4/inet_diag.c | 7 ++++++- > 3 files changed, 8 insertions(+), 1 deletion(-) > > diff --git a/include/linux/inet_diag.h b/include/linux/inet_diag.h > index 0ef2d800fda7..5ea0f965c173 100644 > --- a/include/linux/inet_diag.h > +++ b/include/linux/inet_diag.h > @@ -75,6 +75,7 @@ static inline size_t inet_diag_msg_attrs_size(void) > #ifdef CONFIG_SOCK_CGROUP_DATA > + nla_total_size_64bit(sizeof(u64)) /* INET_DIAG_CGROUP_ID */ > #endif > + + nla_total_size_64bit(sizeof(u64)) /* INET_DIAG_INODE */ > ; > } > int inet_diag_msg_attrs_fill(struct sock *sk, struct sk_buff *skb, > diff --git a/include/uapi/linux/inet_diag.h b/include/uapi/linux/inet_diag.h > index 5ba122c1949a..0819a473ee9c 100644 > --- a/include/uapi/linux/inet_diag.h > +++ b/include/uapi/linux/inet_diag.h > @@ -160,6 +160,7 @@ enum { > INET_DIAG_ULP_INFO, > INET_DIAG_SK_BPF_STORAGES, > INET_DIAG_CGROUP_ID, > + INET_DIAG_INODE, > __INET_DIAG_MAX, > }; > > diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c > index 4a98dd736270..6a52947591fc 100644 > --- a/net/ipv4/inet_diag.c > +++ b/net/ipv4/inet_diag.c > @@ -125,6 +125,7 @@ int inet_diag_msg_attrs_fill(struct sock *sk, struct sk_buff *skb, > bool net_admin) > { > const struct inet_sock *inet = inet_sk(sk); > + unsigned long ino; > > if (nla_put_u8(skb, INET_DIAG_SHUTDOWN, sk->sk_shutdown)) > goto errout; > @@ -177,8 +178,12 @@ int inet_diag_msg_attrs_fill(struct sock *sk, struct sk_buff *skb, > goto errout; > #endif > > + ino = sock_i_ino(sk); > + if (nla_put_u64_64bit(skb, INET_DIAG_INODE, ino, INET_DIAG_PAD)) > + goto errout; > + > r->idiag_uid = from_kuid_munged(user_ns, sock_i_uid(sk)); > - r->idiag_inode = sock_i_ino(sk); > + r->idiag_inode = ino; > > return 0; > errout: > Last time I checked socket inode numbers were 32bit ? Is there a plan changing this ?
On Tue, 1 Sep 2020 08:55:29 +0200 Eric Dumazet wrote: > On 8/31/20 4:59 PM, Jakub Kicinski wrote: > > Dave reports that struct inet_diag_msg::idiag_inode is 32 bit, > > while inode's type is unsigned long. This leads to truncation. > > > > Since there is nothing we can do about the size of existing > > fields - add a new attribute to carry 64 bit inode numbers. > > Last time I checked socket inode numbers were 32bit ? > > Is there a plan changing this ? Ugh, you're right that appears to be a local patch :/ I should have checked, sorry for the noise.
On Tue, 1 Sep 2020 09:36:13 -0700 Jakub Kicinski wrote: > On Tue, 1 Sep 2020 08:55:29 +0200 Eric Dumazet wrote: > > On 8/31/20 4:59 PM, Jakub Kicinski wrote: > > > Dave reports that struct inet_diag_msg::idiag_inode is 32 bit, > > > while inode's type is unsigned long. This leads to truncation. > > > > > > Since there is nothing we can do about the size of existing > > > fields - add a new attribute to carry 64 bit inode numbers. > > > > Last time I checked socket inode numbers were 32bit ? > > > > Is there a plan changing this ? > > Ugh, you're right that appears to be a local patch :/ > > I should have checked, sorry for the noise. Looking at get_next_ino() - it seems like the risk of overflow is very real, no? Should we not address this?
diff --git a/include/linux/inet_diag.h b/include/linux/inet_diag.h index 0ef2d800fda7..5ea0f965c173 100644 --- a/include/linux/inet_diag.h +++ b/include/linux/inet_diag.h @@ -75,6 +75,7 @@ static inline size_t inet_diag_msg_attrs_size(void) #ifdef CONFIG_SOCK_CGROUP_DATA + nla_total_size_64bit(sizeof(u64)) /* INET_DIAG_CGROUP_ID */ #endif + + nla_total_size_64bit(sizeof(u64)) /* INET_DIAG_INODE */ ; } int inet_diag_msg_attrs_fill(struct sock *sk, struct sk_buff *skb, diff --git a/include/uapi/linux/inet_diag.h b/include/uapi/linux/inet_diag.h index 5ba122c1949a..0819a473ee9c 100644 --- a/include/uapi/linux/inet_diag.h +++ b/include/uapi/linux/inet_diag.h @@ -160,6 +160,7 @@ enum { INET_DIAG_ULP_INFO, INET_DIAG_SK_BPF_STORAGES, INET_DIAG_CGROUP_ID, + INET_DIAG_INODE, __INET_DIAG_MAX, }; diff --git a/net/ipv4/inet_diag.c b/net/ipv4/inet_diag.c index 4a98dd736270..6a52947591fc 100644 --- a/net/ipv4/inet_diag.c +++ b/net/ipv4/inet_diag.c @@ -125,6 +125,7 @@ int inet_diag_msg_attrs_fill(struct sock *sk, struct sk_buff *skb, bool net_admin) { const struct inet_sock *inet = inet_sk(sk); + unsigned long ino; if (nla_put_u8(skb, INET_DIAG_SHUTDOWN, sk->sk_shutdown)) goto errout; @@ -177,8 +178,12 @@ int inet_diag_msg_attrs_fill(struct sock *sk, struct sk_buff *skb, goto errout; #endif + ino = sock_i_ino(sk); + if (nla_put_u64_64bit(skb, INET_DIAG_INODE, ino, INET_DIAG_PAD)) + goto errout; + r->idiag_uid = from_kuid_munged(user_ns, sock_i_uid(sk)); - r->idiag_inode = sock_i_ino(sk); + r->idiag_inode = ino; return 0; errout:
Dave reports that struct inet_diag_msg::idiag_inode is 32 bit, while inode's type is unsigned long. This leads to truncation. Since there is nothing we can do about the size of existing fields - add a new attribute to carry 64 bit inode numbers. Reported-by: Dave Marchevsky <davemarchevsky@fb.com> Signed-off-by: Jakub Kicinski <kuba@kernel.org> --- include/linux/inet_diag.h | 1 + include/uapi/linux/inet_diag.h | 1 + net/ipv4/inet_diag.c | 7 ++++++- 3 files changed, 8 insertions(+), 1 deletion(-)