From patchwork Thu Jul 26 02:31:44 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Dmitry Safonov <dima@arista.com>
X-Patchwork-Id: 949430
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming-netdev@ozlabs.org
Delivered-To: patchwork-incoming-netdev@ozlabs.org
Authentication-Results: ozlabs.org;
	spf=none (mailfrom) smtp.mailfrom=vger.kernel.org
	(client-ip=209.132.180.67; helo=vger.kernel.org;
	envelope-from=netdev-owner@vger.kernel.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org; dmarc=pass (p=quarantine dis=none)
	header.from=arista.com
Authentication-Results: ozlabs.org; dkim=pass (2048-bit key;
	unprotected) header.d=arista.com header.i=@arista.com
	header.b="YlFdrRZv"; dkim-atps=neutral
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 41bbhr2Gk7z9s4r
	for <patchwork-incoming-netdev@ozlabs.org>;
	Thu, 26 Jul 2018 12:32:12 +1000 (AEST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1729456AbeGZDqm (ORCPT
	<rfc822;patchwork-incoming-netdev@ozlabs.org>);
	Wed, 25 Jul 2018 23:46:42 -0400
Received: from mail-ed1-f66.google.com ([209.85.208.66]:38659 "EHLO
	mail-ed1-f66.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1729495AbeGZDql (ORCPT
	<rfc822;netdev@vger.kernel.org>); Wed, 25 Jul 2018 23:46:41 -0400
Received: by mail-ed1-f66.google.com with SMTP id t2-v6so336904edr.5
	for <netdev@vger.kernel.org>; Wed, 25 Jul 2018 19:32:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=arista.com; s=googlenew;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=UpUTx8N+Vm2EmfbX6c3Ult+ekG63+WTb/ebxMdJKa1I=;
	b=YlFdrRZvNGzbYYLZ+TcwKA16OOTlcVgHFy0KYodMj9dm/woiUZt6DaZk2q3S2D/JVL
	6TldqqsEEAETHXz8geb0GodPVHZHvifvQn87adR0Xqk2CydaGFFdSbgIIQAjkn5HziUm
	A2a6HKhdRDA7S47sCpXKmCD6mtIreNLMEVB7n5bQfS0gefCpDqy3nqJ7tkJpR2o43Qym
	QhaJu0n4khKEsBhZNPoeEIB9W+OZnn5xduAzbbc9yIL07b3QAQIgEjitu6SZewVa+flU
	H3ozBqm2HWZAVqjjCinMv+R0Ne4Ifg8ZaKZf18E3C6ifNU9Jx/e0YrTadX/ayVxF+fFw
	2d4w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=UpUTx8N+Vm2EmfbX6c3Ult+ekG63+WTb/ebxMdJKa1I=;
	b=bAX70vIa4CiSJGQdxtjwEfYuDG6ZWhbKeRGZ16xImPhqFZTLiOGl0D5gvrCVLoWiw9
	ehlMkyyLAhxiLZBIL+7pi0yzE8wqbq06dls7jWB2KF/QEU9gwW/3ImhVcxFQo8l6WY6G
	L6xV0P8B+A1JwknwLVr5QX79exGypnRNxrhddEG2QpI6eaRtUuSpitkfFsMnfbakEuS0
	yOIRfg27aFK1VtCdI60X6Ykuhj552qHbr/icRgG1FDn7ClEOIFq/luCM+DEYXNwqyMoo
	qtwc9P6wDZt4grOHdJezrDEmmYhVuvUwU5d50bhxp2nccxZwJcbSPmKwZ/Upx94OTaHH
	avwg==
X-Gm-Message-State: AOUpUlFQdCIkWasWgUBJaZtoTo110C9he4NVGX+J2r3cHTof0ajPKBtd
	JqegSbcsGwEBDRwZ6welwirhBw==
X-Google-Smtp-Source: 
 AAOMgpeZMreO6WLUW87sKhoovy5flZLFKq+OlLHXxN+JMXnYEk8mLxDgQ77FriOOGdco+LWPmDzSbQ==
X-Received: by 2002:a50:8ee4:: with SMTP id
	x33-v6mr461634edx.175.1532572326903;
	Wed, 25 Jul 2018 19:32:06 -0700 (PDT)
Received: from dhcp.ire.aristanetworks.com ([217.173.96.166])
	by smtp.gmail.com with ESMTPSA id
	x13-v6sm241024edx.17.2018.07.25.19.32.05
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Wed, 25 Jul 2018 19:32:06 -0700 (PDT)
From: Dmitry Safonov <dima@arista.com>
To: linux-kernel@vger.kernel.org
Cc: Dmitry Safonov <dima@arista.com>,
	"David S. Miller" <davem@davemloft.net>,
	Herbert Xu <herbert@gondor.apana.org.au>,
	Steffen Klassert <steffen.klassert@secunet.com>,
	Dmitry Safonov <0x7f454c46@gmail.com>, netdev@vger.kernel.org,
	Fan Du <fan.du@intel.com>
Subject: [PATCH 18/18] xfrm: Enable compat syscalls
Date: Thu, 26 Jul 2018 03:31:44 +0100
Message-Id: <20180726023144.31066-19-dima@arista.com>
X-Mailer: git-send-email 2.13.6
In-Reply-To: <20180726023144.31066-1-dima@arista.com>
References: <20180726023144.31066-1-dima@arista.com>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

Compatible syscalls were disabled for xfrm with the following commits:
19d7df69fdb2 ("xfrm: Refuse to insert 32 bit userspace socket policies
on 64 bit systems") and 74005991b78a ("xfrm: Do not parse 32bits
compiled xfrm netlink msg on 64bits host").

As some structures in xfrm uapi header were not packed by a mistake,
they differ in size between 64-bit and 32-bit applications:

          32-bit UABI                 |             64-bit UABI
--------------------------------------|--------------------------------------
sizeof(xfrm_usersa_info)     = 220    |    sizeof(xfrm_usersa_info)     = 224
sizeof(xfrm_userpolicy_info) = 164    |    sizeof(xfrm_userpolicy_info) = 168
sizeof(xfrm_userspi_info)    = 228    |    sizeof(xfrm_userspi_info)    = 232
sizeof(xfrm_user_acquire)    = 276    |    sizeof(xfrm_user_acquire)    = 280
sizeof(xfrm_user_expire)     = 224    |    sizeof(xfrm_user_expire)     = 232
sizeof(xfrm_user_polexpire)  = 168    |    sizeof(xfrm_user_polexpire)  = 176

With previous patches compatible layer was added to xfrm, so now we
support users of both ABI. A selftest to check work of ipsec tunnel is
present in net/ipsec. It can be easily compiled as compat application
and doesn't require any compat libraries.

Revert the mentioned commits and check the size of received message
according to native/compat syscall.

Cc: "David S. Miller" <davem@davemloft.net>
Cc: Fan Du <fan.du@intel.com>
Cc: Herbert Xu <herbert@gondor.apana.org.au>
Cc: Steffen Klassert <steffen.klassert@secunet.com>
Cc: netdev@vger.kernel.org
Signed-off-by: Dmitry Safonov <dima@arista.com>
---
 net/xfrm/xfrm_state.c |  3 ---
 net/xfrm/xfrm_user.c  | 35 ++++++++++++++++++++++++++++++-----
 2 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c
index 3f48a6925606..515a565bfc37 100644
--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -2057,9 +2057,6 @@ int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen
 	struct xfrm_mgr *km;
 	struct xfrm_policy *pol = NULL;
 
-	if (in_compat_syscall())
-		return -EOPNOTSUPP;
-
 	if (!optval && !optlen) {
 		xfrm_sk_policy_insert(sk, XFRM_POLICY_IN, NULL);
 		xfrm_sk_policy_insert(sk, XFRM_POLICY_OUT, NULL);
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 7e3a132b76fb..f6da6ea65d37 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2634,6 +2634,30 @@ static const int xfrm_msg_min[XFRM_NR_MSGTYPES] = {
 	[XFRM_MSG_GETSPDINFO  - XFRM_MSG_BASE] = sizeof(u32),
 };
 
+static const int xfrm_msg_min_compat[XFRM_NR_MSGTYPES] = {
+	[XFRM_MSG_NEWSA       - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info_packed),
+	[XFRM_MSG_DELSA       - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id),
+	[XFRM_MSG_GETSA       - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_id),
+	[XFRM_MSG_NEWPOLICY   - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info_packed),
+	[XFRM_MSG_DELPOLICY   - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id),
+	[XFRM_MSG_GETPOLICY   - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id),
+	[XFRM_MSG_ALLOCSPI    - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userspi_info_packed),
+	[XFRM_MSG_ACQUIRE     - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_acquire_packed),
+	[XFRM_MSG_EXPIRE      - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_expire_packed),
+	[XFRM_MSG_UPDPOLICY   - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_info_packed),
+	[XFRM_MSG_UPDSA       - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_info_packed),
+	[XFRM_MSG_POLEXPIRE   - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_polexpire_packed),
+	[XFRM_MSG_FLUSHSA     - XFRM_MSG_BASE] = XMSGSIZE(xfrm_usersa_flush),
+	[XFRM_MSG_FLUSHPOLICY - XFRM_MSG_BASE] = 0,
+	[XFRM_MSG_NEWAE       - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id),
+	[XFRM_MSG_GETAE       - XFRM_MSG_BASE] = XMSGSIZE(xfrm_aevent_id),
+	[XFRM_MSG_REPORT      - XFRM_MSG_BASE] = XMSGSIZE(xfrm_user_report),
+	[XFRM_MSG_MIGRATE     - XFRM_MSG_BASE] = XMSGSIZE(xfrm_userpolicy_id),
+	[XFRM_MSG_GETSADINFO  - XFRM_MSG_BASE] = sizeof(u32),
+	[XFRM_MSG_NEWSPDINFO  - XFRM_MSG_BASE] = sizeof(u32),
+	[XFRM_MSG_GETSPDINFO  - XFRM_MSG_BASE] = sizeof(u32),
+};
+
 #undef XMSGSIZE
 
 static const struct nla_policy xfrma_policy[XFRMA_MAX+1] = {
@@ -2715,10 +2739,7 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
 	struct net *net = sock_net(skb->sk);
 	struct nlattr *attrs[XFRMA_MAX+1];
 	const struct xfrm_link *link;
-	int type, err;
-
-	if (in_compat_syscall())
-		return -EOPNOTSUPP;
+	int type, err, hdrlen;
 
 	type = nlh->nlmsg_type;
 	if (type > XFRM_MSG_MAX)
@@ -2747,7 +2768,11 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
 		}
 	}
 
-	err = nlmsg_parse(nlh, xfrm_msg_min[type], attrs,
+	hdrlen = xfrm_msg_min[type];
+	if (in_compat_syscall())
+		hdrlen = xfrm_msg_min_compat[type];
+
+	err = nlmsg_parse(nlh, hdrlen, attrs,
 			  link->nla_max ? : XFRMA_MAX,
 			  link->nla_pol ? : xfrma_policy, extack);
 	if (err < 0)