From patchwork Fri Jul 11 07:10:36 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Christoph Schulz <develop@kristov.de>
X-Patchwork-Id: 369013
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 7A3481400B9
	for <patchwork-incoming@ozlabs.org>;
	Fri, 11 Jul 2014 17:16:13 +1000 (EST)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1752025AbaGKHQI (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Fri, 11 Jul 2014 03:16:08 -0400
Received: from server721-han.de-nserver.de ([85.158.180.102]:59079 "EHLO
	server721-han.de-nserver.de" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1751154AbaGKHQG (ORCPT
	<rfc822;netdev@vger.kernel.org>); Fri, 11 Jul 2014 03:16:06 -0400
Received: (qmail 16917 invoked from network); 11 Jul 2014 09:10:39 +0200
X-Fcrdns: Yes
Received: from a89-182-250-227.net-htp.de (HELO onion.schulz.ip-v6.eu)
	(89.182.250.227)
	(smtp-auth username mail@kristov.de, mechanism plain)
	by server721-han.de-nserver.de (qpsmtpd/0.92) with
	(ECDHE-RSA-AES256-GCM-SHA384 encrypted) ESMTPSA;
	Fri, 11 Jul 2014 09:10:39 +0200
Received: from [2001:6f8:13da:1:592:42ec:4313:de65]
	(helo=peacock.schulz.ip-v6.eu) by onion.schulz.ip-v6.eu with esmtps
	(TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (Exim 4.80.1)
	(envelope-from <develop@kristov.de>)
	id 1X5Uyb-0005Wq-3g; Fri, 11 Jul 2014 09:10:37 +0200
Received: from peacock.schulz.ip-v6.eu ([2001:6f8:13da:1:225:22ff:fe6c:68f4])
	by peacock.schulz.ip-v6.eu with esmtps (TLSv1:DHE-RSA-AES128-SHA:128)
	(Exim 4.80.1) (envelope-from <develop@kristov.de>)
	id 1X5Uya-0006ue-Ed; Fri, 11 Jul 2014 09:10:36 +0200
Message-ID: <53BF8DEC.4000307@kristov.de>
Date: Fri, 11 Jul 2014 09:10:36 +0200
From: Christoph Schulz <develop@kristov.de>
User-Agent: Mozilla/5.0 (X11; Linux i686;
	rv:24.0) Gecko/20100101 Thunderbird/24.6.0
MIME-Version: 1.0
To: netdev@vger.kernel.org
CC: linux-ppp@vger.kernel.org, paulus@samba.org, isdn@linux-pingi.de
Subject: [PATCH net-next] net: ppp: don't call sk_chk_filter twice
X-User-Auth: Auth by mail@kristov.de through 89.182.250.227
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

From: Christoph Schulz <develop@kristov.de>

Commit 568f194e8bd16c353ad50f9ab95d98b20578a39d ("net: ppp: use
sk_unattached_filter api") causes sk_chk_filter() to be called twice when
setting a pass or active filter. The first call is from within get_filter().
The second one is through the call chain

  ppp_ioctl() --> sk_unattached_filter_create()
              --> __sk_prepare_filter()
              --> sk_chk_filter()

However, sk_chk_filter() is not idempotent as it sometimes replaces filter
codes. So running it a second time over the same filter does not work and
yields EINVAL. The net effect is that setting pass and/or active PPP filters
does not work anymore, since sk_unattached_filter_create() always returns
EINVAL due to the second (and erroneous) call to sk_chk_filter(), regardless
whether the filter was sane or not. So this patch simply removes the call to
sk_chk_filter() from within get_filter(). This is safe as the filter will
be checked by sk_chk_filter() later anyway.

This error is found in exactly the same way in the isdn4linux PPP driver, so
it is fixed there the same way.

Signed-off-by: Christoph Schulz <develop@kristov.de>
---
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

diff --git a/drivers/isdn/i4l/isdn_ppp.c b/drivers/isdn/i4l/isdn_ppp.c
index 61ac632..a333b7f 100644
--- a/drivers/isdn/i4l/isdn_ppp.c
+++ b/drivers/isdn/i4l/isdn_ppp.c
@@ -442,7 +442,7 @@ static int get_filter(void __user *arg, struct sock_filter **p)
 {
 	struct sock_fprog uprog;
 	struct sock_filter *code = NULL;
-	int len, err;
+	int len;
 
 	if (copy_from_user(&uprog, arg, sizeof(uprog)))
 		return -EFAULT;
@@ -458,12 +458,6 @@ static int get_filter(void __user *arg, struct sock_filter **p)
 	if (IS_ERR(code))
 		return PTR_ERR(code);
 
-	err = sk_chk_filter(code, uprog.len);
-	if (err) {
-		kfree(code);
-		return err;
-	}
-
 	*p = code;
 	return uprog.len;
 }
diff --git a/drivers/net/ppp/ppp_generic.c b/drivers/net/ppp/ppp_generic.c
index 91d6c12..e2f20f8 100644
--- a/drivers/net/ppp/ppp_generic.c
+++ b/drivers/net/ppp/ppp_generic.c
@@ -539,7 +539,7 @@ static int get_filter(void __user *arg, struct sock_filter **p)
 {
 	struct sock_fprog uprog;
 	struct sock_filter *code = NULL;
-	int len, err;
+	int len;
 
 	if (copy_from_user(&uprog, arg, sizeof(uprog)))
 		return -EFAULT;
@@ -554,12 +554,6 @@ static int get_filter(void __user *arg, struct sock_filter **p)
 	if (IS_ERR(code))
 		return PTR_ERR(code);
 
-	err = sk_chk_filter(code, uprog.len);
-	if (err) {
-		kfree(code);
-		return err;
-	}
-
 	*p = code;
 	return uprog.len;
 }