From patchwork Fri Jan  5 11:27:15 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tony Duan <yifeid@nvidia.com>
X-Patchwork-Id: 1882837
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=185.125.189.65; helo=lists.ubuntu.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com;
 receiver=patchwork.ozlabs.org)
Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4T61R61W6nz1yP5
	for <incoming@patchwork.ozlabs.org>; Fri,  5 Jan 2024 22:28:02 +1100 (AEDT)
Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com)
	by lists.ubuntu.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1rLiMh-0004ry-3Y; Fri, 05 Jan 2024 11:27:51 +0000
Received: from mail-mw2nam12on2064.outbound.protection.outlook.com
 ([40.107.244.64] helo=NAM12-MW2-obe.outbound.protection.outlook.com)
 by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.86_2) (envelope-from <yifeid@nvidia.com>) id 1rLiMc-0004oZ-AB
 for kernel-team@lists.ubuntu.com; Fri, 05 Jan 2024 11:27:46 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
 b=mvgee+XTAoBtqJDXtlPix5d/s/D2mnNdOwvZqs8a2AhTTsAjcfHQXGulR3jvpA2rcZAP3eeKrEsr/ecyIORLoIE6U+yQiNamQ2vE2FoyU6GvTVD3Ksf205lsCPHcvzlolPd6/FAo7nCLMJyFrsdJ+5S57MyZX1qa6Hk9xpEozEG/WmwU8BoPSDLBQxQeFxGaiWirTmbSTEPWPpJaUYL+VBDJEY3xJ17ezwloGKQYjrLOM7hIDcScEpMJO62boUh4Up7A2/zJpwrLhG+zyabfAevyruXLP6GI8g3HwJyb3JmD2CUPx1GpZ/tnzNtAyzZG1t7V0fvjT7wjT1XlmUictA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
 s=arcselector9901;
 h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1;
 bh=RX8fnPk/VMakhgZlbWHoAUXaqx1tkyC4JoeI+L/YzXk=;
 b=Y7lq/Pp86u7IeEBtcm52btYeQI7eEFCFOZBzmP9ujKYj26vLKbcv3/G0e8m3tUEUZ7ngJ8FGlczplPYs6PpT8sOBsilv9rwdkyX9644l3BK8tEwBDv/+gLmzpWIm5BNcIZ+nvEZFC4kNmmWU5ViiWyt8weS3PNzkrsqgKBOd4XCMYAqIMvc1uqnnZWbV/PCEyr+AbyeIp8iqFrGnYMvZ6olJokTFBQjBhjEUkXsLTR3zMJzAYy2Bbx1pn9BTD6xNnMo9MvEDYsZMAtbtIWI2yKa7ejyVRFFAbsJGl+Rl9gYP+AtPzdWn4cH1CONMm+C6yKHDIAKlOwys4HzaKnK74g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass (sender ip is
 216.228.117.161) smtp.rcpttodomain=canonical.com smtp.mailfrom=nvidia.com;
 dmarc=pass (p=reject sp=reject pct=100) action=none header.from=nvidia.com;
 dkim=none (message not signed); arc=none (0)
Received: from BL0PR02CA0071.namprd02.prod.outlook.com (2603:10b6:207:3d::48)
 by BY5PR12MB4998.namprd12.prod.outlook.com (2603:10b6:a03:1d4::11)
 with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.17; Fri, 5 Jan
 2024 11:27:42 +0000
Received: from MN1PEPF0000F0E5.namprd04.prod.outlook.com
 (2603:10b6:207:3d:cafe::8) by BL0PR02CA0071.outlook.office365.com
 (2603:10b6:207:3d::48) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7159.17 via Frontend
 Transport; Fri, 5 Jan 2024 11:27:41 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 216.228.117.161)
 smtp.mailfrom=nvidia.com;
 dkim=none (message not signed)
 header.d=none;dmarc=pass action=none header.from=nvidia.com;
Received-SPF: Pass (protection.outlook.com: domain of nvidia.com designates
 216.228.117.161 as permitted sender) receiver=protection.outlook.com;
 client-ip=216.228.117.161; helo=mail.nvidia.com; pr=C
Received: from mail.nvidia.com (216.228.117.161) by
 MN1PEPF0000F0E5.mail.protection.outlook.com (10.167.242.43) with Microsoft
 SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 15.20.7159.9 via Frontend Transport; Fri, 5 Jan 2024 11:27:41 +0000
Received: from rnnvmail202.nvidia.com (10.129.68.7) by mail.nvidia.com
 (10.129.200.67) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Fri, 5 Jan 2024
 03:27:27 -0800
Received: from rnnvmail204.nvidia.com (10.129.68.6) by rnnvmail202.nvidia.com
 (10.129.68.7) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41; Fri, 5 Jan 2024
 03:27:26 -0800
Received: from mtl123.mtl.labs.mlnx (10.127.8.10) by mail.nvidia.com
 (10.129.68.6) with Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.986.41 via Frontend
 Transport; Fri, 5 Jan 2024 03:27:26 -0800
Received: from sw-mtx-008.mtx.labs.mlnx. (sw-mtx-008.mtx.labs.mlnx
 [10.9.150.35])
 by mtl123.mtl.labs.mlnx (8.14.4/8.14.4) with ESMTP id 405BRK0p014036;
 Fri, 5 Jan 2024 13:27:23 +0200
From: Tony Duan <yifeid@nvidia.com>
To: <kernel-team@lists.ubuntu.com>
Subject: [SRU][J:linux-bluefield][PATCH v2 1/6] net: af_key: fix sadb_x_filter
 validation
Date: Fri, 5 Jan 2024 05:27:15 -0600
Message-ID: <1704454040-11017-2-git-send-email-yifeid@nvidia.com>
X-Mailer: git-send-email 1.8.3.1
In-Reply-To: <1704454040-11017-1-git-send-email-yifeid@nvidia.com>
References: <1704454040-11017-1-git-send-email-yifeid@nvidia.com>
MIME-Version: 1.0
X-NV-OnPremToCloud: ExternallySecured
X-EOPAttributedMessage: 0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: MN1PEPF0000F0E5:EE_|BY5PR12MB4998:EE_
X-MS-Office365-Filtering-Correlation-Id: 7b5a8432-ad81-47f3-38ea-08dc0de15454
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: 
 zrZZ/mxdglYRCRW+2fy1gKS0yQk7o3CrbBp+/H6KewdUT/XhsTea8Ba3ELKgsvaYSnFeYq/RkWZb5VeIDWbz0BSFnwyzxBPcNEJ96bB/1OUP/tvou9/8T+k6A9sTZ2zfK674trv/h3ZLU6dvEi+9L7aq4EQjxDj+nCV/JB8P+iMC2rkX/xN6Yx1M9c3H02eJD2GAkA+xclAN4FRMMtZ2KrNIBYUSoFO1uihhXWFVn3xec5vT6vwj/BpPjKNC4rdW2zTr4VTm4Loz4su7MYFKA1H/eHIWN7O68KR8qvcHEbtPCvwx2AItsxBaMxMWjueVGJHvS3R/S1kWt/YePFf3OP6u/KcfDvWl7AXd2byZxJJbwcAC9svgdNZSNCGkTjNBjqpq0Jpi0bxk7VBTrY1ESrfU6GSpyiby7A7/j+8/GeHIBOdF2EDiEHQ73fpwBE4A4gD0sNafe9GNIGzIu21EUr/XSAwH5Flo89lrJgvwipvz/PrTVDtV96IjeWIBVI0hKCz9fRkzKmtMAHrfLFJB6G6I7PbaMuDCyTm6Mdu9BEAOYn7Cl3qDksONZ3kVhJG/5b/l1hhUc+stRQNEW+qykgbrnnCoLLqJ5LI4ftX0BfA8x2tR6gKXf3L2juaEUQkLK8MT+il6lZjQQAktqKRGHDjOp7YpHDr/cHDqSqB529W6CEscIWOHUN4kbLGeFiqD3qzZcM+S/kipenJZDcHGCkZa91vMJi8Y61TgA4Vy9sm2UXcgSThPFuqsHnY+i7zfMHGGdoCtPLm1awjljfaJBg==
X-Forefront-Antispam-Report: CIP:216.228.117.161; CTRY:US; LANG:en; SCL:1;
 SRV:;
 IPV:NLI; SFV:NSPM; H:mail.nvidia.com; PTR:dc6edge2.nvidia.com; CAT:NONE;
 SFS:(13230031)(4636009)(136003)(39860400002)(376002)(396003)(346002)(230922051799003)(451199024)(82310400011)(186009)(64100799003)(1800799012)(46966006)(40470700004)(36840700001)(36860700001)(82740400003)(26005)(2616005)(70586007)(336012)(2906002)(5660300002)(4326008)(8936002)(8676002)(36756003)(6916009)(316002)(70206006)(54906003)(966005)(478600001)(47076005)(41300700001)(83380400001)(86362001)(6666004)(7636003)(356005)(40460700003)(40480700001);
 DIR:OUT; SFP:1101;
X-OriginatorOrg: Nvidia.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 05 Jan 2024 11:27:41.1501 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 7b5a8432-ad81-47f3-38ea-08dc0de15454
X-MS-Exchange-CrossTenant-Id: 43083d15-7273-40c1-b7db-39efd9ccc17a
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: 
 TenantId=43083d15-7273-40c1-b7db-39efd9ccc17a; Ip=[216.228.117.161];
 Helo=[mail.nvidia.com]
X-MS-Exchange-CrossTenant-AuthSource: 
 MN1PEPF0000F0E5.namprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR12MB4998
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Cc: vlad@nvidia.com, dann.frazier@canonical.com, bodong@nvidia.com
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Lin Ma <linma@zju.edu.cn>

BugLink: https://bugs.launchpad.net/bugs/2044427

When running xfrm_state_walk_init(), the xfrm_address_filter being used
is okay to have a splen/dplen that equals to sizeof(xfrm_address_t)<<3.
This commit replaces >= to > to make sure the boundary checking is
correct.

Fixes: 37bd22420f85 ("af_key: pfkey_dump needs parameter validation")
Signed-off-by: Lin Ma <linma@zju.edu.cn>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
(cherry picked from commit 75065a8929069bc93181848818e23f147a73f83a)
Signed-off-by: Tony Duan <yifeid@nvidia.com>
---
 net/key/af_key.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/key/af_key.c b/net/key/af_key.c
index 7e45d7e..e62f1b9 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -1848,9 +1848,9 @@ static int pfkey_dump(struct sock *sk, struct sk_buff *skb, const struct sadb_ms
 	if (ext_hdrs[SADB_X_EXT_FILTER - 1]) {
 		struct sadb_x_filter *xfilter = ext_hdrs[SADB_X_EXT_FILTER - 1];
 
-		if ((xfilter->sadb_x_filter_splen >=
+		if ((xfilter->sadb_x_filter_splen >
 			(sizeof(xfrm_address_t) << 3)) ||
-		    (xfilter->sadb_x_filter_dplen >=
+		    (xfilter->sadb_x_filter_dplen >
 			(sizeof(xfrm_address_t) << 3))) {
 			mutex_unlock(&pfk->dump_lock);
 			return -EINVAL;