mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-09-25 20:05:39 +00:00
4954f17dde
Add 3 setsockopt()s: 1. TCP_AO_ADD_KEY to add a new Master Key Tuple (MKT) on a socket 2. TCP_AO_DEL_KEY to delete present MKT from a socket 3. TCP_AO_INFO to change flags, Current_key/RNext_key on a TCP-AO sk Userspace has to introduce keys on every socket it wants to use TCP-AO option on, similarly to TCP_MD5SIG/TCP_MD5SIG_EXT. RFC5925 prohibits definition of MKTs that would match the same peer, so do sanity checks on the data provided by userspace. Be as conservative as possible, including refusal of defining MKT on an established connection with no AO, removing the key in-use and etc. (1) and (2) are to be used by userspace key manager to add/remove keys. (3) main purpose is to set RNext_key, which (as prescribed by RFC5925) is the KeyID that will be requested in TCP-AO header from the peer to sign their segments with. At this moment the life of ao_info ends in tcp_v4_destroy_sock(). Co-developed-by: Francesco Ruggeri <fruggeri@arista.com> Signed-off-by: Francesco Ruggeri <fruggeri@arista.com> Co-developed-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Salam Noureddine <noureddine@arista.com> Signed-off-by: Dmitry Safonov <dima@arista.com> Acked-by: David Ahern <dsahern@kernel.org> Signed-off-by: David S. Miller <davem@davemloft.net>
141 lines
3.1 KiB
C
141 lines
3.1 KiB
C
/* SPDX-License-Identifier: GPL-2.0-only */
|
|
/*
|
|
* Copyright (c) 2020 Christoph Hellwig.
|
|
*
|
|
* Support for "universal" pointers that can point to either kernel or userspace
|
|
* memory.
|
|
*/
|
|
#ifndef _LINUX_SOCKPTR_H
|
|
#define _LINUX_SOCKPTR_H
|
|
|
|
#include <linux/slab.h>
|
|
#include <linux/uaccess.h>
|
|
|
|
typedef struct {
|
|
union {
|
|
void *kernel;
|
|
void __user *user;
|
|
};
|
|
bool is_kernel : 1;
|
|
} sockptr_t;
|
|
|
|
static inline bool sockptr_is_kernel(sockptr_t sockptr)
|
|
{
|
|
return sockptr.is_kernel;
|
|
}
|
|
|
|
static inline sockptr_t KERNEL_SOCKPTR(void *p)
|
|
{
|
|
return (sockptr_t) { .kernel = p, .is_kernel = true };
|
|
}
|
|
|
|
static inline sockptr_t USER_SOCKPTR(void __user *p)
|
|
{
|
|
return (sockptr_t) { .user = p };
|
|
}
|
|
|
|
static inline bool sockptr_is_null(sockptr_t sockptr)
|
|
{
|
|
if (sockptr_is_kernel(sockptr))
|
|
return !sockptr.kernel;
|
|
return !sockptr.user;
|
|
}
|
|
|
|
static inline int copy_from_sockptr_offset(void *dst, sockptr_t src,
|
|
size_t offset, size_t size)
|
|
{
|
|
if (!sockptr_is_kernel(src))
|
|
return copy_from_user(dst, src.user + offset, size);
|
|
memcpy(dst, src.kernel + offset, size);
|
|
return 0;
|
|
}
|
|
|
|
static inline int copy_from_sockptr(void *dst, sockptr_t src, size_t size)
|
|
{
|
|
return copy_from_sockptr_offset(dst, src, 0, size);
|
|
}
|
|
|
|
static inline int copy_struct_from_sockptr(void *dst, size_t ksize,
|
|
sockptr_t src, size_t usize)
|
|
{
|
|
size_t size = min(ksize, usize);
|
|
size_t rest = max(ksize, usize) - size;
|
|
|
|
if (!sockptr_is_kernel(src))
|
|
return copy_struct_from_user(dst, ksize, src.user, size);
|
|
|
|
if (usize < ksize) {
|
|
memset(dst + size, 0, rest);
|
|
} else if (usize > ksize) {
|
|
char *p = src.kernel;
|
|
|
|
while (rest--) {
|
|
if (*p++)
|
|
return -E2BIG;
|
|
}
|
|
}
|
|
memcpy(dst, src.kernel, size);
|
|
return 0;
|
|
}
|
|
|
|
static inline int copy_to_sockptr_offset(sockptr_t dst, size_t offset,
|
|
const void *src, size_t size)
|
|
{
|
|
if (!sockptr_is_kernel(dst))
|
|
return copy_to_user(dst.user + offset, src, size);
|
|
memcpy(dst.kernel + offset, src, size);
|
|
return 0;
|
|
}
|
|
|
|
static inline int copy_to_sockptr(sockptr_t dst, const void *src, size_t size)
|
|
{
|
|
return copy_to_sockptr_offset(dst, 0, src, size);
|
|
}
|
|
|
|
static inline void *memdup_sockptr(sockptr_t src, size_t len)
|
|
{
|
|
void *p = kmalloc_track_caller(len, GFP_USER | __GFP_NOWARN);
|
|
|
|
if (!p)
|
|
return ERR_PTR(-ENOMEM);
|
|
if (copy_from_sockptr(p, src, len)) {
|
|
kfree(p);
|
|
return ERR_PTR(-EFAULT);
|
|
}
|
|
return p;
|
|
}
|
|
|
|
static inline void *memdup_sockptr_nul(sockptr_t src, size_t len)
|
|
{
|
|
char *p = kmalloc_track_caller(len + 1, GFP_KERNEL);
|
|
|
|
if (!p)
|
|
return ERR_PTR(-ENOMEM);
|
|
if (copy_from_sockptr(p, src, len)) {
|
|
kfree(p);
|
|
return ERR_PTR(-EFAULT);
|
|
}
|
|
p[len] = '\0';
|
|
return p;
|
|
}
|
|
|
|
static inline long strncpy_from_sockptr(char *dst, sockptr_t src, size_t count)
|
|
{
|
|
if (sockptr_is_kernel(src)) {
|
|
size_t len = min(strnlen(src.kernel, count - 1) + 1, count);
|
|
|
|
memcpy(dst, src.kernel, len);
|
|
return len;
|
|
}
|
|
return strncpy_from_user(dst, src.user, count);
|
|
}
|
|
|
|
static inline int check_zeroed_sockptr(sockptr_t src, size_t offset,
|
|
size_t size)
|
|
{
|
|
if (!sockptr_is_kernel(src))
|
|
return check_zeroed_user(src.user + offset, size);
|
|
return memchr_inv(src.kernel + offset, 0, size) == NULL;
|
|
}
|
|
|
|
#endif /* _LINUX_SOCKPTR_H */
|