linux-user: NETLINK_LIST_MEMBERSHIPS: Allow bad ptr if its length is 0

[PATCH] linux-user: NETLINK_LIST_MEMBERSHIPS: Allow bad ptr if its length is 0

Posted by Frédéric Fortier via 3 years ago

getsockopt(fd, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, *optval, *optlen)
syscall allows optval to be NULL/invalid if optlen points to a size of
zero. This allows userspace to query the length of the array they should
use to get the full membership list before allocating memory for said
list, then re-calling getsockopt with proper optval/optlen arguments.

Notable users of this pattern include systemd-networkd, which in the
(albeit old) version 237 tested, cannot start without this fix.

Signed-off-by: Frédéric Fortier <frf@ghgsat.com>
---
 linux-user/syscall.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 1e508576c7..9b7556a9a2 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -3025,7 +3025,7 @@ get_timeout:
                 return -TARGET_EINVAL;
             }
             results = lock_user(VERIFY_WRITE, optval_addr, len, 1);
-            if (!results) {
+            if (!results && len > 0) {
                 return -TARGET_EFAULT;
             }
             lv = len;
-- 
2.25.1

Re: [PATCH] linux-user: NETLINK_LIST_MEMBERSHIPS: Allow bad ptr if its length is 0

Posted by no-reply@patchew.org 3 years ago

Patchew URL: https://patchew.org/QEMU/20210328180135.88449-1-frf@ghgsat.com/



Hi,

This series seems to have some coding style problems. See output below for
more information:

Type: series
Message-id: 20210328180135.88449-1-frf@ghgsat.com
Subject: [PATCH] linux-user: NETLINK_LIST_MEMBERSHIPS: Allow bad ptr if its length is 0

=== TEST SCRIPT BEGIN ===
#!/bin/bash
git rev-parse base > /dev/null || exit 0
git config --local diff.renamelimit 0
git config --local diff.renames True
git config --local diff.algorithm histogram
./scripts/checkpatch.pl --mailback base..
=== TEST SCRIPT END ===

Updating 3c8cf5a9c21ff8782164d1def7f44bd888713384
From https://github.com/patchew-project/qemu
 * [new tag]         patchew/20210328180135.88449-1-frf@ghgsat.com -> patchew/20210328180135.88449-1-frf@ghgsat.com
Switched to a new branch 'test'
e2ba7fb linux-user: NETLINK_LIST_MEMBERSHIPS: Allow bad ptr if its length is 0

=== OUTPUT BEGIN ===
ERROR: Author email address is mangled by the mailing list
#2: 
Author: Frédéric Fortier via <qemu-devel@nongnu.org>

total: 1 errors, 0 warnings, 8 lines checked

Commit e2ba7fbd7535 (linux-user: NETLINK_LIST_MEMBERSHIPS: Allow bad ptr if its length is 0) has style problems, please review.  If any of these errors
are false positives report them to the maintainer, see
CHECKPATCH in MAINTAINERS.
=== OUTPUT END ===

Test command exited with code: 1


The full log is available at
http://patchew.org/logs/20210328180135.88449-1-frf@ghgsat.com/testing.checkpatch/?type=message.
---
Email generated automatically by Patchew [https://patchew.org/].
Please send your feedback to patchew-devel@redhat.com

Re: [PATCH] linux-user: NETLINK_LIST_MEMBERSHIPS: Allow bad ptr if its length is 0

Posted by Laurent Vivier 3 years ago

Le 28/03/2021 à 20:01, Frédéric Fortier via a écrit :
> getsockopt(fd, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, *optval, *optlen)
> syscall allows optval to be NULL/invalid if optlen points to a size of
> zero. This allows userspace to query the length of the array they should
> use to get the full membership list before allocating memory for said
> list, then re-calling getsockopt with proper optval/optlen arguments.
> 
> Notable users of this pattern include systemd-networkd, which in the
> (albeit old) version 237 tested, cannot start without this fix.
> 
> Signed-off-by: Frédéric Fortier <frf@ghgsat.com>
> ---
>  linux-user/syscall.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 1e508576c7..9b7556a9a2 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -3025,7 +3025,7 @@ get_timeout:
>                  return -TARGET_EINVAL;
>              }
>              results = lock_user(VERIFY_WRITE, optval_addr, len, 1);
> -            if (!results) {
> +            if (!results && len > 0) {
>                  return -TARGET_EFAULT;
>              }
>              lv = len;
> 

Applied to my linux-user-for-6.0 branch

Thanks,
Laurent

Re: [PATCH] linux-user: NETLINK_LIST_MEMBERSHIPS: Allow bad ptr if its length is 0

Posted by Laurent Vivier 3 years ago

Le 28/03/2021 à 20:01, Frédéric Fortier via a écrit :
> getsockopt(fd, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, *optval, *optlen)
> syscall allows optval to be NULL/invalid if optlen points to a size of
> zero. This allows userspace to query the length of the array they should
> use to get the full membership list before allocating memory for said
> list, then re-calling getsockopt with proper optval/optlen arguments.
> 
> Notable users of this pattern include systemd-networkd, which in the
> (albeit old) version 237 tested, cannot start without this fix.
> 
> Signed-off-by: Frédéric Fortier <frf@ghgsat.com>
> ---
>  linux-user/syscall.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/linux-user/syscall.c b/linux-user/syscall.c
> index 1e508576c7..9b7556a9a2 100644
> --- a/linux-user/syscall.c
> +++ b/linux-user/syscall.c
> @@ -3025,7 +3025,7 @@ get_timeout:
>                  return -TARGET_EINVAL;
>              }
>              results = lock_user(VERIFY_WRITE, optval_addr, len, 1);
> -            if (!results) {
> +            if (!results && len > 0) {
>                  return -TARGET_EFAULT;
>              }
>              lv = len;
> 

Reviewed-by: Laurent Vivier <laurent@vivier.eu>