[thirdparty/kernel/stable-queue.git] / releases / 4.14.33 / xfrm-refuse-to-insert-32-bit-userspace-socket-policies-on-64-bit-systems.patch

From 19d7df69fdb2636856dc8919de72fc1bf8f79598 Mon Sep 17 00:00:00 2001
From: Steffen Klassert <steffen.klassert@secunet.com>
Date: Thu, 1 Feb 2018 08:49:23 +0100
Subject: xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems

From: Steffen Klassert <steffen.klassert@secunet.com>

commit 19d7df69fdb2636856dc8919de72fc1bf8f79598 upstream.

We don't have a compat layer for xfrm, so userspace and kernel
structures have different sizes in this case. This results in
a broken configuration, so refuse to configure socket policies
when trying to insert from 32 bit userspace as we do it already
with policies inserted via netlink.

Reported-and-tested-by: syzbot+e1a1577ca8bcb47b769a@syzkaller.appspotmail.com
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 net/xfrm/xfrm_state.c |    5 +++++
 1 file changed, 5 insertions(+)

--- a/net/xfrm/xfrm_state.c
+++ b/net/xfrm/xfrm_state.c
@@ -2050,6 +2050,11 @@ int xfrm_user_policy(struct sock *sk, in
 	struct xfrm_mgr *km;
 	struct xfrm_policy *pol = NULL;
 
+#ifdef CONFIG_COMPAT
+	if (in_compat_syscall())
+		return -EOPNOTSUPP;
+#endif
+
 	if (!optval && !optlen) {
 		xfrm_sk_policy_insert(sk, XFRM_POLICY_IN, NULL);
 		xfrm_sk_policy_insert(sk, XFRM_POLICY_OUT, NULL);
Commit	Line	Data
c4e04f43 GKH	1	From 19d7df69fdb2636856dc8919de72fc1bf8f79598 Mon Sep 17 00:00:00 2001
	2	From: Steffen Klassert <steffen.klassert@secunet.com>
	3	Date: Thu, 1 Feb 2018 08:49:23 +0100
	4	Subject: xfrm: Refuse to insert 32 bit userspace socket policies on 64 bit systems
	5
	6	From: Steffen Klassert <steffen.klassert@secunet.com>
	7
	8	commit 19d7df69fdb2636856dc8919de72fc1bf8f79598 upstream.
	9
	10	We don't have a compat layer for xfrm, so userspace and kernel
	11	structures have different sizes in this case. This results in
	12	a broken configuration, so refuse to configure socket policies
	13	when trying to insert from 32 bit userspace as we do it already
	14	with policies inserted via netlink.
	15
	16	Reported-and-tested-by: syzbot+e1a1577ca8bcb47b769a@syzkaller.appspotmail.com
	17	Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
	18	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	19
	20	---
	21	net/xfrm/xfrm_state.c \| 5 +++++
	22	1 file changed, 5 insertions(+)
	23
	24	--- a/net/xfrm/xfrm_state.c
	25	+++ b/net/xfrm/xfrm_state.c
	26	@@ -2050,6 +2050,11 @@ int xfrm_user_policy(struct sock *sk, in
	27	struct xfrm_mgr *km;
	28	struct xfrm_policy *pol = NULL;
	29
	30	+#ifdef CONFIG_COMPAT
	31	+ if (in_compat_syscall())
	32	+ return -EOPNOTSUPP;
	33	+#endif
	34	+
	35	if (!optval && !optlen) {
	36	xfrm_sk_policy_insert(sk, XFRM_POLICY_IN, NULL);
	37	xfrm_sk_policy_insert(sk, XFRM_POLICY_OUT, NULL);