a7y18lte-ubports/android_kernel_samsung_a7y18lte
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2c2d484d65
android_kernel_samsung_a7y1.../net
History
Johannes Berg 2c2d484d65 decnet: fix DN_IFREQ_SIZE 
[ Upstream commit 50c2936634bcb1db78a8ca63249236810c11a80f ]

Digging through the ioctls with Al because of the previous
patches, we found that on 64-bit decnet's dn_dev_ioctl()
is wrong, because struct ifreq::ifr_ifru is actually 24
bytes (not 16 as expected from struct sockaddr) due to the
ifru_map and ifru_settings members.

Clearly, decnet expects the ioctl to be called with a struct
like
  struct ifreq_dn {
    char ifr_name[IFNAMSIZ];
    struct sockaddr_dn ifr_addr;
  };

since it does
  struct ifreq *ifr = ...;
  struct sockaddr_dn *sdn = (struct sockaddr_dn *)&ifr->ifr_addr;

This means that DN_IFREQ_SIZE is too big for what it wants on
64-bit, as it is
  sizeof(struct ifreq) - sizeof(struct sockaddr) +
  sizeof(struct sockaddr_dn)

This assumes that sizeof(struct sockaddr) is the size of ifr_ifru
but that isn't true.

Fix this to use offsetof(struct ifreq, ifr_ifru).

This indeed doesn't really matter much - the result is that we
copy in/out 8 bytes more than we should on 64-bit platforms. In
case the "struct ifreq_dn" lands just on the end of a page though
it might lead to faults.

As far as I can tell, it has been like this forever, so it seems
very likely that nobody cares.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-04-07 12:42:56 +02:00
..
6lowpan
9p
802
8021q
appletalk
atm
ax25
batman-adv
bluetooth Bluetooth: L2CAP: Detect if remote is not able to use the whole MPS 2020-04-07 12:29:42 +02:00
bridge
caif
can
ceph
core net/core/neighbour: fix kmemleak minimal reference count for hash tables 2020-04-07 12:42:52 +02:00
dcb
dccp inet: stop leaking jiffies on the wire 2020-04-07 09:29:41 +02:00
decnet decnet: fix DN_IFREQ_SIZE 2020-04-07 12:42:56 +02:00
dns_resolver
dsa
ethernet
hsr
ieee802154
ipv4 inet: stop leaking jiffies on the wire 2020-04-07 09:29:41 +02:00
ipv6
ipx
irda
iucv
key
l2tp
l3mdev
lapb
llc llc: avoid blocking in llc_sap_close() 2020-04-07 12:27:44 +02:00
mac80211 mac80211: minstrel: fix CCK rate group streams value 2020-04-07 12:33:26 +02:00
mac802154
mpls
mptcp
ncm
netfilter ipvs: move old_secure_tcp into struct netns_ipvs 2020-04-07 11:49:17 +02:00
netlabel
netlink
netrom
nfc nfc: netlink: fix double device reference drop 2020-04-07 11:48:24 +02:00
openvswitch net: ovs: fix return type of ndo_start_xmit function 2020-04-07 12:31:35 +02:00
packet
phonet
rds
rfkill
rose
rxrpc
sched net/sched: act_pedit: fix WARN() in the traffic path 2020-04-07 12:33:38 +02:00
sctp inet: stop leaking jiffies on the wire 2020-04-07 09:29:41 +02:00
sunrpc SUNRPC: Fix a compile warning for cmpxchg64() 2020-04-07 12:35:06 +02:00
switchdev
tipc tipc: fix memory leak in tipc_nl_compat_publ_dump 2020-04-07 12:42:48 +02:00
unix net: fix warning in af_unix 2020-04-07 12:34:56 +02:00
vmw_vsock VSOCK: bind to random port for VMADDR_PORT_ANY 2020-04-07 12:41:40 +02:00
wimax
wireless nl80211: Fix a GET_KEY reply attribute 2020-04-07 12:32:11 +02:00
x25
xfrm
compat.c
Kconfig
Makefile
socket.c
sysctl_net.c