diff options
| author | Alistair Delva <adelva@google.com> | 2020-11-05 08:49:49 -0800 |
|---|---|---|
| committer | Alistair Delva <adelva@google.com> | 2020-11-05 18:43:34 +0000 |
| commit | 1c23a26139e11ca31b16f6e15d41282e9421d717 (patch) | |
| tree | 5e69e9ec1936a70b49627a31d78d080255a9bf3e | |
| parent | 05de67ed2af314b5d1c5083b66c8b077628aaf52 (diff) | |
ANDROID: Temporarily disable XFRM_USER_COMPAT filtering
Before 5.10-rc1, the upstream kernel blocked any compat calls into XFRM
code with EOPNOTSUPP, however Android kernels had been patching this
check out and made userspace match the 64-bit kernel netlink format
instead.
When the new XFRM_USER_COMPAT feature landed, it added a similar check
in two places which returns EOPNOTSUPP only if the XFRM_USER_COMPAT
feature is disabled, however that is currently always the case for
Android kernels and we do not want to filter these callers.
While we work to remove the userspace compatibility mess, disable the
filtering of compat calls when XFRM_USER_COMPAT is disabled. If the
XFRM_USER_COMPAT feature is enabled, nothing changes.
Bug: 163141236
Bug: 172541864
Signed-off-by: Alistair Delva <adelva@google.com>
Change-Id: Ifbea109070650dfcb4f93a3cc692c18a8d11ab44
| -rw-r--r-- | net/xfrm/xfrm_state.c | 25 | ||||
| -rw-r--r-- | net/xfrm/xfrm_user.c | 29 |
2 files changed, 30 insertions, 24 deletions
diff --git a/net/xfrm/xfrm_state.c b/net/xfrm/xfrm_state.c index 4cbeee279840..295584a47684 100644 --- a/net/xfrm/xfrm_state.c +++ b/net/xfrm/xfrm_state.c @@ -1939,17 +1939,20 @@ int xfrm_user_policy(struct sock *sk, int optname, u8 __user *optval, int optlen if (copy_from_user(data, optval, optlen)) goto out; - if (is_compat_task()) { - struct xfrm_translator *xtr = xfrm_get_translator(); - - if (!xtr) - return -EOPNOTSUPP; - - err = xtr->xlate_user_policy_sockptr(&data, optlen); - xfrm_put_translator(xtr); - if (err) { - kfree(data); - return err; + /* Use the 64-bit / untranslated format on Android, even for compat */ + if (!IS_ENABLED(CONFIG_ANDROID) || IS_ENABLED(CONFIG_XFRM_USER_COMPAT)) { + if (is_compat_task()) { + struct xfrm_translator *xtr = xfrm_get_translator(); + + if (!xtr) + return -EOPNOTSUPP; + + err = xtr->xlate_user_policy_sockptr(&data, optlen); + xfrm_put_translator(xtr); + if (err) { + kfree(data); + return err; + } } } diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 638d415eb0d4..f93c95541d37 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -2601,19 +2601,22 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh) if (!netlink_net_capable(skb, CAP_NET_ADMIN)) return -EPERM; - if (is_compat_task()) { - struct xfrm_translator *xtr = xfrm_get_translator(); - - if (!xtr) - return -EOPNOTSUPP; - - nlh64 = xtr->rcv_msg_compat(nlh, link->nla_max, - link->nla_pol); - xfrm_put_translator(xtr); - if (IS_ERR(nlh64)) - return PTR_ERR(nlh64); - if (nlh64) - nlh = nlh64; + /* Use the 64-bit / untranslated format on Android, even for compat */ + if (!IS_ENABLED(CONFIG_ANDROID) || IS_ENABLED(CONFIG_XFRM_USER_COMPAT)) { + if (is_compat_task()) { + struct xfrm_translator *xtr = xfrm_get_translator(); + + if (!xtr) + return -EOPNOTSUPP; + + nlh64 = xtr->rcv_msg_compat(nlh, link->nla_max, + link->nla_pol); + xfrm_put_translator(xtr); + if (IS_ERR(nlh64)) + return PTR_ERR(nlh64); + if (nlh64) + nlh = nlh64; + } } if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) || |