[ovs-dev] [PATCH 2/3] datapath: Prepare to support 32-bit compatibility ioctls.
Jesse Gross
jesse at nicira.com
Thu May 13 00:38:30 UTC 2010
On Mon, May 10, 2010 at 2:13 PM, Ben Pfaff <blp at nicira.com> wrote:
>
> +static int do_answer_query(struct sw_flow *flow, u32 query_flags,
> + struct odp_flow_stats __user *ustats,
> + union odp_action __user *actions,
> + u32 __user *n_actionsp)
> {
> - union odp_action __user *actions;
> struct sw_flow_actions *sf_acts;
> + struct odp_flow_stats stats;
> + unsigned long int flags;
> u32 n_actions;
>
> - if (__get_user(actions, &ufp->actions) ||
> - __get_user(n_actions, &ufp->n_actions))
> + spin_lock_irqsave(&flow->lock, flags);
> + get_stats(flow, &stats);
> + if (query_flags & ODPFF_ZERO_TCP_FLAGS) {
> + flow->tcp_flags = 0;
> + }
> + spin_unlock_irqrestore(&flow->lock, flags);
> +
> + if (__copy_to_user(ustats, &stats, sizeof(struct odp_flow_stats))
> ||
> + __get_user(n_actions, n_actionsp))
> return -EFAULT;
>
> if (!n_actions)
> return 0;
>
> sf_acts = rcu_dereference(flow->sf_acts);
> - if (__put_user(sf_acts->n_actions, &ufp->n_actions) ||
> + if (__put_user(sf_acts->n_actions, n_actionsp) ||
> (actions && copy_to_user(actions, sf_acts->actions,
> sizeof(union odp_action) *
> min(sf_acts->n_actions, n_actions))))
>
All these __[copy|get|put] functions make me nervous because we need to
ensure that the caller has already called access_ok(). Besides requiring
thought, I'm pretty sure that there are places where we do a write to
userspace without calling access_ok(VERIFY_WRITE, ...) - just a read check.
I know these existed before (and there are a few other of them scattered
around) but unless it is obviously correct like access_ok() followed by a
series of reads/writes it just doesn't seem worth avoiding the check for a
very marginal performance benefit.
> -static int list_flows(struct datapath *dp, const struct odp_flowvec
> *flowvec)
> +static int do_list_flows(struct datapath *dp, const struct odp_flowvec
> *flowvec)
> {
> struct list_flows_cbdata cbdata;
> int error;
> @@ -1218,7 +1239,8 @@ static int do_flowvec_ioctl(struct datapath *dp,
> unsigned long argp,
> copy_from_user(&flowvec, uflowvec, sizeof flowvec))
> return -EFAULT;
>
> - if (flowvec.n_flows > INT_MAX / sizeof(struct odp_flow))
> + if (flowvec.n_flows < 0 ||
> + flowvec.n_flows > INT_MAX / sizeof(struct odp_flow))
> return -EINVAL;
>
I don't think that we need this check to see if 'n_flows' is negative now
that it is unsigned.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openvswitch.org/pipermail/ovs-dev/attachments/20100512/69757c2f/attachment-0003.html>
More information about the dev
mailing list