From owner-svn-src-head@FreeBSD.ORG  Tue May 19 20:40:44 2009
Return-Path: <owner-svn-src-head@FreeBSD.ORG>
Delivered-To: svn-src-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id D35371065674;
	Tue, 19 May 2009 20:40:44 +0000 (UTC)
	(envelope-from minimarmot@gmail.com)
Received: from ey-out-2122.google.com (ey-out-2122.google.com [74.125.78.24])
	by mx1.freebsd.org (Postfix) with ESMTP id DC2778FC14;
	Tue, 19 May 2009 20:40:43 +0000 (UTC)
	(envelope-from minimarmot@gmail.com)
Received: by ey-out-2122.google.com with SMTP id 9so20080eyd.7
	for <multiple recipients>; Tue, 19 May 2009 13:40:43 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma;
	h=domainkey-signature:mime-version:received:in-reply-to:references
	:date:message-id:subject:from:to:cc:content-type
	:content-transfer-encoding;
	bh=DeCf5gFwtNiibOOmQ8zxYcgjTiSe6KwIzpWgWOoUKzM=;
	b=dtw4nSJVsesihf4lIfPlRc0WMf5fpNWWVTbQ7UL/MidSOEQ+zHIhRhFKS0AAnCsd6e
	zwMsIrw+mau7ERPOZBWQi/cab0+GQSk5UazGRAvHtfPrLf94qmdMVt0lur3LmhxmK20N
	MZk0/zXQhbZiWOSvVbnljOPIJxhYcBiCLx3ro=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma;
	h=mime-version:in-reply-to:references:date:message-id:subject:from:to
	:cc:content-type:content-transfer-encoding;
	b=ot1brhYaPWMbCmmwOuf0Z0xPwftMzUhAs/7jwOyl1zA+zGWY9v1UXGR/iQgsqQi9Bg
	m7kdny8h30atsp5l/TUGrBXd+womV0n+9wJjuEIrpbHLhh4sWs94cfSNoVaNHy0lIykJ
	xrDjCCwqNNg1dwZt2iihSd2IMCYfrG3TjyoGc=
MIME-Version: 1.0
Received: by 10.210.18.8 with SMTP id 8mr587649ebr.86.1242764396532; Tue, 19 
	May 2009 13:19:56 -0700 (PDT)
In-Reply-To: <200905190910.n4J9Arvs090603@svn.freebsd.org>
References: <200905190910.n4J9Arvs090603@svn.freebsd.org>
Date: Tue, 19 May 2009 16:19:56 -0400
Message-ID: <47d0403c0905191319w77c8849t5dca0b297b292a34@mail.gmail.com>
From: Ben Kaduk <minimarmot@gmail.com>
To: Dmitry Chagin <dchagin@freebsd.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org,
	src-committers@freebsd.org
Subject: Re: svn commit: r192373 - head/sys/compat/linux
X-BeenThere: svn-src-head@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for the src tree for head/-current
	<svn-src-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-head>
List-Post: <mailto:svn-src-head@freebsd.org>
List-Help: <mailto:svn-src-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-head>,
	<mailto:svn-src-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 19 May 2009 20:40:45 -0000

On Tue, May 19, 2009 at 5:10 AM, Dmitry Chagin <dchagin@freebsd.org> wrote:
> Author: dchagin
> Date: Tue May 19 09:10:53 2009
> New Revision: 192373
> URL: http://svn.freebsd.org/changeset/base/192373
>
> Log:
> =A0Validate user-supplied arguments values.
> =A0Args argument is a pointer to the structure located in user space in
> =A0which the socketcall arguments are packed. The structure must be
> =A0copied to the kernel instead of direct dereferencing.
>
> =A0Approved by: =A0kib (mentor)
> =A0MFC after: =A0 =A01 week
>
> Modified:
> =A0head/sys/compat/linux/linux_socket.c
>
> Modified: head/sys/compat/linux/linux_socket.c
> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D
> --- head/sys/compat/linux/linux_socket.c =A0 =A0 =A0 =A0Tue May 19 05:36:=
10 2009 =A0 =A0 =A0 =A0(r192372)
> +++ head/sys/compat/linux/linux_socket.c =A0 =A0 =A0 =A0Tue May 19 09:10:=
53 2009 =A0 =A0 =A0 =A0(r192373)
> @@ -1467,11 +1467,38 @@ linux_getsockopt(struct thread *td, stru
> =A0 =A0 =A0 =A0return (error);
> =A0}
>
> +/* Argument list sizes for linux_socketcall */
> +
> +#define LINUX_AL(x) ((x) * sizeof(l_ulong))
> +
> +static const unsigned char lxs_args[] =3D {
> + =A0 =A0 =A0 LINUX_AL(0) /* unused*/, =A0 =A0 =A0 =A0LINUX_AL(3) /* sock=
et */,
> + =A0 =A0 =A0 LINUX_AL(3) /* bind */, =A0 =A0 =A0 =A0 LINUX_AL(3) /* conn=
ect */,
> + =A0 =A0 =A0 LINUX_AL(2) /* listen */, =A0 =A0 =A0 LINUX_AL(3) /* accept=
 */,
> + =A0 =A0 =A0 LINUX_AL(3) /* getsockname */, =A0LINUX_AL(3) /* getpeernam=
e */,
> + =A0 =A0 =A0 LINUX_AL(4) /* socketpair */, =A0 LINUX_AL(4) /* send */,
> + =A0 =A0 =A0 LINUX_AL(4) /* recv */, =A0 =A0 =A0 =A0 LINUX_AL(6) /* send=
to */,
> + =A0 =A0 =A0 LINUX_AL(6) /* recvfrom */, =A0 =A0 LINUX_AL(2) /* shutdown=
 */,
> + =A0 =A0 =A0 LINUX_AL(5) /* setsockopt */, =A0 LINUX_AL(5) /* getsockopt=
 */,
> + =A0 =A0 =A0 LINUX_AL(3) /* sendmsg */, =A0 =A0 =A0LINUX_AL(3) /* recvms=
g */
> +};
> +
> +#define =A0 =A0 =A0 =A0LINUX_AL_SIZE =A0 sizeof(lxs_args) / sizeof(lxs_a=
rgs[0]) - 1
> +
> =A0int
> =A0linux_socketcall(struct thread *td, struct linux_socketcall_args *args=
)
> =A0{
> - =A0 =A0 =A0 void *arg =3D (void *)(intptr_t)args->args;
> + =A0 =A0 =A0 l_ulong a[6];
> + =A0 =A0 =A0 void *arg;
> + =A0 =A0 =A0 int error;
> +
> + =A0 =A0 =A0 if (args->what < LINUX_SOCKET || args->what > LINUX_AL_SIZE=
)
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 return (EINVAL);
> + =A0 =A0 =A0 error =3D copyin(PTRIN(args->args), a, lxs_args[args->what]=
);
> + =A0 =A0 =A0 if (error)
> + =A0 =A0 =A0 =A0 =A0 =A0 =A0 return (error);
>
> + =A0 =A0 =A0 arg =3D a;
> =A0 =A0 =A0 =A0switch (args->what) {
> =A0 =A0 =A0 =A0case LINUX_SOCKET:
> =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0return (linux_socket(td, arg));


What factors go into deciding to do bounds-checking before the copyin versu=
s
after the copyin?  Naively, I would be worried about the userland data chan=
ging
out from under the kernel, but I'm not terribly familiar with this area.

Thanks,

Ben Kaduk