ACK: [SRU][B][PATCH] netlink: Don't shift on 64 for ngroups
Kamal Mostafa
kamal at canonical.com
Thu May 30 16:49:31 UTC 2019
This fixes an undesirable Bionic-specific behavior; clean cherry-pick
from stable.
Acked-by: Kamal Mostafa <kamal at canonical.com>
-Kamal
On Thu, May 30, 2019 at 06:06:52PM +0200, Andrea Righi wrote:
> From: Dmitry Safonov <dima at arista.com>
>
> BugLink: https://bugs.launchpad.net/bugs/1831103
>
> It's legal to have 64 groups for netlink_sock.
>
> As user-supplied nladdr->nl_groups is __u32, it's possible to subscribe
> only to first 32 groups.
>
> The check for correctness of .bind() userspace supplied parameter
> is done by applying mask made from ngroups shift. Which broke Android
> as they have 64 groups and the shift for mask resulted in an overflow.
>
> Fixes: 61f4b23769f0 ("netlink: Don't shift with UB on nlk->ngroups")
> Cc: "David S. Miller" <davem at davemloft.net>
> Cc: Herbert Xu <herbert at gondor.apana.org.au>
> Cc: Steffen Klassert <steffen.klassert at secunet.com>
> Cc: netdev at vger.kernel.org
> Cc: stable at vger.kernel.org
> Reported-and-Tested-by: Nathan Chancellor <natechancellor at gmail.com>
> Signed-off-by: Dmitry Safonov <dima at arista.com>
> Signed-off-by: David S. Miller <davem at davemloft.net>
> (cherry picked from commit 91874ecf32e41b5d86a4cb9d60e0bee50d828058)
> Signed-off-by: Andrea Righi <andrea.righi at canonical.com>
> ---
> net/netlink/af_netlink.c | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
> index 07e61faaea47..6db2daedf01c 100644
> --- a/net/netlink/af_netlink.c
> +++ b/net/netlink/af_netlink.c
> @@ -980,8 +980,8 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
>
> if (nlk->ngroups == 0)
> groups = 0;
> - else
> - groups &= (1ULL << nlk->ngroups) - 1;
> + else if (nlk->ngroups < 8*sizeof(groups))
> + groups &= (1UL << nlk->ngroups) - 1;
>
> bound = nlk->bound;
> if (bound) {
> --
> 2.20.1
>
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
More information about the kernel-team
mailing list