git.itanic.dy.fi Git - linux-stable/commit

author	Johannes Berg <johannes.berg@intel.com>
	Sat, 26 Jan 2019 20:12:19 +0000 (21:12 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Thu, 5 Dec 2019 08:21:07 +0000 (09:21 +0100)
commit	dcb901cebe0f1e97fb6d5fc9adafe65515785e6f
tree	37adf4dfcc30c64c8dac88765d249227e2791f12	tree \| snapshot
parent	9f1ac494023d7adde34814612e44efecf4b8e4e6	commit \| diff

decnet: fix DN_IFREQ_SIZE

[ Upstream commit 50c2936634bcb1db78a8ca63249236810c11a80f ]

Digging through the ioctls with Al because of the previous
patches, we found that on 64-bit decnet's dn_dev_ioctl()
is wrong, because struct ifreq::ifr_ifru is actually 24
bytes (not 16 as expected from struct sockaddr) due to the
ifru_map and ifru_settings members.

Clearly, decnet expects the ioctl to be called with a struct
like
  struct ifreq_dn {
    char ifr_name[IFNAMSIZ];
    struct sockaddr_dn ifr_addr;
  };

since it does
  struct ifreq *ifr = ...;
  struct sockaddr_dn *sdn = (struct sockaddr_dn *)&ifr->ifr_addr;

This means that DN_IFREQ_SIZE is too big for what it wants on
64-bit, as it is
  sizeof(struct ifreq) - sizeof(struct sockaddr) +
  sizeof(struct sockaddr_dn)

This assumes that sizeof(struct sockaddr) is the size of ifr_ifru
but that isn't true.

Fix this to use offsetof(struct ifreq, ifr_ifru).

This indeed doesn't really matter much - the result is that we
copy in/out 8 bytes more than we should on 64-bit platforms. In
case the "struct ifreq_dn" lands just on the end of a page though
it might lead to faults.

As far as I can tell, it has been like this forever, so it seems
very likely that nobody cares.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>