Hi Chenbo,
On Tue, Oct 02, 2018 at 10:45:58AM -0700, Chenbo Feng wrote:
> On Tue, Oct 2, 2018 at 3:51 AM Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx> wrote:
[...]
> Do you mean the remain field will be zeroed when copying the
> xt_quota_info struct out of the kernel? I believe that is decided by
> the usersize defined in struct xt_match and this patch set it to the
> full struct size. So the whole xt_quota_info struct will be copied
> into userspace including the field stores the remaining quota. The
> userspace will not be aware of it if the ipatbles is not updated but
> it should not modify it as well. I have tested the behavior with
> net-next branch and it seems working. Am I missing something
> recently updated?
Hm, I see, I overlook that your patch removes this:
- .usersize = offsetof(struct xt_quota_info, master),
BTW, is iptables -D command working with your patch?
Telling this because if .usersize is removed, then IIRC userspace
compares this new remain field with userspace value and deletion will
break.
Patch that I was referring before is this one from Willem:
commit f32815d21d4d8287336fb9cef4d2d9e0866214c2
Author: Willem de Bruijn <willemb@xxxxxxxxxx>
Date: Mon Jan 2 17:19:40 2017 -0500
xtables: add xt_match, xt_target and data copy_to_user functions
xt_entry_target, xt_entry_match and their private data may contain
kernel data.
[...]
Private data is defined in xt_match and xt_target. All matches and
targets that maintain kernel data store this at the tail of their
private structure. Extend xt_match and xt_target with .usersize to
limit how many bytes of data are copied. The remainder is cleared.
Let me know, thanks !
