This is a note to let you know that I've just added the patch titled
af_unix: Use offsetof() instead of sizeof().
to the 5.15-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
af_unix-use-offsetof-instead-of-sizeof.patch
and it can be found in the queue-5.15 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 9f19d9848e020c6dd48d37bfff3428f2376e72dc
Author: Kuniyuki Iwashima <kuniyu@xxxxxxxxxxxx>
Date: Wed Nov 24 11:14:19 2021 +0900
af_unix: Use offsetof() instead of sizeof().
[ Upstream commit 755662ce78d14c1a9118df921c528b1f992ded2e ]
The length of the AF_UNIX socket address contains an offset to the member
sun_path of struct sockaddr_un.
Currently, the preceding member is just sun_family, and its type is
sa_family_t and resolved to short. Therefore, the offset is represented by
sizeof(short). However, it is not clear and fragile to changes in struct
sockaddr_storage or sockaddr_un.
This commit makes it clear and robust by rewriting sizeof() with
offsetof().
Signed-off-by: Kuniyuki Iwashima <kuniyu@xxxxxxxxxxxx>
Signed-off-by: Jakub Kicinski <kuba@xxxxxxxxxx>
Stable-dep-of: a9bf9c7dc6a5 ("af_unix: Annotate data-race of sk->sk_state in unix_stream_connect().")
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 262aeaea9861c..7d58067ffd3f8 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -231,7 +231,8 @@ static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp
{
*hashp = 0;
- if (len <= sizeof(short) || len > sizeof(*sunaddr))
+ if (len <= offsetof(struct sockaddr_un, sun_path) ||
+ len > sizeof(*sunaddr))
return -EINVAL;
if (!sunaddr || sunaddr->sun_family != AF_UNIX)
return -EINVAL;
@@ -244,7 +245,8 @@ static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp
* kernel address buffer.
*/
((char *)sunaddr)[len] = 0;
- len = strlen(sunaddr->sun_path)+1+sizeof(short);
+ len = strlen(sunaddr->sun_path) +
+ offsetof(struct sockaddr_un, sun_path) + 1;
return len;
}
@@ -967,7 +969,8 @@ static int unix_autobind(struct socket *sock)
goto out;
err = -ENOMEM;
- addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
+ addr = kzalloc(sizeof(*addr) +
+ offsetof(struct sockaddr_un, sun_path) + 16, GFP_KERNEL);
if (!addr)
goto out;
@@ -975,7 +978,8 @@ static int unix_autobind(struct socket *sock)
refcount_set(&addr->refcnt, 1);
retry:
- addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
+ addr->len = sprintf(addr->name->sun_path + 1, "%05x", ordernum) +
+ offsetof(struct sockaddr_un, sun_path) + 1;
addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
addr->hash ^= sk->sk_type;
@@ -1157,7 +1161,7 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
sunaddr->sun_family != AF_UNIX)
return -EINVAL;
- if (addr_len == sizeof(short))
+ if (addr_len == offsetof(struct sockaddr_un, sun_path))
return unix_autobind(sock);
err = unix_mkname(sunaddr, addr_len, &hash);
@@ -1607,7 +1611,7 @@ static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int peer)
if (!addr) {
sunaddr->sun_family = AF_UNIX;
sunaddr->sun_path[0] = 0;
- err = sizeof(short);
+ err = offsetof(struct sockaddr_un, sun_path);
} else {
err = addr->len;
memcpy(sunaddr, addr->name, addr->len);
@@ -3271,7 +3275,8 @@ static int unix_seq_show(struct seq_file *seq, void *v)
seq_putc(seq, ' ');
i = 0;
- len = u->addr->len - sizeof(short);
+ len = u->addr->len -
+ offsetof(struct sockaddr_un, sun_path);
if (!UNIX_ABSTRACT(s))
len--;
else {
diff --git a/net/unix/diag.c b/net/unix/diag.c
index daef19932f780..006438e2e07a2 100644
--- a/net/unix/diag.c
+++ b/net/unix/diag.c
@@ -19,7 +19,8 @@ static int sk_diag_dump_name(struct sock *sk, struct sk_buff *nlskb)
if (!addr)
return 0;
- return nla_put(nlskb, UNIX_DIAG_NAME, addr->len - sizeof(short),
+ return nla_put(nlskb, UNIX_DIAG_NAME,
+ addr->len - offsetof(struct sockaddr_un, sun_path),
addr->name->sun_path);
}
