lsm,selinux: pass flowi_common instead of flowi to the LSM hooks

As pointed out by Herbert in a recent related patch, the LSM hooks do not have the necessary address family information to use the flowi struct safely. As none of the LSMs currently use any of the protocol specific flowi information, replace the flowi pointers with pointers to the address family independent flowi_common struct. Reported-by: Herbert Xu <herbert@gondor.apana.org.au> Acked-by: James Morris <jamorris@linux.microsoft.com> Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Paul Moore <paul@paul-moore.com> 2020-09-27 22:38:26 -0400
committer: Paul Moore <paul@paul-moore.com> 2020-11-23 18:36:21 -0500
commit: 3df98d79215ace13d1e91ddfc5a67a0f5acbd83f (patch)
tree: 3e0db692f0d85f9a73ec0e2dd4298bda62f57b8b /include/net
parent: b2d99bcb27225fe420a8923b21861aef2bb43d9b (diff)
download: linux-3df98d79215ace13d1e91ddfc5a67a0f5acbd83f.tar.gz
linux-3df98d79215ace13d1e91ddfc5a67a0f5acbd83f.tar.bz2
linux-3df98d79215ace13d1e91ddfc5a67a0f5acbd83f.zip
2 files changed, 13 insertions, 3 deletions
diff --git a/include/net/flow.h b/include/net/flow.h
index b2531df3f65f..39d0cedcddee 100644
--- a/include/net/flow.h
+++ b/include/net/flow.h
@@ -195,11 +195,21 @@ static inline struct flowi *flowi4_to_flowi(struct flowi4 *fl4)
 	return container_of(fl4, struct flowi, u.ip4);
 }
 
+static inline struct flowi_common *flowi4_to_flowi_common(struct flowi4 *fl4)
+{
+	return &(flowi4_to_flowi(fl4)->u.__fl_common);
+}
+
 static inline struct flowi *flowi6_to_flowi(struct flowi6 *fl6)
 {
 	return container_of(fl6, struct flowi, u.ip6);
 }
 
+static inline struct flowi_common *flowi6_to_flowi_common(struct flowi6 *fl6)
+{
+	return &(flowi6_to_flowi(fl6)->u.__fl_common);
+}
+
 static inline struct flowi *flowidn_to_flowi(struct flowidn *fldn)
 {
 	return container_of(fldn, struct flowi, u.dn);
diff --git a/include/net/route.h b/include/net/route.h
index ff021cab657e..2e6c0e153e3a 100644
--- a/include/net/route.h
+++ b/include/net/route.h
@@ -165,7 +165,7 @@ static inline struct rtable *ip_route_output_ports(struct net *net, struct flowi
 			   sk ? inet_sk_flowi_flags(sk) : 0,
 			   daddr, saddr, dport, sport, sock_net_uid(net, sk));
 	if (sk)
-		security_sk_classify_flow(sk, flowi4_to_flowi(fl4));
+		security_sk_classify_flow(sk, flowi4_to_flowi_common(fl4));
 	return ip_route_output_flow(net, fl4, sk);
 }
 
@@ -322,7 +322,7 @@ static inline struct rtable *ip_route_connect(struct flowi4 *fl4,
 		ip_rt_put(rt);
 		flowi4_update_output(fl4, oif, tos, fl4->daddr, fl4->saddr);
 	}
-	security_sk_classify_flow(sk, flowi4_to_flowi(fl4));
+	security_sk_classify_flow(sk, flowi4_to_flowi_common(fl4));
 	return ip_route_output_flow(net, fl4, sk);
 }
 
@@ -338,7 +338,7 @@ static inline struct rtable *ip_route_newports(struct flowi4 *fl4, struct rtable
 		flowi4_update_output(fl4, sk->sk_bound_dev_if,
 				     RT_CONN_FLAGS(sk), fl4->daddr,
 				     fl4->saddr);
-		security_sk_classify_flow(sk, flowi4_to_flowi(fl4));
+		security_sk_classify_flow(sk, flowi4_to_flowi_common(fl4));
 		return ip_route_output_flow(sock_net(sk), fl4, sk);
 	}
 	return rt;
author	Paul Moore <paul@paul-moore.com>	2020-09-27 22:38:26 -0400
committer	Paul Moore <paul@paul-moore.com>	2020-11-23 18:36:21 -0500
commit	3df98d79215ace13d1e91ddfc5a67a0f5acbd83f (patch)
tree	3e0db692f0d85f9a73ec0e2dd4298bda62f57b8b /include/net
parent	b2d99bcb27225fe420a8923b21861aef2bb43d9b (diff)
download	linux-3df98d79215ace13d1e91ddfc5a67a0f5acbd83f.tar.gz linux-3df98d79215ace13d1e91ddfc5a67a0f5acbd83f.tar.bz2 linux-3df98d79215ace13d1e91ddfc5a67a0f5acbd83f.zip