From patchwork Wed Feb 17 13:21:58 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Huw Davies <huw@codeweavers.com>
X-Patchwork-Id: 8339421
Return-Path: <selinux-bounces@tycho.nsa.gov>
X-Original-To: patchwork-selinux@patchwork.kernel.org
Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org
Received: from mail.kernel.org (mail.kernel.org [198.145.29.136])
	by patchwork1.web.kernel.org (Postfix) with ESMTP id C343A9F2F0
	for <patchwork-selinux@patchwork.kernel.org>;
	Wed, 17 Feb 2016 14:14:43 +0000 (UTC)
Received: from mail.kernel.org (localhost [127.0.0.1])
	by mail.kernel.org (Postfix) with ESMTP id 1A76D2039C
	for <patchwork-selinux@patchwork.kernel.org>;
	Wed, 17 Feb 2016 14:14:43 +0000 (UTC)
Received: from emvm-gh1-uea08.nsa.gov (emvm-gh1-uea08.nsa.gov [63.239.67.9])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.kernel.org (Postfix) with ESMTPS id 2F81B20376
	for <patchwork-selinux@patchwork.kernel.org>;
	Wed, 17 Feb 2016 14:14:40 +0000 (UTC)
X-TM-IMSS-Message-ID: <12a80d3b00026c6d@nsa.gov>
Received: from tarius.tycho.ncsc.mil ([144.51.242.1]) by nsa.gov
	([10.208.42.193]) with ESMTP (TREND IMSS SMTP Service 7.1) id
	12a80d3b00026c6d ; Wed, 17 Feb 2016 09:08:39 -0500
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u1HE8q5x023411;
	Wed, 17 Feb 2016 09:08:52 -0500
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u1HE7ZmW230429 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Wed, 17 Feb 2016 09:07:35 -0500
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u1HE7YSk022614
	for <selinux@tycho.nsa.gov>; Wed, 17 Feb 2016 09:07:35 -0500
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A1BsAgCXfcRWfoO9+9heGQEBAg8BAQKESbgEhAEHF4V2ghEBAQEBAQESAQEWM4R0QwEBNwGBHCISiBkBqzaFJwEEinkGkUoLQIEnlwicTESOA4JXDRkUgTRqiGEBAQE
X-IPAS-Result: 
 A1BsAgCXfcRWfoO9+9heGQEBAg8BAQKESbgEhAEHF4V2ghEBAQEBAQESAQEWM4R0QwEBNwGBHCISiBkBqzaFJwEEinkGkUoLQIEnlwicTESOA4JXDRkUgTRqiGEBAQE
X-IronPort-AV: E=Sophos;i="5.22,460,1449550800"; d="scan'208";a="5206531"
Received: from emvm-gh1-uea08.nsa.gov ([10.208.42.193])
	by goalie.tycho.ncsc.mil with ESMTP; 17 Feb 2016 09:07:27 -0500
X-TM-IMSS-Message-ID: <127d940500025396@nsa.gov>
Received: from mail.codeweavers.com (mail.codeweavers.com [216.251.189.131])
	by nsa.gov ([10.208.42.193]) with ESMTP (TREND IMSS SMTP Service
	7.1;
	TLSv1/SSLv3 DHE-RSA-AES128-SHA (128/128)) id 127d940500025396 ;
	Wed, 17 Feb 2016 08:22:16 -0500
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=codeweavers.com; s=6377696661;
	h=Message-Id:Date:Subject:Cc:To:From;
	bh=vw5ZK2GAEC8KJneZGphvwUAiu1OlTg4D2b1lPikHxDs=;
	b=hYcejr2TeGmuLb6IVnznIgQMAjLSrvyIOXYuo0rVtIXRj1q27YbC701gDJfWqjH794h2gLGPazqcHzf6NZ/XHutCX05ZFwGXYEzEFA6G1aeJjnB/AbJGE9NKrMWNxMz+YWi5rYgmKTl+J82ffulf9hmRSTJQOr+DjKsATlez2mo=;
Received: from merlot.physics.ox.ac.uk ([163.1.241.98])
	by mail.codeweavers.com with esmtpsa
	(TLS1.0:RSA_AES_256_CBC_SHA1:256)
	(Exim 4.80) (envelope-from <huw@codeweavers.com>)
	id 1aW23q-0008Nj-Gk; Wed, 17 Feb 2016 07:22:31 -0600
Received: from daviesh by merlot.physics.ox.ac.uk with local (Exim 4.71)
	(envelope-from <huw@codeweavers.com>)
	id 1aW23Y-0002kX-1e; Wed, 17 Feb 2016 13:22:12 +0000
From: Huw Davies <huw@codeweavers.com>
To: netdev@vger.kernel.org, linux-security-module@vger.kernel.org,
	selinux@tycho.nsa.gov
Subject: [RFC PATCH v3 08/19] ipv6: Add ipv6_renew_options_kern() that
	accepts a kernel mem pointer.
Date: Wed, 17 Feb 2016 13:21:58 +0000
Message-Id: <1455715329-9601-9-git-send-email-huw@codeweavers.com>
X-Mailer: git-send-email 2.7.0
X-Spam-Score: -2.9
X-TM-AS-MML: disable
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
MIME-Version: 1.0
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,
	RCVD_IN_DNSWL_HI,RP_MATCHES_RCVD,T_DKIM_INVALID,UNPARSEABLE_RELAY
	autolearn=unavailable version=3.3.1
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org
X-Virus-Scanned: ClamAV using ClamSMTP

The functionality is equivalent to ipv6_renew_options() except
that the newopt pointer is in kernel, not user, memory

The kernel memory implementation will be used by the CALIPSO network
labelling engine, which needs to be able to set IPv6 hop-by-hop
options.

Signed-off-by: Huw Davies <huw@codeweavers.com>
---
 include/net/ipv6.h |  6 ++++++
 net/ipv6/exthdrs.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+)

diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 6570f37..b03b957 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -304,6 +304,12 @@ struct ipv6_txoptions *ipv6_renew_options(struct sock *sk,
 					  int newtype,
 					  struct ipv6_opt_hdr __user *newopt,
 					  int newoptlen);
+struct ipv6_txoptions *
+ipv6_renew_options_kern(struct sock *sk,
+			struct ipv6_txoptions *opt,
+			int newtype,
+			struct ipv6_opt_hdr *newopt,
+			int newoptlen);
 struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
 					  struct ipv6_txoptions *opt);
 
diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c
index ea7c4d6..d5fd3e7 100644
--- a/net/ipv6/exthdrs.c
+++ b/net/ipv6/exthdrs.c
@@ -758,6 +758,27 @@ static int ipv6_renew_option(void *ohdr,
 	return 0;
 }
 
+/**
+ * ipv6_renew_options - replace a specific ext hdr with a new one.
+ *
+ * @sk: sock from which to allocate memory
+ * @opt: original options
+ * @newtype: option type to replace in @opt
+ * @newopt: new option of type @newtype to replace (user-mem)
+ * @newoptlen: length of @newopt
+ *
+ * Returns a new set of options which is a copy of @opt with the
+ * option type @newtype replaced with @newopt.
+ *
+ * @opt may be NULL, in which case a new set of options is returned
+ * containing just @newopt.
+ *
+ * @newopt may be NULL, in which case the specified option type is
+ * not copied into the new set of options.
+ *
+ * The new set of options is allocated from the socket option memory
+ * buffer of @sk.
+ */
 struct ipv6_txoptions *
 ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt,
 		   int newtype,
@@ -830,6 +851,34 @@ out:
 	return ERR_PTR(err);
 }
 
+/**
+ * ipv6_renew_options_kern - replace a specific ext hdr with a new one.
+ *
+ * @sk: sock from which to allocate memory
+ * @opt: original options
+ * @newtype: option type to replace in @opt
+ * @newopt: new option of type @newtype to replace (kernel-mem)
+ * @newoptlen: length of @newopt
+ *
+ * See ipv6_renew_options().  The difference is that @newopt is
+ * kernel memory, rather than user memory.
+ */
+struct ipv6_txoptions *
+ipv6_renew_options_kern(struct sock *sk, struct ipv6_txoptions *opt,
+			int newtype, struct ipv6_opt_hdr *newopt,
+			int newoptlen)
+{
+	struct ipv6_txoptions *ret_val;
+	const mm_segment_t old_fs = get_fs();
+
+	set_fs(KERNEL_DS);
+	ret_val = ipv6_renew_options(sk, opt, newtype,
+				     (struct ipv6_opt_hdr __user *)newopt,
+				     newoptlen);
+	set_fs(old_fs);
+	return ret_val;
+}
+
 struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
 					  struct ipv6_txoptions *opt)
 {