From patchwork Mon Jun 20 13:36:48 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Huw Davies <huw@codeweavers.com>
X-Patchwork-Id: 9187659
Return-Path: <selinux-bounces@tycho.nsa.gov>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	E52BE601C0 for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 20 Jun 2016 14:42:03 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id D25FF2793D
	for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 20 Jun 2016 14:42:03 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id C6EF227A98; Mon, 20 Jun 2016 14:42:03 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.8 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	T_DKIM_INVALID autolearn=no version=3.3.1
Received: from emsm-gh1-uea10.nsa.gov (smtp.nsa.gov [8.44.101.8])
	(using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by mail.wl.linuxfoundation.org (Postfix) with ESMTPS id E84162793D
	for <patchwork-selinux@patchwork.kernel.org>;
	Mon, 20 Jun 2016 14:42:02 +0000 (UTC)
X-IronPort-AV: E=Sophos;i="5.26,499,1459814400"; d="scan'208";a="14814181"
IronPort-PHdr: =?us-ascii?q?9a23=3A/ErwSRDpFiuWP5BqEb9HUyQJP3N1i/DPJgcQr6Af?=
	=?us-ascii?q?oPdwSP/6osbcNUDSrc9gkEXOFd2CrakU2qyH7uu/ByQp2tWojjMrSNR0TRgLiM?=
	=?us-ascii?q?EbzUQLIfWuLgnFFsPsdDEwB89YVVVorDmROElRH9viNRWJ+iXhpQAbFhi3Dwdp?=
	=?us-ascii?q?POO9QteU1JTmkbHvsMKNKyxzxxODIppKZC2sqgvQssREyaBDEY0WjiXzn31TZu?=
	=?us-ascii?q?5NznlpL1/A1zz158O34YIxu38I46FpytREGZneU+x4COUATWduD2dg4sD3uRTd?=
	=?us-ascii?q?ZRWA62FaUWgMlBdMRQ/f41WyWpb3rzu/red2xTObIdyzSLc4RDCvx7lkRQWuiy?=
	=?us-ascii?q?odMTM9tmbNhYg4l69foRS8tzRj0oXUZ8eTL/M4caTDLv0AQm8UfttOHwBIHIKx?=
	=?us-ascii?q?dMNbD/ceFe1fo4TiqlIQoAGlQwKrAbW8mXdzmnbq0PhigKwaGgbc0VllRooD?=
X-IPAS-Result: =?us-ascii?q?A2F/BQBn/2dX/wHyM5BeHoMggVO2MoYmH4c0TAEBAQEBAQI?=
	=?us-ascii?q?CYieCMQ85PAEBAQEBASMCDWYCNwYBAQwgDAIDCQIXKQgIAwEtCwoYBwsFGASID?=
	=?us-ascii?q?69NhSkBAQWLfwiPBhEBgmULQIJHmHuOLIlahUZIjy9UgggcF4E2bYkTgTUBAQE?=
Received: from unknown (HELO tarius.tycho.ncsc.mil) ([144.51.242.1])
	by emsm-gh1-uea10.nsa.gov with ESMTP; 20 Jun 2016 14:41:58 +0000
Received: from prometheus.infosec.tycho.ncsc.mil (prometheus [192.168.25.40])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u5KEePxU023781;
	Mon, 20 Jun 2016 10:41:47 -0400
Received: from tarius.tycho.ncsc.mil (tarius.infosec.tycho.ncsc.mil
	[144.51.242.1])
	by prometheus.infosec.tycho.ncsc.mil (8.15.2/8.15.2) with ESMTP id
	u5KDboxo090437 for <selinux@prometheus.infosec.tycho.ncsc.mil>;
	Mon, 20 Jun 2016 09:37:50 -0400
Received: from goalie.tycho.ncsc.mil (goalie [144.51.242.250])
	by tarius.tycho.ncsc.mil (8.14.4/8.14.4) with ESMTP id u5KDblbe013792
	for <selinux@tycho.nsa.gov>; Mon, 20 Jun 2016 09:37:50 -0400
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: 
 A1DKAgDV8GdXfYO9+9heHAEBhHO2MYIlhAEIF4YAgTNMAQEBAQEBEwEBFjOEfkMBATcBgRwiEogwr06FKQEBBYt7CJF9C0CCR5h7jiyPIEiPL4JPDRwXgTY7MopIAQEB
X-IPAS-Result: 
 A1DKAgDV8GdXfYO9+9heHAEBhHO2MYIlhAEIF4YAgTNMAQEBAQEBEwEBFjOEfkMBATcBgRwiEogwr06FKQEBBYt7CJF9C0CCR5h7jiyPIEiPL4JPDRwXgTY7MopIAQEB
X-IronPort-AV: E=Sophos;i="5.26,498,1459828800"; d="scan'208";a="5526699"
Received: from emsm-gh1-uea10.corp.nsa.gov (HELO emsm-gh1-uea10.nsa.gov)
	([10.208.41.36])
	by goalie.tycho.ncsc.mil with ESMTP; 20 Jun 2016 09:37:51 -0400
IronPort-PHdr: =?us-ascii?q?9a23=3Ar7vo/hJW0bSk/K8Ym9mcpTZWNBhigK39O0sv0rFi?=
	=?us-ascii?q?tYgVKP7xwZ3uMQTl6Ol3ixeRBMOAu6MC2red7fyocFdDyKjCmUhKSIZLWR4BhJ?=
	=?us-ascii?q?detC0bK+nBN3fGKuX3ZTcxBsVIWQwt1Xi6NU9IBJS2PAWK8TWM5DIfUi/yKRBy?=
	=?us-ascii?q?brysXNWC3oLmiqvsp9X6WEZhunmUWftKNhK4rAHc5IE9oLBJDeIP8CbPuWZCYO?=
	=?us-ascii?q?9MxGlldhq5lhf44dqsrtY4q3wD89pozcNLUL37cqIkVvQYSW1+ayFmrPHs4B/O?=
	=?us-ascii?q?UQeC+FMCXWgM1BlFGQ7I6Ff9RJi1+i/7sPdtnTKXNtDsTKwlHDGl47pvRTf2hy?=
	=?us-ascii?q?odcT006mfajop3lq0f6Amsox153p78fJCeNP04eLjUO9wdWzlvRMFUAgxcHcuQ?=
	=?us-ascii?q?ZpUOAvFJaeZFsKH2oFcDsha3GwS2H6XkzToe1Sy+5rEzz+l0SVKO5wcnBd9b9S?=
	=?us-ascii?q?2M9Ng=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0FEAwBu8WdXfYO9+9heHQGEc7YxgiWEA?=
	=?us-ascii?q?QgXhgCBM0wBAQEBAQECAg8BARYzL4IxDzk8AQEBAQEBIwINYkMBATcBgRwiEog?=
	=?us-ascii?q?wr06FKQEBBYt8CJF9C0CCR5h7jiyPIEiPL4JPDRwXgTY7MopIAQEB?=
X-IPAS-Result: =?us-ascii?q?A0FEAwBu8WdXfYO9+9heHQGEc7YxgiWEAQgXhgCBM0wBAQE?=
	=?us-ascii?q?BAQECAg8BARYzL4IxDzk8AQEBAQEBIwINYkMBATcBgRwiEogwr06FKQEBBYt8C?=
	=?us-ascii?q?JF9C0CCR5h7jiyPIEiPL4JPDRwXgTY7MopIAQEB?=
X-IronPort-AV: E=Sophos;i="5.26,498,1459814400"; d="scan'208";a="14809862"
Received: from mail.codeweavers.com ([216.251.189.131])
	by emsm-gh1-uea10.nsa.gov with ESMTP/TLS/DHE-RSA-AES128-SHA;
	20 Jun 2016 13:37:28 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
	d=codeweavers.com; s=6377696661;
	h=Message-Id:Date:Subject:Cc:To:From;
	bh=KKGdAYns5WDRz4zYyNI399YBxEnyYctyLn0WaAROiow=;
	b=HyQj7smvALc7yDaJZxoFwD4n/IG27qvMmj0qjmORzUW5OjM3Md2iWgvNmGDkSscl3uIV7dtGe48MtiQ0jtZfD/JRuxHve1nn72/LgeO5roImEvwa3HxJYMPHt2YW/W/pO+SHAA2BiJ+53Pd1vdAGT3fTMHxH8saYggsFmLXk0A0=;
Received: from vpn38.vpn.mn.codeweavers.com ([10.69.139.38]
	helo=merlot.physics.ox.ac.uk) by mail.codeweavers.com with esmtpsa
	(TLS1.2:RSA_AES_128_CBC_SHA1:128)
	(Exim 4.80) (envelope-from <huw@codeweavers.com>)
	id 1bEzOE-00028s-1h; Mon, 20 Jun 2016 08:37:28 -0500
Received: from daviesh by merlot.physics.ox.ac.uk with local (Exim 4.86_2)
	(envelope-from <huw@codeweavers.com>)
	id 1bEzNs-0003LI-Pv; Mon, 20 Jun 2016 14:37:00 +0100
From: Huw Davies <huw@codeweavers.com>
To: netdev@vger.kernel.org, linux-security-module@vger.kernel.org,
	selinux@tycho.nsa.gov
Subject: [PATCH v4 08/19] ipv6: Add ipv6_renew_options_kern() that accepts a
	kernel mem pointer.
Date: Mon, 20 Jun 2016 14:36:48 +0100
Message-Id: <1466429819-12707-9-git-send-email-huw@codeweavers.com>
X-Mailer: git-send-email 2.7.4
X-BeenThere: selinux@tycho.nsa.gov
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: "Security-Enhanced Linux \(SELinux\) mailing list"
	<selinux.tycho.nsa.gov>
List-Post: <mailto:selinux@tycho.nsa.gov>
List-Help: <mailto:selinux-request@tycho.nsa.gov?subject=help>
MIME-Version: 1.0
Errors-To: selinux-bounces@tycho.nsa.gov
Sender: "Selinux" <selinux-bounces@tycho.nsa.gov>
X-Virus-Scanned: ClamAV using ClamSMTP

The functionality is equivalent to ipv6_renew_options() except
that the newopt pointer is in kernel, not user, memory

The kernel memory implementation will be used by the CALIPSO network
labelling engine, which needs to be able to set IPv6 hop-by-hop
options.

Signed-off-by: Huw Davies <huw@codeweavers.com>
---
 include/net/ipv6.h |  6 ++++++
 net/ipv6/exthdrs.c | 49 +++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 55 insertions(+)

diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 1be050a..917036f 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -308,6 +308,12 @@ struct ipv6_txoptions *ipv6_renew_options(struct sock *sk,
 					  int newtype,
 					  struct ipv6_opt_hdr __user *newopt,
 					  int newoptlen);
+struct ipv6_txoptions *
+ipv6_renew_options_kern(struct sock *sk,
+			struct ipv6_txoptions *opt,
+			int newtype,
+			struct ipv6_opt_hdr *newopt,
+			int newoptlen);
 struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
 					  struct ipv6_txoptions *opt);
 
diff --git a/net/ipv6/exthdrs.c b/net/ipv6/exthdrs.c
index ea7c4d6..d5fd3e7 100644
--- a/net/ipv6/exthdrs.c
+++ b/net/ipv6/exthdrs.c
@@ -758,6 +758,27 @@ static int ipv6_renew_option(void *ohdr,
 	return 0;
 }
 
+/**
+ * ipv6_renew_options - replace a specific ext hdr with a new one.
+ *
+ * @sk: sock from which to allocate memory
+ * @opt: original options
+ * @newtype: option type to replace in @opt
+ * @newopt: new option of type @newtype to replace (user-mem)
+ * @newoptlen: length of @newopt
+ *
+ * Returns a new set of options which is a copy of @opt with the
+ * option type @newtype replaced with @newopt.
+ *
+ * @opt may be NULL, in which case a new set of options is returned
+ * containing just @newopt.
+ *
+ * @newopt may be NULL, in which case the specified option type is
+ * not copied into the new set of options.
+ *
+ * The new set of options is allocated from the socket option memory
+ * buffer of @sk.
+ */
 struct ipv6_txoptions *
 ipv6_renew_options(struct sock *sk, struct ipv6_txoptions *opt,
 		   int newtype,
@@ -830,6 +851,34 @@ out:
 	return ERR_PTR(err);
 }
 
+/**
+ * ipv6_renew_options_kern - replace a specific ext hdr with a new one.
+ *
+ * @sk: sock from which to allocate memory
+ * @opt: original options
+ * @newtype: option type to replace in @opt
+ * @newopt: new option of type @newtype to replace (kernel-mem)
+ * @newoptlen: length of @newopt
+ *
+ * See ipv6_renew_options().  The difference is that @newopt is
+ * kernel memory, rather than user memory.
+ */
+struct ipv6_txoptions *
+ipv6_renew_options_kern(struct sock *sk, struct ipv6_txoptions *opt,
+			int newtype, struct ipv6_opt_hdr *newopt,
+			int newoptlen)
+{
+	struct ipv6_txoptions *ret_val;
+	const mm_segment_t old_fs = get_fs();
+
+	set_fs(KERNEL_DS);
+	ret_val = ipv6_renew_options(sk, opt, newtype,
+				     (struct ipv6_opt_hdr __user *)newopt,
+				     newoptlen);
+	set_fs(old_fs);
+	return ret_val;
+}
+
 struct ipv6_txoptions *ipv6_fixup_options(struct ipv6_txoptions *opt_space,
 					  struct ipv6_txoptions *opt)
 {