Commit 6b12e0a3 authored by Kees Cook's avatar Kees Cook Committed by Paolo Abeni
Browse files

rtnetlink: do_setlink: Use struct sockaddr_storage 



Instead of a heap allocating a variably sized struct sockaddr and lying
about the type in the call to netif_set_mac_address(), use a stack
allocated struct sockaddr_storage. This lets us drop the cast and avoid
the allocation.

Putting "ss" on the stack means it will get a reused stack slot since
it is the same size (128B) as other existing single-scope stack variables,
like the vfinfo array (128B), so no additional stack space is used by
this function.

Acked-by: default avatarGustavo A. R. Silva <gustavoars@kernel.org>
Signed-off-by: default avatarKees Cook <kees@kernel.org>
Link: https://patch.msgid.link/20250521204619.2301870-7-kees@kernel.org


Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
parent 9ca6804a

net/core/rtnetlink.c

+4 −15
Original line number Diff line number Diff line
@@ -3080,17 +3080,7 @@ static int do_setlink(const struct sk_buff *skb, struct net_device *dev, 
	}



	if (tb[IFLA_ADDRESS]) {

		struct sockaddr *sa;

		int len;



		len = sizeof(sa_family_t) + max_t(size_t, dev->addr_len,

						  sizeof(*sa));

		sa = kmalloc(len, GFP_KERNEL);

		if (!sa) {

			err = -ENOMEM;

			goto errout;

		}

		sa->sa_family = dev->type;

		struct sockaddr_storage ss = { };



		netdev_unlock_ops(dev);
@@ -3098,10 +3088,9 @@ static int do_setlink(const struct sk_buff *skb, struct net_device *dev, 
		down_write(&dev_addr_sem);

		netdev_lock_ops(dev);



		memcpy(sa->sa_data, nla_data(tb[IFLA_ADDRESS]),

		       dev->addr_len);

		err = netif_set_mac_address(dev, (struct sockaddr_storage *)sa, extack);

		kfree(sa);

		ss.ss_family = dev->type;

		memcpy(ss.__data, nla_data(tb[IFLA_ADDRESS]), dev->addr_len);

		err = netif_set_mac_address(dev, &ss, extack);

		if (err) {

			up_write(&dev_addr_sem);

			goto errout;