net, neigh: Add build-time assertion to avoid neigh->flags overflow

borkmann · kuba-moo · commit 507c2f1d2936 · 2021-10-14T19:16:21.000-07:00
Currently, NDA_FLAGS_EXT flags allow a maximum of 24 bits to be used for extended neighbor flags. These are eventually fed into neigh->flags by shifting with NTF_EXT_SHIFT as per commit 2c611ad ("net, neigh: Extend neigh->flags to 32 bit to allow for extensions"). If really ever needed in future, the full 32 bits from NDA_FLAGS_EXT can be used, it would only require to move neigh->flags from u32 to u64 inside the kernel. Add a build-time assertion such that when extending the NTF_EXT_MASK with new bits, we'll trigger an error once we surpass the 24th bit. This assumes that no bit holes in new NTF_EXT_* flags will slip in from UAPI, but I think this is reasonable to assume. Suggested-by: David Ahern <dsahern@kernel.org> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Reviewed-by: David Ahern <dsahern@kernel.org> Signed-off-by: Jakub Kicinski <kuba@kernel.org>
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
@@ -1940,6 +1940,9 @@ static int neigh_add(struct sk_buff *skb, struct nlmsghdr *nlh,
 			NL_SET_ERR_MSG(extack, "Invalid extended flags");
 			goto out;
 		}
+		BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE <
+			     (sizeof(ndm->ndm_flags) * BITS_PER_BYTE +
+			      hweight32(NTF_EXT_MASK)));
 		ndm_flags |= (ext << NTF_EXT_SHIFT);
 	}
 	if (ndm->ndm_ifindex) {

Original file line number	Diff line number	Diff line change
`@@ -1940,6 +1940,9 @@ static int neigh_add(struct sk_buff skb, struct nlmsghdr nlh,`
`1940`	`1940`	`NL_SET_ERR_MSG(extack, "Invalid extended flags");`
`1941`	`1941`	`goto out;`
`1942`	`1942`	`}`
	`1943`	`+ BUILD_BUG_ON(sizeof(neigh->flags) * BITS_PER_BYTE <`
	`1944`	`+ (sizeof(ndm->ndm_flags) * BITS_PER_BYTE +`
	`1945`	`+ hweight32(NTF_EXT_MASK)));`
`1943`	`1946`	`ndm_flags \|= (ext << NTF_EXT_SHIFT);`
`1944`	`1947`	`}`
`1945`	`1948`	`if (ndm->ndm_ifindex) {`