From: Simon Horman <horms@kernel.org>
To: Jordan Rife <jrife@google.com>
Cc: davem@davemloft.net, edumazet@google.com, kuba@kernel.org,
pabeni@redhat.com, willemdebruijn.kernel@gmail.com,
netdev@vger.kernel.org, dborkman@kernel.org, pablo@netfilter.org,
kadlec@netfilter.org, fw@strlen.de, santosh.shilimkar@oracle.com,
ast@kernel.org, rdna@fb.com, stable@vger.kernel.org,
Willem de Bruijn <willemb@google.com>
Subject: Re: [PATCH net v5 2/3] net: prevent rewrite of msg_name in sock_sendmsg()
Date: Wed, 27 Sep 2023 07:50:51 +0200 [thread overview]
Message-ID: <20230927055051.GC224399@kernel.org> (raw)
In-Reply-To: <20230921234642.1111903-2-jrife@google.com>
On Thu, Sep 21, 2023 at 06:46:41PM -0500, Jordan Rife wrote:
> Callers of sock_sendmsg(), and similarly kernel_sendmsg(), in kernel
> space may observe their value of msg_name change in cases where BPF
> sendmsg hooks rewrite the send address. This has been confirmed to break
> NFS mounts running in UDP mode and has the potential to break other
> systems.
>
> This patch:
>
> 1) Creates a new function called __sock_sendmsg() with same logic as the
> old sock_sendmsg() function.
> 2) Replaces calls to sock_sendmsg() made by __sys_sendto() and
> __sys_sendmsg() with __sock_sendmsg() to avoid an unnecessary copy,
> as these system calls are already protected.
> 3) Modifies sock_sendmsg() so that it makes a copy of msg_name if
> present before passing it down the stack to insulate callers from
> changes to the send address.
>
> Link: https://lore.kernel.org/netdev/20230912013332.2048422-1-jrife@google.com/
> Fixes: 1cedee13d25a ("bpf: Hooks for sys_sendmsg")
> Cc: stable@vger.kernel.org
> Reviewed-by: Willem de Bruijn <willemb@google.com>
> Signed-off-by: Jordan Rife <jrife@google.com>
Reviewed-by: Simon Horman <horms@kernel.org>
next prev parent reply other threads:[~2023-09-27 5:53 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-09-21 23:46 [PATCH net v5 1/3] net: replace calls to sock->ops->connect() with kernel_connect() Jordan Rife
2023-09-21 23:46 ` [PATCH net v5 2/3] net: prevent rewrite of msg_name in sock_sendmsg() Jordan Rife
2023-09-27 5:50 ` Simon Horman [this message]
2023-09-21 23:46 ` [PATCH net v5 3/3] net: prevent address rewrite in kernel_bind() Jordan Rife
2023-09-27 5:51 ` Simon Horman
2023-09-27 5:50 ` [PATCH net v5 1/3] net: replace calls to sock->ops->connect() with kernel_connect() Simon Horman
2023-10-01 18:40 ` patchwork-bot+netdevbpf
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20230927055051.GC224399@kernel.org \
--to=horms@kernel.org \
--cc=ast@kernel.org \
--cc=davem@davemloft.net \
--cc=dborkman@kernel.org \
--cc=edumazet@google.com \
--cc=fw@strlen.de \
--cc=jrife@google.com \
--cc=kadlec@netfilter.org \
--cc=kuba@kernel.org \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=pablo@netfilter.org \
--cc=rdna@fb.com \
--cc=santosh.shilimkar@oracle.com \
--cc=stable@vger.kernel.org \
--cc=willemb@google.com \
--cc=willemdebruijn.kernel@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.