From: "Richard W.M. Jones" <rjones@redhat.com>
To: Eric Dumazet <edumazet@google.com>
Cc: Josef Bacik <josef@toxicpanda.com>, Jens Axboe <axboe@kernel.dk>,
linux-kernel <linux-kernel@vger.kernel.org>,
netdev@vger.kernel.org, Eric Dumazet <eric.dumazet@gmail.com>,
syzbot+e1cd6bd8493060bd701d@syzkaller.appspotmail.com,
Mike Christie <mchristi@redhat.com>,
Yu Kuai <yukuai1@huaweicloud.com>,
linux-block@vger.kernel.org, nbd@other.debian.org
Subject: Re: [PATCH] nbd: restrict sockets to TCP and UDP
Date: Tue, 9 Sep 2025 14:32:32 +0100 [thread overview]
Message-ID: <20250909132936.GA1460@redhat.com> (raw)
In-Reply-To: <20250909132243.1327024-1-edumazet@google.com>
On Tue, Sep 09, 2025 at 01:22:43PM +0000, Eric Dumazet wrote:
> Recently, syzbot started to abuse NBD with all kinds of sockets.
>
> Commit cf1b2326b734 ("nbd: verify socket is supported during setup")
> made sure the socket supported a shutdown() method.
>
> Explicitely accept TCP and UNIX stream sockets.
I'm not clear what the actual problem is, but I will say that libnbd &
nbdkit (which are another NBD client & server, interoperable with the
kernel) we support and use NBD over vsock[1]. And we could support
NBD over pretty much any stream socket (Infiniband?) [2].
[1] https://libguestfs.org/nbd_aio_connect_vsock.3.html
https://libguestfs.org/nbdkit-service.1.html#AF_VSOCK
[2] https://libguestfs.org/nbd_connect_socket.3.html
TCP and Unix domain sockets are by far the most widely used, but I
don't think it's fair to exclude other socket types.
Rich.
> Fixes: cf1b2326b734 ("nbd: verify socket is supported during setup")
> Reported-by: syzbot+e1cd6bd8493060bd701d@syzkaller.appspotmail.com
> Closes: https://lore.kernel.org/netdev/CANn89iJ+76eE3A_8S_zTpSyW5hvPRn6V57458hCZGY5hbH_bFA@mail.gmail.com/T/#m081036e8747cd7e2626c1da5d78c8b9d1e55b154
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Cc: Mike Christie <mchristi@redhat.com>
> Cc: Richard W.M. Jones <rjones@redhat.com>
> Cc: Jens Axboe <axboe@kernel.dk>
> Cc: Yu Kuai <yukuai1@huaweicloud.com>
> Cc: linux-block@vger.kernel.org
> Cc: nbd@other.debian.org
> ---
> drivers/block/nbd.c | 8 ++++++++
> 1 file changed, 8 insertions(+)
>
> diff --git a/drivers/block/nbd.c b/drivers/block/nbd.c
> index 6463d0e8d0cef71e73e67fecd16de4dec1c75da7..87b0b78249da3325023949585f4daf40486c9692 100644
> --- a/drivers/block/nbd.c
> +++ b/drivers/block/nbd.c
> @@ -1217,6 +1217,14 @@ static struct socket *nbd_get_socket(struct nbd_device *nbd, unsigned long fd,
> if (!sock)
> return NULL;
>
> + if (!sk_is_tcp(sock->sk) &&
> + !sk_is_stream_unix(sock->sk)) {
> + dev_err(disk_to_dev(nbd->disk), "Unsupported socket: should be TCP or UNIX.\n");
> + *err = -EINVAL;
> + sockfd_put(sock);
> + return NULL;
> + }
> +
> if (sock->ops->shutdown == sock_no_shutdown) {
> dev_err(disk_to_dev(nbd->disk), "Unsupported socket: shutdown callout must be supported.\n");
> *err = -EINVAL;
> --
> 2.51.0.384.g4c02a37b29-goog
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-builder quickly builds VMs from scratch
http://libguestfs.org/virt-builder.1.html
next prev parent reply other threads:[~2025-09-09 13:32 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-09-09 13:22 [PATCH] nbd: restrict sockets to TCP and UDP Eric Dumazet
2025-09-09 13:29 ` Jens Axboe
2025-09-09 13:32 ` Richard W.M. Jones [this message]
2025-09-09 14:04 ` Eric Dumazet
2025-09-09 14:35 ` Eric Dumazet
2025-09-09 14:37 ` Jens Axboe
2025-09-09 14:47 ` Eric Dumazet
2025-09-09 15:09 ` Jens Axboe
2025-09-09 15:18 ` Richard W.M. Jones
2025-09-09 15:33 ` Eric Dumazet
2025-09-10 15:55 ` Stefano Garzarella
2025-09-12 9:23 ` Simon Horman
2025-09-09 17:16 ` Richard W.M. Jones
2025-11-18 17:56 ` Pavel Machek
2025-11-18 18:16 ` Richard W.M. Jones
2025-11-19 9:10 ` Userland used in writeback path was " Pavel Machek
2025-11-24 11:04 ` Richard W.M. Jones
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250909132936.GA1460@redhat.com \
--to=rjones@redhat.com \
--cc=axboe@kernel.dk \
--cc=edumazet@google.com \
--cc=eric.dumazet@gmail.com \
--cc=josef@toxicpanda.com \
--cc=linux-block@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mchristi@redhat.com \
--cc=nbd@other.debian.org \
--cc=netdev@vger.kernel.org \
--cc=syzbot+e1cd6bd8493060bd701d@syzkaller.appspotmail.com \
--cc=yukuai1@huaweicloud.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.