From: David Laight <david.laight.linux@gmail.com>
To: ChenXiaoSong <chenxiaosong@chenxiaosong.com>
Cc: Steve French <smfrench@gmail.com>,
Kuniyuki Iwashima <kuniyu@amazon.com>,
pc@manguebit.com, ronniesahlberg@gmail.com,
sprasad@microsoft.com, tom@talpey.com, bharathsm@microsoft.com,
linux-cifs@vger.kernel.org, linux-kernel@vger.kernel.org,
ChenXiaoSong <chenxiaosong@kylinos.cn>,
Wang Zhaolong <wangzhaolong1@huawei.com>,
Enzo Matsumiya <ematsumiya@suse.de>
Subject: Re: [PATCH] smb/client: use sock_create_kern() in generic_ip_connect()
Date: Wed, 28 May 2025 08:26:14 +0100 [thread overview]
Message-ID: <20250528082614.5ee971d1@pumpkin> (raw)
In-Reply-To: <01BDDAE323133ED0+e7d23f35-c6d8-48a3-8fe6-c23e3a9c64dc@chenxiaosong.com>
On Wed, 28 May 2025 12:09:01 +0800
ChenXiaoSong <chenxiaosong@chenxiaosong.com> wrote:
> 在 2025/5/28 11:39, Steve French 写道:
> > Weren't there issues brought up earlier with using sock_create_kern
> > due to network namespaces and refcounts?
> This patch is simply a cleanup that wraps the original code for
> explicitness, the last argument of __sock_create(..., 1) specifies that
> the socket is created in kernel space.
Except that 'kernel space' doesn't really mean anything.
IIRC it does two separate things:
1) Skips some 'permission' checks on the current process.
2) Doesn't 'hold' the network namespace.
The extra permission checks might be relevant even if the socket is
only indirectly accessible from a process.
But code like smb doesn't want the extra checks but does need the
namespace held (or it has to go through 'hoops' to request a callback
when the namespace is removed and delete the connection from the
callback).
Maybe there should be a 'kernel_socket()' (cf kernel_sendmsg()) that
code like smb should use.
David
>
> >
> > On Tue, May 27, 2025 at 10:18 PM <chenxiaosong@chenxiaosong.com> wrote:
> >>
> >> From: ChenXiaoSong <chenxiaosong@kylinos.cn>
> >>
> >> Change __sock_create() to sock_create_kern() for explicitness.
> >>
> >> Signed-off-by: ChenXiaoSong <chenxiaosong@kylinos.cn>
> >> ---
> >> fs/smb/client/connect.c | 3 +--
> >> 1 file changed, 1 insertion(+), 2 deletions(-)
> >>
> >> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c
> >> index 6bf04d9a5491..3275f2ff84cb 100644
> >> --- a/fs/smb/client/connect.c
> >> +++ b/fs/smb/client/connect.c
> >> @@ -3350,8 +3350,7 @@ generic_ip_connect(struct TCP_Server_Info *server)
> >> struct net *net = cifs_net_ns(server);
> >> struct sock *sk;
> >>
> >> - rc = __sock_create(net, sfamily, SOCK_STREAM,
> >> - IPPROTO_TCP, &server->ssocket, 1);
> >> + rc = sock_create_kern(net, sfamily, SOCK_STREAM, IPPROTO_TCP, &server->ssocket);
> >> if (rc < 0) {
> >> cifs_server_dbg(VFS, "Error %d creating socket\n", rc);
> >> return rc;
> >> --
> >> 2.34.1
> >>
> >>
> >
> >
>
>
next prev parent reply other threads:[~2025-05-28 7:26 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-28 3:15 [PATCH] smb/client: use sock_create_kern() in generic_ip_connect() chenxiaosong
2025-05-28 3:39 ` Steve French
2025-05-28 4:09 ` ChenXiaoSong
2025-05-28 7:26 ` David Laight [this message]
2025-05-30 3:10 ` Kuniyuki Iwashima
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250528082614.5ee971d1@pumpkin \
--to=david.laight.linux@gmail.com \
--cc=bharathsm@microsoft.com \
--cc=chenxiaosong@chenxiaosong.com \
--cc=chenxiaosong@kylinos.cn \
--cc=ematsumiya@suse.de \
--cc=kuniyu@amazon.com \
--cc=linux-cifs@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=pc@manguebit.com \
--cc=ronniesahlberg@gmail.com \
--cc=smfrench@gmail.com \
--cc=sprasad@microsoft.com \
--cc=tom@talpey.com \
--cc=wangzhaolong1@huawei.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox