[PATCH] net: Added security socket

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] net: Added security socket
@ 2023-04-05 12:53 Denis Arefev
  2023-04-05 16:47 ` Jakub Kicinski
  0 siblings, 1 reply; 6+ messages in thread
From: Denis Arefev @ 2023-04-05 12:53 UTC (permalink / raw)
  To: David S. Miller
  Cc: Eric Dumazet, Jakub Kicinski, Paolo Abeni, netdev, linux-kernel,
	trufanov, vfh

	Added security_socket_connect
	kernel_connect is in kernel space,
	but kernel_connect is used in RPC 
	requests (/net/sunrpc/xprtsock.c),  
	and the RPC protocol is used by the NFS server.
	This is how we protect the TCP connection 
	initiated by the client. 

Signed-off-by: Denis Arefev <arefev@swemel.ru>
---
 net/socket.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/socket.c b/net/socket.c
index 9c92c0e6c4da..9afa2b44a9e5 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -3526,6 +3526,12 @@ EXPORT_SYMBOL(kernel_accept);
 int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen,
 		   int flags)
 {
+	int err;
+
+	err = security_socket_connect(sock, (struct sockaddr *)addr, addrlen);
+	if (err)
+		return err;
+
 	return sock->ops->connect(sock, addr, addrlen, flags);
 }
 EXPORT_SYMBOL(kernel_connect);
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH] net: Added security socket
  2023-04-05 12:53 [PATCH] net: Added security socket Denis Arefev
@ 2023-04-05 16:47 ` Jakub Kicinski
  0 siblings, 0 replies; 6+ messages in thread
From: Jakub Kicinski @ 2023-04-05 16:47 UTC (permalink / raw)
  To: Denis Arefev
  Cc: David S. Miller, Eric Dumazet, Paolo Abeni, netdev, linux-kernel,
	trufanov, vfh

On Wed,  5 Apr 2023 15:53:08 +0300 Denis Arefev wrote:
> 	Added security_socket_connect
> 	kernel_connect is in kernel space,
> 	but kernel_connect is used in RPC 
> 	requests (/net/sunrpc/xprtsock.c),  
> 	and the RPC protocol is used by the NFS server.
> 	This is how we protect the TCP connection 
> 	initiated by the client. 

Can you please format this to look like every other commit in the
kernel and use imperative mood?

Then please add to the description _exactly_ how you're going to use
it, i.e. an example of a real rule. And CC
linux-security-module@vger.kernel.org

^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH] net: Added security socket
@ 2023-04-03 12:43 Denis Arefev
  2023-04-03 15:50 ` Alexander H Duyck
  0 siblings, 1 reply; 6+ messages in thread
From: Denis Arefev @ 2023-04-03 12:43 UTC (permalink / raw)
  To: David S. Miller
  Cc: Eric Dumazet, Jakub Kicinski, Paolo Abeni, netdev, linux-kernel,
	trufanov, vfh

	Added security_socket_connect
	in kernel_connect

Signed-off-by: Denis Arefev <arefev@swemel.ru>
---
 net/socket.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/socket.c b/net/socket.c
index 9c92c0e6c4da..9afa2b44a9e5 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -3526,6 +3526,12 @@ EXPORT_SYMBOL(kernel_accept);
 int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen,
 		   int flags)
 {
+	int err;
+
+	err = security_socket_connect(sock, (struct sockaddr *)addr, addrlen);
+	if (err)
+		return err;
+
 	return sock->ops->connect(sock, addr, addrlen, flags);
 }
 EXPORT_SYMBOL(kernel_connect);
-- 
2.25.1


^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH] net: Added security socket
  2023-04-03 12:43 Denis Arefev
@ 2023-04-03 15:50 ` Alexander H Duyck
  2023-04-04  8:00   ` Denis Arefev
  0 siblings, 1 reply; 6+ messages in thread
From: Alexander H Duyck @ 2023-04-03 15:50 UTC (permalink / raw)
  To: Denis Arefev, David S. Miller
  Cc: Eric Dumazet, Jakub Kicinski, Paolo Abeni, netdev, linux-kernel,
	trufanov, vfh

On Mon, 2023-04-03 at 15:43 +0300, Denis Arefev wrote:
> 	Added security_socket_connect
> 	in kernel_connect
> 
> Signed-off-by: Denis Arefev <arefev@swemel.ru>
> ---
>  net/socket.c | 6 ++++++
>  1 file changed, 6 insertions(+)
> 
> diff --git a/net/socket.c b/net/socket.c
> index 9c92c0e6c4da..9afa2b44a9e5 100644
> --- a/net/socket.c
> +++ b/net/socket.c
> @@ -3526,6 +3526,12 @@ EXPORT_SYMBOL(kernel_accept);
>  int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen,
>  		   int flags)
>  {
> +	int err;
> +
> +	err = security_socket_connect(sock, (struct sockaddr *)addr, addrlen);
> +	if (err)
> +		return err;
> +
>  	return sock->ops->connect(sock, addr, addrlen, flags);
>  }
>  EXPORT_SYMBOL(kernel_connect);

Why would we need to be adding this? If we are already operating within
kernel space it seems like it would be more problematic than not to
have to push items out to userspace for security. Assuming an attacker
is operating at the kernel level the system is already compromised is
it not?

Also assuming we do need this why are we only dealing with connect when
we should probably also be looking at all the other kernel socket calls
then as well?


^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH] net: Added security socket
  2023-04-03 15:50 ` Alexander H Duyck
@ 2023-04-04  8:00   ` Denis Arefev
  2023-04-04 15:04     ` Alexander Duyck
  0 siblings, 1 reply; 6+ messages in thread
From: Denis Arefev @ 2023-04-04  8:00 UTC (permalink / raw)
  To: alexander.duyck
  Cc: arefev, davem, edumazet, kuba, linux-kernel, netdev, pabeni,
	trufanov, vfh

Hi Alexander. I understand your concern. 
That's right kernel_connect is in kernel space,
but kernel_connect is used in RPC requests (/net/sunrpc/xprtsock.c),
and the RPC protocol is used by the NFS server.
Note kernel_sendmsg is already protected.

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH] net: Added security socket
  2023-04-04  8:00   ` Denis Arefev
@ 2023-04-04 15:04     ` Alexander Duyck
  0 siblings, 0 replies; 6+ messages in thread
From: Alexander Duyck @ 2023-04-04 15:04 UTC (permalink / raw)
  To: Denis Arefev
  Cc: davem, edumazet, kuba, linux-kernel, netdev, pabeni, trufanov,
	vfh

On Tue, Apr 4, 2023 at 1:00 AM Denis Arefev <arefev@swemel.ru> wrote:
>
> Hi Alexander. I understand your concern.
> That's right kernel_connect is in kernel space,
> but kernel_connect is used in RPC requests (/net/sunrpc/xprtsock.c),
> and the RPC protocol is used by the NFS server.
> Note kernel_sendmsg is already protected.

Can you add a write-up about the need for this in the patch
description? Your patch description described what you are doing but
not the why. My main concern is that your patch may end up causing
issues that could later be reverted by someone if they don't
understand the motivation behind why you are making this change.

Calling out things like the fact that you are trying to add security
to RPC sockets would be useful and would make it easier for patch
review as people more familiar with the security code could also tell
you if this is the correct approach to this or not.

Thanks,

- Alex

^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2023-04-05 16:47 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-04-05 12:53 [PATCH] net: Added security socket Denis Arefev
2023-04-05 16:47 ` Jakub Kicinski
  -- strict thread matches above, loose matches on Subject: below --
2023-04-03 12:43 Denis Arefev
2023-04-03 15:50 ` Alexander H Duyck
2023-04-04  8:00   ` Denis Arefev
2023-04-04 15:04     ` Alexander Duyck

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).