Message ID | 20240614163047.31581-1-krisman@suse.de (mailing list archive) |
---|---|
State | New |
Headers | show |
Series | [v2,1/4] net: Split a __sys_bind helper for io_uring | expand |
From: Gabriel Krisman Bertazi <krisman@suse.de> Date: Fri, 14 Jun 2024 12:30:44 -0400 > io_uring holds a reference to the file and maintains a > sockaddr_storage address. Similarly to what was done to > __sys_connect_file, split an internal helper for __sys_bind in > preparation to supporting an io_uring bind command. > > Reviewed-by: Jens Axboe <axboe@kernel.dk> > Signed-off-by: Gabriel Krisman Bertazi <krisman@suse.de> Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
On Fri, 14 Jun 2024 12:30:44 -0400 Gabriel Krisman Bertazi wrote: > io_uring holds a reference to the file and maintains a > sockaddr_storage address. Similarly to what was done to > __sys_connect_file, split an internal helper for __sys_bind in > preparation to supporting an io_uring bind command. > > Reviewed-by: Jens Axboe <axboe@kernel.dk> > Signed-off-by: Gabriel Krisman Bertazi <krisman@suse.de> Acked-by: Jakub Kicinski <kuba@kernel.org>
On 6/18/24 6:49 PM, Jakub Kicinski wrote: > On Fri, 14 Jun 2024 12:30:44 -0400 Gabriel Krisman Bertazi wrote: >> io_uring holds a reference to the file and maintains a >> sockaddr_storage address. Similarly to what was done to >> __sys_connect_file, split an internal helper for __sys_bind in >> preparation to supporting an io_uring bind command. >> >> Reviewed-by: Jens Axboe <axboe@kernel.dk> >> Signed-off-by: Gabriel Krisman Bertazi <krisman@suse.de> > > Acked-by: Jakub Kicinski <kuba@kernel.org> Are you fine with me queueing up 1-2 via the io_uring branch? I'm guessing the risk of conflict should be very low, so doesn't warrant a shared branch.
On Fri, 14 Jun 2024 12:30:44 -0400, Gabriel Krisman Bertazi wrote: > io_uring holds a reference to the file and maintains a > sockaddr_storage address. Similarly to what was done to > __sys_connect_file, split an internal helper for __sys_bind in > preparation to supporting an io_uring bind command. > > Applied, thanks! [1/4] net: Split a __sys_bind helper for io_uring commit: dc2e77979412d289df9049d8c693761db8602867 [2/4] net: Split a __sys_listen helper for io_uring commit: bb6aaf736680f0f3c2e6281735c47c64e2042819 [3/4] io_uring: Introduce IORING_OP_BIND commit: 7481fd93fa0a851740e26026485f56a1305454ce [4/4] io_uring: Introduce IORING_OP_LISTEN commit: ff140cc8628abfb1755691d16cfa8788d8820ef7 Best regards,
On Wed, 19 Jun 2024 07:40:40 -0600 Jens Axboe wrote: > On 6/18/24 6:49 PM, Jakub Kicinski wrote: > > On Fri, 14 Jun 2024 12:30:44 -0400 Gabriel Krisman Bertazi wrote: > >> io_uring holds a reference to the file and maintains a > >> sockaddr_storage address. Similarly to what was done to > >> __sys_connect_file, split an internal helper for __sys_bind in > >> preparation to supporting an io_uring bind command. > >> > >> Reviewed-by: Jens Axboe <axboe@kernel.dk> > >> Signed-off-by: Gabriel Krisman Bertazi <krisman@suse.de> > > > > Acked-by: Jakub Kicinski <kuba@kernel.org> > > Are you fine with me queueing up 1-2 via the io_uring branch? > I'm guessing the risk of conflict should be very low, so doesn't > warrant a shared branch. Yup, exactly, these can go via io_uring without branch juggling.
On 6/19/24 9:04 AM, Jakub Kicinski wrote: > On Wed, 19 Jun 2024 07:40:40 -0600 Jens Axboe wrote: >> On 6/18/24 6:49 PM, Jakub Kicinski wrote: >>> On Fri, 14 Jun 2024 12:30:44 -0400 Gabriel Krisman Bertazi wrote: >>>> io_uring holds a reference to the file and maintains a >>>> sockaddr_storage address. Similarly to what was done to >>>> __sys_connect_file, split an internal helper for __sys_bind in >>>> preparation to supporting an io_uring bind command. >>>> >>>> Reviewed-by: Jens Axboe <axboe@kernel.dk> >>>> Signed-off-by: Gabriel Krisman Bertazi <krisman@suse.de> >>> >>> Acked-by: Jakub Kicinski <kuba@kernel.org> >> >> Are you fine with me queueing up 1-2 via the io_uring branch? >> I'm guessing the risk of conflict should be very low, so doesn't >> warrant a shared branch. > > Yup, exactly, these can go via io_uring without branch juggling. Great thanks!
On 19. 6. 2024 17:06, Jens Axboe wrote: > On 6/19/24 9:04 AM, Jakub Kicinski wrote: >> On Wed, 19 Jun 2024 07:40:40 -0600 Jens Axboe wrote: >>> On 6/18/24 6:49 PM, Jakub Kicinski wrote: >>>> On Fri, 14 Jun 2024 12:30:44 -0400 Gabriel Krisman Bertazi wrote: >>>>> io_uring holds a reference to the file and maintains a >>>>> sockaddr_storage address. Similarly to what was done to >>>>> __sys_connect_file, split an internal helper for __sys_bind in >>>>> preparation to supporting an io_uring bind command. >>>>> >>>>> Reviewed-by: Jens Axboe <axboe@kernel.dk> >>>>> Signed-off-by: Gabriel Krisman Bertazi <krisman@suse.de> >>>> >>>> Acked-by: Jakub Kicinski <kuba@kernel.org> >>> >>> Are you fine with me queueing up 1-2 via the io_uring branch? >>> I'm guessing the risk of conflict should be very low, so doesn't >>> warrant a shared branch. >> >> Yup, exactly, these can go via io_uring without branch juggling. > > Great thanks! > Please fix io_bind and io_listen to not pass NULL ptr to related helpers __sys_bind_socket and __sys_listen_socket. The first helper's argument shouldn't be NULL, as related security hooks expect a valid socket object. See the syzkaller's bug report: https://lore.kernel.org/linux-security-module/0000000000007b7ce6061d1caec0@google.com/ Thanks, mY
On 2024/07/15 21:49, Matus Jokay wrote: > Please fix io_bind and io_listen to not pass NULL ptr to related helpers > __sys_bind_socket and __sys_listen_socket. The first helper's argument > shouldn't be NULL, as related security hooks expect a valid socket object. > > See the syzkaller's bug report: > https://lore.kernel.org/linux-security-module/0000000000007b7ce6061d1caec0@google.com/ That was already fixed. https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git/commit/?h=for-next&id=ad00e629145b2b9f0d78aa46e204a9df7d628978
On 15. 7. 2024 15:59, Tetsuo Handa wrote: > On 2024/07/15 21:49, Matus Jokay wrote: >> Please fix io_bind and io_listen to not pass NULL ptr to related helpers >> __sys_bind_socket and __sys_listen_socket. The first helper's argument >> shouldn't be NULL, as related security hooks expect a valid socket object. >> >> See the syzkaller's bug report: >> https://lore.kernel.org/linux-security-module/0000000000007b7ce6061d1caec0@google.com/ > > That was already fixed. > > https://git.kernel.org/pub/scm/linux/kernel/git/axboe/linux-block.git/commit/?h=for-next&id=ad00e629145b2b9f0d78aa46e204a9df7d628978 > > Tetsuo, you are very fast ;) Thank you! mY
diff --git a/include/linux/socket.h b/include/linux/socket.h index 89d16b90370b..b3000f49e9f5 100644 --- a/include/linux/socket.h +++ b/include/linux/socket.h @@ -442,6 +442,8 @@ extern int __sys_accept4(int fd, struct sockaddr __user *upeer_sockaddr, extern int __sys_socket(int family, int type, int protocol); extern struct file *__sys_socket_file(int family, int type, int protocol); extern int __sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen); +extern int __sys_bind_socket(struct socket *sock, struct sockaddr_storage *address, + int addrlen); extern int __sys_connect_file(struct file *file, struct sockaddr_storage *addr, int addrlen, int file_flags); extern int __sys_connect(int fd, struct sockaddr __user *uservaddr, diff --git a/net/socket.c b/net/socket.c index e416920e9399..fd0714e10ced 100644 --- a/net/socket.c +++ b/net/socket.c @@ -1822,6 +1822,20 @@ SYSCALL_DEFINE4(socketpair, int, family, int, type, int, protocol, return __sys_socketpair(family, type, protocol, usockvec); } +int __sys_bind_socket(struct socket *sock, struct sockaddr_storage *address, + int addrlen) +{ + int err; + + err = security_socket_bind(sock, (struct sockaddr *)address, + addrlen); + if (!err) + err = READ_ONCE(sock->ops)->bind(sock, + (struct sockaddr *)address, + addrlen); + return err; +} + /* * Bind a name to a socket. Nothing much to do here since it's * the protocol's responsibility to handle the local address. @@ -1839,15 +1853,8 @@ int __sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen) sock = sockfd_lookup_light(fd, &err, &fput_needed); if (sock) { err = move_addr_to_kernel(umyaddr, addrlen, &address); - if (!err) { - err = security_socket_bind(sock, - (struct sockaddr *)&address, - addrlen); - if (!err) - err = READ_ONCE(sock->ops)->bind(sock, - (struct sockaddr *) - &address, addrlen); - } + if (!err) + err = __sys_bind_socket(sock, &address, addrlen); fput_light(sock->file, fput_needed); } return err;