review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Paolo Abeni <pabeni@redhat.com>
	Thu, 20 Apr 2023 17:17:13 +0000 (19:17 +0200)
committer	Paul Moore <paul@paul-moore.com>
	Thu, 18 May 2023 17:11:09 +0000 (13:11 -0400)
commit	e3d9387f002612093dbeaa272f7930ce5108033f
tree	17040b845b29070d3bfadcf0525f503d03d8c126	tree \| snapshot
parent	c52df19e3759055cf07d1c0030c46ea958163aa9	commit \| diff

security, lsm: Introduce security_mptcp_add_subflow()

MPTCP can create subflows in kernel context, and later indirectly
expose them to user-space, via the owning MPTCP socket.

As discussed in the reported link, the above causes unexpected failures
for server, MPTCP-enabled applications.

Let's introduce a new LSM hook to allow the security module to relabel
the subflow according to the owning user-space process, via the MPTCP
socket owning the subflow.

Note that the new hook requires both the MPTCP socket and the new
subflow. This could allow future extensions, e.g. explicitly validating
the MPTCP <-> subflow linkage.

Link: https://lore.kernel.org/mptcp/CAHC9VhTNh-YwiyTds=P1e3rixEDqbRTFj22bpya=+qJqfcaMfg@mail.gmail.com/
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Acked-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Matthieu Baerts <matthieu.baerts@tessares.net>
Signed-off-by: Paul Moore <paul@paul-moore.com>

include/linux/lsm_hook_defs.h		diff \| blob \| history
include/linux/security.h		diff \| blob \| history
net/mptcp/subflow.c		diff \| blob \| history
security/security.c		diff \| blob \| history