review.tizen.org Git - platform/kernel/linux-starfive.git/commit

author	Jordan Rife <jrife@google.com>
	Thu, 21 Sep 2023 23:46:41 +0000 (18:46 -0500)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Tue, 10 Oct 2023 20:00:39 +0000 (22:00 +0200)
commit	fc8d9630c80b1dd7f6e8dd8e90aff11090f1b2a8
tree	96a356ede1b44baf28303c5b29b0bb8b438d7281	tree \| snapshot
parent	34f9370ae4449b7e76ff99a7484f4b98e1f9c17c	commit \| diff

net: prevent rewrite of msg_name in sock_sendmsg()

commit 86a7e0b69bd5b812e48a20c66c2161744f3caa16 upstream.

Callers of sock_sendmsg(), and similarly kernel_sendmsg(), in kernel
space may observe their value of msg_name change in cases where BPF
sendmsg hooks rewrite the send address. This has been confirmed to break
NFS mounts running in UDP mode and has the potential to break other
systems.

This patch:

1) Creates a new function called __sock_sendmsg() with same logic as the
   old sock_sendmsg() function.
2) Replaces calls to sock_sendmsg() made by __sys_sendto() and
   __sys_sendmsg() with __sock_sendmsg() to avoid an unnecessary copy,
   as these system calls are already protected.
3) Modifies sock_sendmsg() so that it makes a copy of msg_name if
   present before passing it down the stack to insulate callers from
   changes to the send address.

Link: https://lore.kernel.org/netdev/20230912013332.2048422-1-jrife@google.com/
Fixes: 1cedee13d25a ("bpf: Hooks for sys_sendmsg")
Cc: stable@vger.kernel.org
Reviewed-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: Jordan Rife <jrife@google.com>
Reviewed-by: Simon Horman <horms@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>