lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 21 Oct 2021 16:37:14 +0400
From:   Marc-André Lureau <marcandre.lureau@...hat.com>
To:     netdev@...r.kernel.org
Cc:     linux-kernel@...r.kernel.org, sgarzare@...hat.com,
        davem@...emloft.net, kuba@...nel.org,
        Marc-André Lureau <marcandre.lureau@...hat.com>
Subject: [PATCH 10/10] vsock/virtio: clear peer creds on connect

Since providing foreign creds wouldn't make much sense over VIRTIO,
let's clear the socket peer credentials on connect.

Signed-off-by: Marc-André Lureau <marcandre.lureau@...hat.com>
---
 net/vmw_vsock/virtio_transport.c | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c
index 4f7c99dfd16c..705789272a0f 100644
--- a/net/vmw_vsock/virtio_transport.c
+++ b/net/vmw_vsock/virtio_transport.c
@@ -449,6 +449,26 @@ static void virtio_vsock_rx_done(struct virtqueue *vq)
 
 static bool virtio_transport_seqpacket_allow(u32 remote_cid);
 
+static int transport_connect(struct vsock_sock *vsk)
+{
+	struct sock *sk;
+	int ret;
+
+	ret = virtio_transport_connect(vsk);
+	if (ret < 0) {
+		return ret;
+	}
+
+	/* clear creds, as we can't provide foreign creds */
+	sk = sk_vsock(vsk);
+	put_pid(sk->sk_peer_pid);
+	sk->sk_peer_pid = NULL;
+	put_cred(sk->sk_peer_cred);
+	sk->sk_peer_cred = NULL;
+
+	return ret;
+}
+
 static struct virtio_transport virtio_transport = {
 	.transport = {
 		.module                   = THIS_MODULE,
@@ -458,7 +478,7 @@ static struct virtio_transport virtio_transport = {
 		.init                     = virtio_transport_do_socket_init,
 		.destruct                 = virtio_transport_destruct,
 		.release                  = virtio_transport_release,
-		.connect                  = virtio_transport_connect,
+		.connect                  = transport_connect,
 		.shutdown                 = virtio_transport_shutdown,
 		.cancel_pkt               = virtio_transport_cancel_pkt,
 
-- 
2.33.0.721.g106298f7f9

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ