lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20211026111737.eyzvbthmc7h3em5z@steredhat>
Date:   Tue, 26 Oct 2021 13:17:37 +0200
From:   Stefano Garzarella <sgarzare@...hat.com>
To:     Marc-André Lureau <marcandre.lureau@...hat.com>
Cc:     netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        davem@...emloft.net, kuba@...nel.org
Subject: Re: [PATCH 05/10] virtio/vsock: add copy_peercred() to
 virtio_transport

On Thu, Oct 21, 2021 at 04:37:09PM +0400, Marc-André Lureau wrote:
>Signed-off-by: Marc-André Lureau <marcandre.lureau@...hat.com>
>---
> include/linux/virtio_vsock.h            | 2 ++
> net/vmw_vsock/virtio_transport_common.c | 9 +++++++++
> 2 files changed, 11 insertions(+)
>
>diff --git a/include/linux/virtio_vsock.h b/include/linux/virtio_vsock.h
>index 35d7eedb5e8e..2445bece9216 100644
>--- a/include/linux/virtio_vsock.h
>+++ b/include/linux/virtio_vsock.h
>@@ -69,6 +69,8 @@ struct virtio_transport {
>
> 	/* Takes ownership of the packet */
> 	int (*send_pkt)(struct virtio_vsock_pkt *pkt);
>+	/* Set peercreds on socket created after listen recv */
>+	void (*copy_peercred)(struct sock *sk, struct virtio_vsock_pkt *pkt);
> };
>
> ssize_t
>diff --git a/net/vmw_vsock/virtio_transport_common.c b/net/vmw_vsock/virtio_transport_common.c
>index 59ee1be5a6dd..611d25e80723 100644
>--- a/net/vmw_vsock/virtio_transport_common.c
>+++ b/net/vmw_vsock/virtio_transport_common.c
>@@ -1194,6 +1194,15 @@ virtio_transport_recv_listen(struct sock *sk, struct virtio_vsock_pkt *pkt,
> 		return -ENOMEM;
> 	}
>
>+	if (t->copy_peercred) {
>+		t->copy_peercred(child, pkt);
>+	} else {
>+		put_pid(child->sk_peer_pid);
>+		child->sk_peer_pid = NULL;
>+		put_cred(child->sk_peer_cred);
>+		child->sk_peer_cred = NULL;
>+	}
>+

Should we do the same also on the other side?
I mean in virtio_transport_recv_connecting() when 
VIRTIO_VSOCK_OP_RESPONSE is received.

I think we can add an helper and call it every time we call 
vsock_insert_connected().

Even better if we can do it in the core, but maybe this can be a next 
step.

Thanks,
Stefano

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ