| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250517035120.55560-6-kuniyu@amazon.com>
Date: Fri, 16 May 2025 20:50:26 -0700
From: Kuniyuki Iwashima <kuniyu@...zon.com>
To: "David S. Miller" <davem@...emloft.net>, Eric Dumazet
<edumazet@...gle.com>, Jakub Kicinski <kuba@...nel.org>, Paolo Abeni
<pabeni@...hat.com>, Willem de Bruijn <willemb@...gle.com>
CC: Simon Horman <horms@...nel.org>, Kuniyuki Iwashima <kuniyu@...zon.com>,
Kuniyuki Iwashima <kuni1840@...il.com>, <netdev@...r.kernel.org>
Subject: [PATCH v1 net-next 5/6] socket: Replace most sock_create() calls with sock_create_kern().
Except for only one user, sctp_do_peeloff(), all sockets created
by drivers and fs are not tied to userspace processes nor exposed
via file descriptors.
Let's use sock_create_kern() for such in-kernel use cases as CIFS
client and NFS.
Signed-off-by: Kuniyuki Iwashima <kuniyu@...zon.com>
---
drivers/infiniband/hw/erdma/erdma_cm.c | 6 ++++--
drivers/infiniband/sw/siw/siw_cm.c | 6 ++++--
drivers/isdn/mISDN/l1oip_core.c | 3 ++-
drivers/nvme/target/tcp.c | 5 +++--
drivers/target/iscsi/iscsi_target_login.c | 7 ++++---
drivers/xen/pvcalls-back.c | 6 ++++--
fs/ocfs2/cluster/tcp.c | 8 +++++---
fs/smb/server/transport_tcp.c | 7 ++++---
8 files changed, 30 insertions(+), 18 deletions(-)
diff --git a/drivers/infiniband/hw/erdma/erdma_cm.c b/drivers/infiniband/hw/erdma/erdma_cm.c
index e0acc185e719..cec758cec7fd 100644
--- a/drivers/infiniband/hw/erdma/erdma_cm.c
+++ b/drivers/infiniband/hw/erdma/erdma_cm.c
@@ -1026,7 +1026,8 @@ int erdma_connect(struct iw_cm_id *id, struct iw_cm_conn_param *params)
return -ENOENT;
erdma_qp_get(qp);
- ret = sock_create(AF_INET, SOCK_STREAM, IPPROTO_TCP, &s);
+ ret = sock_create_kern(current->nsproxy->net_ns,
+ AF_INET, SOCK_STREAM, IPPROTO_TCP, &s);
if (ret < 0)
goto error_put_qp;
@@ -1305,7 +1306,8 @@ int erdma_create_listen(struct iw_cm_id *id, int backlog)
if (addr_family != AF_INET)
return -EAFNOSUPPORT;
- ret = sock_create(addr_family, SOCK_STREAM, IPPROTO_TCP, &s);
+ ret = sock_create_kern(current->nsproxy->net_ns,
+ addr_family, SOCK_STREAM, IPPROTO_TCP, &s);
if (ret < 0)
return ret;
diff --git a/drivers/infiniband/sw/siw/siw_cm.c b/drivers/infiniband/sw/siw/siw_cm.c
index 708b13993fdf..bea948640aba 100644
--- a/drivers/infiniband/sw/siw/siw_cm.c
+++ b/drivers/infiniband/sw/siw/siw_cm.c
@@ -1391,7 +1391,8 @@ int siw_connect(struct iw_cm_id *id, struct iw_cm_conn_param *params)
siw_dbg_qp(qp, "pd_len %d, laddr %pISp, raddr %pISp\n", pd_len, laddr,
raddr);
- rv = sock_create(v4 ? AF_INET : AF_INET6, SOCK_STREAM, IPPROTO_TCP, &s);
+ rv = sock_create_kern(current->nsproxy->net_ns,
+ v4 ? AF_INET : AF_INET6, SOCK_STREAM, IPPROTO_TCP, &s);
if (rv < 0)
goto error;
@@ -1767,7 +1768,8 @@ int siw_create_listen(struct iw_cm_id *id, int backlog)
if (addr_family != AF_INET && addr_family != AF_INET6)
return -EAFNOSUPPORT;
- rv = sock_create(addr_family, SOCK_STREAM, IPPROTO_TCP, &s);
+ rv = sock_create_kern(current->nsproxy->net_ns,
+ addr_family, SOCK_STREAM, IPPROTO_TCP, &s);
if (rv < 0)
return rv;
diff --git a/drivers/isdn/mISDN/l1oip_core.c b/drivers/isdn/mISDN/l1oip_core.c
index a5ad88a960d0..1451ec859a32 100644
--- a/drivers/isdn/mISDN/l1oip_core.c
+++ b/drivers/isdn/mISDN/l1oip_core.c
@@ -659,7 +659,8 @@ l1oip_socket_thread(void *data)
allow_signal(SIGTERM);
/* create socket */
- if (sock_create(PF_INET, SOCK_DGRAM, IPPROTO_UDP, &socket)) {
+ if (sock_create_kern(current->nsproxy->net_ns,
+ PF_INET, SOCK_DGRAM, IPPROTO_UDP, &socket)) {
printk(KERN_ERR "%s: Failed to create socket.\n", __func__);
ret = -EIO;
goto fail;
diff --git a/drivers/nvme/target/tcp.c b/drivers/nvme/target/tcp.c
index 12a5cb8641ca..4e499df746f4 100644
--- a/drivers/nvme/target/tcp.c
+++ b/drivers/nvme/target/tcp.c
@@ -2078,8 +2078,9 @@ static int nvmet_tcp_add_port(struct nvmet_port *nport)
if (port->nport->inline_data_size < 0)
port->nport->inline_data_size = NVMET_TCP_DEF_INLINE_DATA_SIZE;
- ret = sock_create(port->addr.ss_family, SOCK_STREAM,
- IPPROTO_TCP, &port->sock);
+ ret = sock_create_kern(current->nsproxy->net_ns,
+ port->addr.ss_family, SOCK_STREAM,
+ IPPROTO_TCP, &port->sock);
if (ret) {
pr_err("failed to create a socket\n");
goto err_port;
diff --git a/drivers/target/iscsi/iscsi_target_login.c b/drivers/target/iscsi/iscsi_target_login.c
index c2ac9a99ebbb..c085a3aaca6e 100644
--- a/drivers/target/iscsi/iscsi_target_login.c
+++ b/drivers/target/iscsi/iscsi_target_login.c
@@ -796,10 +796,11 @@ int iscsit_setup_np(
return -EINVAL;
}
- ret = sock_create(sockaddr->ss_family, np->np_sock_type,
- np->np_ip_proto, &sock);
+ ret = sock_create_kern(current->nsproxy->net_ns,
+ sockaddr->ss_family, np->np_sock_type,
+ np->np_ip_proto, &sock);
if (ret < 0) {
- pr_err("sock_create() failed.\n");
+ pr_err("sock_create_kern() failed.\n");
return ret;
}
np->np_socket = sock;
diff --git a/drivers/xen/pvcalls-back.c b/drivers/xen/pvcalls-back.c
index fd7ed65e0197..c404678e1924 100644
--- a/drivers/xen/pvcalls-back.c
+++ b/drivers/xen/pvcalls-back.c
@@ -406,7 +406,8 @@ static int pvcalls_back_connect(struct xenbus_device *dev,
sa->sa_family != AF_INET)
goto out;
- ret = sock_create(AF_INET, SOCK_STREAM, 0, &sock);
+ ret = sock_create_kern(current->nsproxy->net_ns,
+ AF_INET, SOCK_STREAM, 0, &sock);
if (ret < 0)
goto out;
ret = inet_stream_connect(sock, sa, req->u.connect.len, 0);
@@ -646,7 +647,8 @@ static int pvcalls_back_bind(struct xenbus_device *dev,
goto out;
}
- ret = sock_create(AF_INET, SOCK_STREAM, 0, &map->sock);
+ ret = sock_create_kern(current->nsproxy->net_ns,
+ AF_INET, SOCK_STREAM, 0, &map->sock);
if (ret < 0)
goto out;
diff --git a/fs/ocfs2/cluster/tcp.c b/fs/ocfs2/cluster/tcp.c
index fce9beb214f0..491916662561 100644
--- a/fs/ocfs2/cluster/tcp.c
+++ b/fs/ocfs2/cluster/tcp.c
@@ -1558,7 +1558,7 @@ static void o2net_start_connect(struct work_struct *work)
unsigned int nofs_flag;
/*
- * sock_create allocates the sock with GFP_KERNEL. We must
+ * sock_create_kern() allocates the sock with GFP_KERNEL. We must
* prevent the filesystem from being reentered by memory reclaim.
*/
nofs_flag = memalloc_nofs_save();
@@ -1600,7 +1600,8 @@ static void o2net_start_connect(struct work_struct *work)
goto out;
}
- ret = sock_create(PF_INET, SOCK_STREAM, IPPROTO_TCP, &sock);
+ ret = sock_create_kern(current->nsproxy->net_ns,
+ PF_INET, SOCK_STREAM, IPPROTO_TCP, &sock);
if (ret < 0) {
mlog(0, "can't create socket: %d\n", ret);
goto out;
@@ -1984,7 +1985,8 @@ static int o2net_open_listening_sock(__be32 addr, __be16 port)
.sin_port = port,
};
- ret = sock_create(PF_INET, SOCK_STREAM, IPPROTO_TCP, &sock);
+ ret = sock_create_kern(current->nsproxy->net_ns,
+ PF_INET, SOCK_STREAM, IPPROTO_TCP, &sock);
if (ret < 0) {
printk(KERN_ERR "o2net: Error %d while creating socket\n", ret);
goto out;
diff --git a/fs/smb/server/transport_tcp.c b/fs/smb/server/transport_tcp.c
index abedf510899a..e1e9cbe5742f 100644
--- a/fs/smb/server/transport_tcp.c
+++ b/fs/smb/server/transport_tcp.c
@@ -427,18 +427,19 @@ static void tcp_destroy_socket(struct socket *ksmbd_socket)
*/
static int create_socket(struct interface *iface)
{
+ struct net *net = current->nsproxy->net_ns;
int ret;
struct sockaddr_in6 sin6;
struct sockaddr_in sin;
struct socket *ksmbd_socket;
bool ipv4 = false;
- ret = sock_create(PF_INET6, SOCK_STREAM, IPPROTO_TCP, &ksmbd_socket);
+ ret = sock_create_kern(net, PF_INET6, SOCK_STREAM, IPPROTO_TCP, &ksmbd_socket);
if (ret) {
if (ret != -EAFNOSUPPORT)
pr_err("Can't create socket for ipv6, fallback to ipv4: %d\n", ret);
- ret = sock_create(PF_INET, SOCK_STREAM, IPPROTO_TCP,
- &ksmbd_socket);
+ ret = sock_create_kern(net, PF_INET, SOCK_STREAM, IPPROTO_TCP,
+ &ksmbd_socket);
if (ret) {
pr_err("Can't create socket for ipv4: %d\n", ret);
goto out_clear;
--
2.49.0
Powered by blists - more mailing lists