| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20251021214422.1941691-8-kuniyu@google.com>
Date: Tue, 21 Oct 2025 21:43:24 +0000
From: Kuniyuki Iwashima <kuniyu@...gle.com>
To: Marcelo Ricardo Leitner <marcelo.leitner@...il.com>, Xin Long <lucien.xin@...il.com>,
"David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com>,
Jakub Kicinski <kuba@...nel.org>, Paolo Abeni <pabeni@...hat.com>
Cc: Simon Horman <horms@...nel.org>, Kuniyuki Iwashima <kuniyu@...gle.com>,
Kuniyuki Iwashima <kuni1840@...il.com>, netdev@...r.kernel.org, linux-sctp@...r.kernel.org
Subject: [PATCH v1 net-next 7/8] sctp: Use sctp_clone_sock() in sctp_do_peeloff().
sctp_do_peeloff() calls sock_create() to allocate and initialise
struct sock, inet_sock, and sctp_sock, but later sctp_copy_sock()
and sctp_sock_migrate() overwrite most fields.
What sctp_do_peeloff() does is more like accept().
Let's use sock_create_lite() and sctp_clone_sock().
Signed-off-by: Kuniyuki Iwashima <kuniyu@...gle.com>
---
net/sctp/socket.c | 36 +++++++++++++++---------------------
1 file changed, 15 insertions(+), 21 deletions(-)
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 826f17747f176..60d3e340dfeda 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -5671,11 +5671,11 @@ static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optv
/* Helper routine to branch off an association to a new socket. */
static int sctp_do_peeloff(struct sock *sk, sctp_assoc_t id,
- struct socket **sockp)
+ struct socket **sockp)
{
struct sctp_association *asoc = sctp_id2assoc(sk, id);
- struct sctp_sock *sp = sctp_sk(sk);
struct socket *sock;
+ struct sock *newsk;
int err = 0;
/* Do not peel off from one netns to another one. */
@@ -5691,30 +5691,24 @@ static int sctp_do_peeloff(struct sock *sk, sctp_assoc_t id,
if (!sctp_style(sk, UDP))
return -EINVAL;
- /* Create a new socket. */
- err = sock_create(sk->sk_family, SOCK_SEQPACKET, IPPROTO_SCTP, &sock);
- if (err < 0)
+ err = sock_create_lite(sk->sk_family, SOCK_SEQPACKET, IPPROTO_SCTP, &sock);
+ if (err)
return err;
- sctp_copy_sock(sock->sk, sk, asoc);
-
- /* Make peeled-off sockets more like 1-1 accepted sockets.
- * Set the daddr and initialize id to something more random and also
- * copy over any ip options.
- */
- sp->pf->to_sk_daddr(&asoc->peer.primary_addr, sock->sk);
- sp->pf->copy_ip_options(sk, sock->sk);
-
- /* Populate the fields of the newsk from the oldsk and migrate the
- * asoc to the newsk.
- */
- err = sctp_sock_migrate(sk, sock->sk, asoc,
- SCTP_SOCKET_UDP_HIGH_BANDWIDTH);
- if (err) {
+ newsk = sctp_clone_sock(sk, asoc, SCTP_SOCKET_UDP_HIGH_BANDWIDTH);
+ if (IS_ERR(newsk)) {
sock_release(sock);
- sock = NULL;
+ *sockp = NULL;
+ return PTR_ERR(newsk);
}
+ lock_sock_nested(newsk, SINGLE_DEPTH_NESTING);
+ __inet_accept(sk->sk_socket, sock, newsk);
+ release_sock(newsk);
+
+ sock->ops = sk->sk_socket->ops;
+ __module_get(sock->ops->owner);
+
*sockp = sock;
return err;
--
2.51.0.915.g61a8936c21-goog
Powered by blists - more mailing lists