Cover Letter Detail
Show a cover letter.
GET /api/covers/1839933/?format=api
{ "id": 1839933, "url": "http://patchwork.ozlabs.org/api/covers/1839933/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/cover/20230926200505.2804266-1-jrife@google.com/", "project": { "id": 26, "url": "http://patchwork.ozlabs.org/api/projects/26/?format=api", "name": "Netfilter Development", "link_name": "netfilter-devel", "list_id": "netfilter-devel.vger.kernel.org", "list_email": "netfilter-devel@vger.kernel.org", "web_url": null, "scm_url": null, "webscm_url": null, "list_archive_url": "", "list_archive_url_format": "", "commit_url_format": "" }, "msgid": "<20230926200505.2804266-1-jrife@google.com>", "list_archive_url": null, "date": "2023-09-26T20:05:02", "name": "[net,v6,0/3] Insulate Kernel Space From SOCK_ADDR Hooks", "submitter": { "id": 87261, "url": "http://patchwork.ozlabs.org/api/people/87261/?format=api", "name": "Jordan Rife", "email": "jrife@google.com" }, "mbox": "http://patchwork.ozlabs.org/project/netfilter-devel/cover/20230926200505.2804266-1-jrife@google.com/mbox/", "series": [ { "id": 374999, "url": "http://patchwork.ozlabs.org/api/series/374999/?format=api", "web_url": "http://patchwork.ozlabs.org/project/netfilter-devel/list/?series=374999", "date": "2023-09-26T20:05:02", "name": "Insulate Kernel Space From SOCK_ADDR Hooks", "version": 6, "mbox": "http://patchwork.ozlabs.org/series/374999/mbox/" } ], "comments": "http://patchwork.ozlabs.org/api/covers/1839933/comments/", "headers": { "Return-Path": "<netfilter-devel-owner@vger.kernel.org>", "X-Original-To": "incoming@patchwork.ozlabs.org", "Delivered-To": "patchwork-incoming@legolas.ozlabs.org", "Authentication-Results": [ "legolas.ozlabs.org;\n\tdkim=pass (2048-bit key;\n unprotected) header.d=google.com header.i=@google.com header.a=rsa-sha256\n header.s=20230601 header.b=atLFwbr8;\n\tdkim-atps=neutral", "legolas.ozlabs.org;\n spf=pass (sender SPF authorized) smtp.mailfrom=vger.kernel.org\n (client-ip=2620:137:e000::1:20; helo=out1.vger.email;\n envelope-from=netfilter-devel-owner@vger.kernel.org;\n receiver=patchwork.ozlabs.org)" ], "Received": [ "from out1.vger.email (out1.vger.email [IPv6:2620:137:e000::1:20])\n\tby legolas.ozlabs.org (Postfix) with ESMTP id 4Rw9hW3qpgz1yp0\n\tfor <incoming@patchwork.ozlabs.org>; Wed, 27 Sep 2023 06:05:15 +1000 (AEST)", "(majordomo@vger.kernel.org) by vger.kernel.org via listexpand\n id S231564AbjIZUFR (ORCPT <rfc822;incoming@patchwork.ozlabs.org>);\n Tue, 26 Sep 2023 16:05:17 -0400", "from lindbergh.monkeyblade.net ([23.128.96.19]:39998 \"EHLO\n lindbergh.monkeyblade.net\" rhost-flags-OK-OK-OK-OK) by vger.kernel.org\n with ESMTP id S235803AbjIZUFR (ORCPT\n <rfc822;netfilter-devel@vger.kernel.org>);\n Tue, 26 Sep 2023 16:05:17 -0400", "from mail-yb1-xb4a.google.com (mail-yb1-xb4a.google.com\n [IPv6:2607:f8b0:4864:20::b4a])\n by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2C39E11D\n for <netfilter-devel@vger.kernel.org>;\n Tue, 26 Sep 2023 13:05:10 -0700 (PDT)", "by mail-yb1-xb4a.google.com with SMTP id\n 3f1490d57ef6-d8943298013so5951350276.2\n for <netfilter-devel@vger.kernel.org>;\n Tue, 26 Sep 2023 13:05:10 -0700 (PDT)" ], "DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=google.com; s=20230601; t=1695758709; x=1696363509;\n darn=vger.kernel.org;\n h=cc:to:from:subject:message-id:mime-version:date:from:to:cc:subject\n :date:message-id:reply-to;\n bh=LUHQqKLA03cvxOqIb9LV+319kkd0FdCrPANHPM/IRTw=;\n b=atLFwbr8blVejomJeCh4lmIxX20DbV2RNAqifweKxAWRvnZExZjZrAw4c31yp0sInI\n k2Hxy3zQagyqWF2rNcnY093lwRXKqSU94jdl1tb/lHJNSgc6KJZCVmEDBtACX+3RtX5G\n Y6t8S3aIZJ0R1KvnNPmlwJJ4XmU+XFr25Wy2y3xy6l0SNA1QIT0X5LaFaZRqfOr9Bcbi\n hAxZPer1LDuotdMLhHuR4h+7lWENJyHmJ5RQ+nCamGDs/YI0eFAAMg3ner6O1UseAx77\n hwR9F7FEDxieu6VbJniVZ9nA/XvlLgwVHTtpwGBV19bLXmn+bTnETagjXvy+tlbgBUIp\n RkkA==", "X-Google-DKIM-Signature": "v=1; a=rsa-sha256; c=relaxed/relaxed;\n d=1e100.net; s=20230601; t=1695758709; x=1696363509;\n h=cc:to:from:subject:message-id:mime-version:date:x-gm-message-state\n :from:to:cc:subject:date:message-id:reply-to;\n bh=LUHQqKLA03cvxOqIb9LV+319kkd0FdCrPANHPM/IRTw=;\n b=pU6/9FYjkt0uLSKOK8iMNCD2w/kZPrDXVW+CO3I86ZzEZRmFl7r/i6g0AVSTmQrRML\n kuhKZDVw5m8qibK7O1FrDPNsOn9UJloZOzhyu8fhZ4h2hBfcfAd98pDGE2v20ljcVg9S\n 0+M1uLnaEB8qk4FXxIZCy5EwqeNNqWMPcAvg5bGq0NEE6UFFUBbmGyS2PLqfoPcIpttH\n 1Ew/wPUHabS7EBWcf6ZLHi8OqE/PERCsBifLSLaDmVr/tr9cpXzngnrg+Y741pLuJRSb\n tUs0YkY6J75tLn5TEyjkYO0U2EGocEXVUh4UqTn3LGGn1p4JuhntM7SrhyNigvwWzQak\n 3vkQ==", "X-Gm-Message-State": "AOJu0YyCM+PdDlTUVKUeQ2EcsBVsdGZqedjRWO6tIfYw2cTwDi3FVfsP\n i1f2/f/eWy4Ah9URTOhOEqeq4mwM+Q==", "X-Google-Smtp-Source": "\n AGHT+IHiar7acMg7OZkqRteQy8u+g7Q3fC4ZlZH6+0avyWJDsbyt98fkghdeToG/rJkXrrHt5fTNug6bGg==", "X-Received": "from jrife.c.googlers.com ([fda3:e722:ac3:cc00:2b:ff92:c0a8:9f])\n (user=jrife job=sendgmr) by 2002:a5b:752:0:b0:d89:4d2c:d846 with SMTP id\n s18-20020a5b0752000000b00d894d2cd846mr52999ybq.12.1695758709189; Tue, 26 Sep\n 2023 13:05:09 -0700 (PDT)", "Date": "Tue, 26 Sep 2023 15:05:02 -0500", "Mime-Version": "1.0", "X-Mailer": "git-send-email 2.42.0.515.g380fc7ccd1-goog", "Message-ID": "<20230926200505.2804266-1-jrife@google.com>", "Subject": "[PATCH net v6 0/3] Insulate Kernel Space From SOCK_ADDR Hooks", "From": "Jordan Rife <jrife@google.com>", "To": "davem@davemloft.net, edumazet@google.com, kuba@kernel.org,\n pabeni@redhat.com, willemdebruijn.kernel@gmail.com,\n netdev@vger.kernel.org", "Cc": "dborkman@kernel.org, horms@verge.net.au, pablo@netfilter.org,\n kadlec@netfilter.org, fw@strlen.de, santosh.shilimkar@oracle.com,\n ast@kernel.org, rdna@fb.com, linux-rdma@vger.kernel.org,\n rds-devel@oss.oracle.com, coreteam@netfilter.org,\n netfilter-devel@vger.kernel.org, ja@ssi.bg,\n lvs-devel@vger.kernel.org, kafai@fb.com, daniel@iogearbox.net,\n daan.j.demeyer@gmail.com, Jordan Rife <jrife@google.com>", "Content-Type": "text/plain; charset=\"UTF-8\"", "X-Spam-Status": "No, score=-9.6 required=5.0 tests=BAYES_00,DKIMWL_WL_MED,\n DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,\n RCVD_IN_DNSWL_BLOCKED,SPF_HELO_NONE,SPF_PASS,USER_IN_DEF_DKIM_WL\n autolearn=ham autolearn_force=no version=3.4.6", "X-Spam-Checker-Version": "SpamAssassin 3.4.6 (2021-04-09) on\n lindbergh.monkeyblade.net", "Precedence": "bulk", "List-ID": "<netfilter-devel.vger.kernel.org>", "X-Mailing-List": "netfilter-devel@vger.kernel.org" }, "content": "==OVERVIEW==\n\nThe sock_sendmsg(), kernel_connect(), and kernel_bind() functions\nprovide kernel space equivalents to the sendmsg(), connect(), and bind()\nsystem calls.\n\nWhen used in conjunction with BPF SOCK_ADDR hooks that rewrite the send,\nconnect, or bind address, callers may observe that the address passed to\nthe call is modified. This is a problem not just in theory, but in\npractice, with uninsulated calls to kernel_connect() causing issues with\nbroken NFS and CIFS mounts.\n\ncommit 0bdf399342c5 (\"net: Avoid address overwrite in kernel_connect\")\nensured that callers to kernel_connect() are insulated from such effects\nby passing a copy of the address parameter down the stack, but did not\ngo far enough:\n\n- There remain many instances of direct calls to sock->ops->connect()\n throughout the kernel which do not benefit from the change to\n kernel_connect().\n- sock_sendmsg() and kernel_bind() remain uninsulated from address\n rewrites and there exist many direct calls to sock->ops->bind()\n throughout the kernel.\n\nThis patch series is the first step to ensuring all socket operations in\nkernel space are safe to use with BPF SOCK_ADDR hooks. It\n\n1) Wraps direct calls to sock->ops->connect() with kernel_connect() to\n insulate them.\n2) Introduces an address copy to sock_sendmsg() to insulate both calls\n to kernel_sendmsg() and sock_sendmsg() in kernel space.\n3) Introduces an address copy to kernel_bind() and wraps direct calls to\n sock->ops->bind() to insulate them.\n\nEarlier versions of this patch series wrapped all calls to\nsock->ops->conect() and sock->ops->bind() throughout the kernel, but\nthis was pared down to instances occuring only in net to avoid merge\nconflicts. A set of patches to various trees will be made as a follow up\nto this series to address this gap.\n\n==CHANGELOG==\n\nV5->V6\n------\n- Preserve original value of msg->msg_namelen in sock_sendmsg() in\n anticipation of this patch that adds support for SOCK_ADDR hooks to\n Unix sockets and the ability to modify msg->msg_namelen:\n - https://lore.kernel.org/bpf/202309231339.L2O0CrMU-lkp@intel.com/T/#m181770af51156bdaa70fd4a4cb013ba11f28e101\n\nV4->V5\n------\n- Removed non-net changes to avoid potential merge conflicts.\n\nV3->V4\n------\n- Removed address length precondition checks from kernel_connect() and\n kernel_bind().\n- Reordered variable declarations in sock_sendmsg() to maintain reverse\n xmas tree order.\n\nV2->V3\n------\n- Added \"Fixes\" tags\n- Added address length precondition checks to kernel_connect() and\n kernel_bind().\n\nV1->V2\n------\n- Split up single patch into patch series.\n- Wrapped all direct calls to sock->ops->connect() with kernel_connect()\n instead of pushing the address deeper into the stack to avoid\n duplication of address copy logic and to encourage a consistent\n interface.\n- Moved address copy up the stack to sock_sendmsg() to avoid duplication\n of address copy logic.\n- Introduced address copy to kernel_bind() and insulated direct calls to\n sock->ops->bind().\n\nJordan Rife (3):\n net: replace calls to sock->ops->connect() with kernel_connect()\n net: prevent rewrite of msg_name and msg_namelen in sock_sendmsg()\n net: prevent address rewrite in kernel_bind()\n\n net/netfilter/ipvs/ip_vs_sync.c | 8 ++++----\n net/rds/tcp_connect.c | 4 ++--\n net/rds/tcp_listen.c | 2 +-\n net/socket.c | 36 ++++++++++++++++++++++++++-------\n 4 files changed, 36 insertions(+), 14 deletions(-)" }