]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit
landlock: Fix TCP Fast Open connection bypass
authorMatthieu Buffet <matthieu@buffet.re>
Wed, 1 Jul 2026 21:46:27 +0000 (23:46 +0200)
committerMickaël Salaün <mic@digikod.net>
Fri, 10 Jul 2026 10:59:07 +0000 (12:59 +0200)
commit33cb713db0161b54f04fe830e062c9e102c29a04
tree912caa36ce9c5d6c92c31bfff46d47ec9d81c853
parentdc59e4fea9d83f03bad6bddf3fa2e52491777482
landlock: Fix TCP Fast Open connection bypass

The documentation of the socket_connect() LSM hook states that it
controls connecting a socket to a remote address. It has not been the
case since the addition of TCP Fast Open (RFC 7413) support, which
allows opening a TCP connection (thus, setting a socket's destination
address) via the MSG_FASTOPEN flag passed to
sendto()/sendmsg()/sendmmsg(). The problem then got duplicated into
MPTCP.

Landlock did not take it into account when its TCP support was added,
leaving a bypass of TCP connect policy.

Ideally a call to the LSM hook would be added in the fastopen code path,
in order to fix this generically. But connect() hooks are designed to
run with the socket locked, unlike sendmsg() hooks.

Closes: https://github.com/landlock-lsm/linux/issues/41
Fixes: fff69fb03dde ("landlock: Support network rules with TCP bind and connect")
Signed-off-by: Matthieu Buffet <matthieu@buffet.re>
Link: https://patch.msgid.link/20260701214628.33319-1-matthieu@buffet.re
Cc: stable@vger.kernel.org
[mic: Wrap commit message]
Signed-off-by: Mickaël Salaün <mic@digikod.net>
security/landlock/net.c