--- /dev/null
+From 0bdf399342c5acbd817c9098b6c7ed21f1974312 Mon Sep 17 00:00:00 2001
+From: Jordan Rife <jrife@google.com>
+Date: Mon, 21 Aug 2023 16:45:23 -0500
+Subject: net: Avoid address overwrite in kernel_connect
+
+From: Jordan Rife <jrife@google.com>
+
+commit 0bdf399342c5acbd817c9098b6c7ed21f1974312 upstream.
+
+BPF programs that run on connect can rewrite the connect address. For
+the connect system call this isn't a problem, because a copy of the address
+is made when it is moved into kernel space. However, kernel_connect
+simply passes through the address it is given, so the caller may observe
+its address value unexpectedly change.
+
+A practical example where this is problematic is where NFS is combined
+with a system such as Cilium which implements BPF-based load balancing.
+A common pattern in software-defined storage systems is to have an NFS
+mount that connects to a persistent virtual IP which in turn maps to an
+ephemeral server IP. This is usually done to achieve high availability:
+if your server goes down you can quickly spin up a replacement and remap
+the virtual IP to that endpoint. With BPF-based load balancing, mounts
+will forget the virtual IP address when the address rewrite occurs
+because a pointer to the only copy of that address is passed down the
+stack. Server failover then breaks, because clients have forgotten the
+virtual IP address. Reconnects fail and mounts remain broken. This patch
+was tested by setting up a scenario like this and ensuring that NFS
+reconnects worked after applying the patch.
+
+Signed-off-by: Jordan Rife <jrife@google.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/socket.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+--- a/net/socket.c
++++ b/net/socket.c
+@@ -3453,7 +3453,11 @@ EXPORT_SYMBOL(kernel_accept);
+ int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen,
+ int flags)
+ {
+- return sock->ops->connect(sock, addr, addrlen, flags);
++ struct sockaddr_storage address;
++
++ memcpy(&address, addr, addrlen);
++
++ return sock->ops->connect(sock, (struct sockaddr *)&address, addrlen, flags);
+ }
+ EXPORT_SYMBOL(kernel_connect);
+
--- /dev/null
+From nathan@kernel.org Thu Sep 7 12:29:23 2023
+From: Nathan Chancellor <nathan@kernel.org>
+Date: Tue, 05 Sep 2023 13:36:11 -0700
+Subject: of: kexec: Mark ima_{free,stable}_kexec_buffer() as __init
+To: gregkh@linuxfoundation.org, sashal@kernel.org
+Cc: stable@vger.kernel.org, robh+dt@kernel.org, frowand.list@gmail.com, zohar@linux.ibm.com, dmitry.kasatkin@gmail.com, devicetree@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, Nathan Chancellor <nathan@kernel.org>
+Message-ID: <20230905-5-15-of-kexec-modpost-warning-v1-1-4138b2e96b4e@kernel.org>
+
+From: Nathan Chancellor <nathan@kernel.org>
+
+This commit has no direct upstream equivalent.
+
+After commit d48016d74836 ("mm,ima,kexec,of: use memblock_free_late from
+ima_free_kexec_buffer") in 5.15, there is a modpost warning for certain
+configurations:
+
+ WARNING: modpost: vmlinux.o(.text+0xb14064): Section mismatch in reference from the function ima_free_kexec_buffer() to the function .init.text:__memblock_free_late()
+ The function ima_free_kexec_buffer() references
+ the function __init __memblock_free_late().
+ This is often because ima_free_kexec_buffer lacks a __init
+ annotation or the annotation of __memblock_free_late is wrong.
+
+In mainline, there is no issue because ima_free_kexec_buffer() is marked
+as __init, which was done as part of commit b69a2afd5afc ("x86/kexec:
+Carry forward IMA measurement log on kexec") in 6.0, which is not
+suitable for stable.
+
+Mark ima_free_kexec_buffer() and its single caller
+ima_load_kexec_buffer() as __init in 5.15, as ima_load_kexec_buffer() is
+only called from ima_init(), which is __init, clearing up the warning.
+
+Signed-off-by: Nathan Chancellor <nathan@kernel.org>
+Acked-by: Rob Herring <robh@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ drivers/of/kexec.c | 2 +-
+ include/linux/of.h | 2 +-
+ security/integrity/ima/ima.h | 2 +-
+ security/integrity/ima/ima_kexec.c | 2 +-
+ 4 files changed, 4 insertions(+), 4 deletions(-)
+
+--- a/drivers/of/kexec.c
++++ b/drivers/of/kexec.c
+@@ -165,7 +165,7 @@ int ima_get_kexec_buffer(void **addr, si
+ /**
+ * ima_free_kexec_buffer - free memory used by the IMA buffer
+ */
+-int ima_free_kexec_buffer(void)
++int __init ima_free_kexec_buffer(void)
+ {
+ int ret;
+ unsigned long addr;
+--- a/include/linux/of.h
++++ b/include/linux/of.h
+@@ -574,7 +574,7 @@ void *of_kexec_alloc_and_setup_fdt(const
+ unsigned long initrd_len,
+ const char *cmdline, size_t extra_fdt_size);
+ int ima_get_kexec_buffer(void **addr, size_t *size);
+-int ima_free_kexec_buffer(void);
++int __init ima_free_kexec_buffer(void);
+ #else /* CONFIG_OF */
+
+ static inline void of_core_init(void)
+--- a/security/integrity/ima/ima.h
++++ b/security/integrity/ima/ima.h
+@@ -122,7 +122,7 @@ struct ima_kexec_hdr {
+ extern const int read_idmap[];
+
+ #ifdef CONFIG_HAVE_IMA_KEXEC
+-void ima_load_kexec_buffer(void);
++void __init ima_load_kexec_buffer(void);
+ #else
+ static inline void ima_load_kexec_buffer(void) {}
+ #endif /* CONFIG_HAVE_IMA_KEXEC */
+--- a/security/integrity/ima/ima_kexec.c
++++ b/security/integrity/ima/ima_kexec.c
+@@ -137,7 +137,7 @@ void ima_add_kexec_buffer(struct kimage
+ /*
+ * Restore the measurement list from the previous kernel.
+ */
+-void ima_load_kexec_buffer(void)
++void __init ima_load_kexec_buffer(void)
+ {
+ void *kexec_buffer = NULL;
+ size_t kexec_buffer_size = 0;
projects / thirdparty / kernel / stable-queue.git / commitdiff
