From bc542a6ac3a669733816a369f0f59818327af577 Mon Sep 17 00:00:00 2001 From: Greg Kroah-Hartman Date: Thu, 7 Sep 2023 12:30:29 +0100 Subject: [PATCH] 5.4-stable patches added patches: net-avoid-address-overwrite-in-kernel_connect.patch --- ...-address-overwrite-in-kernel_connect.patch | 51 +++++++++++++++++++ queue-5.4/series | 1 + 2 files changed, 52 insertions(+) create mode 100644 queue-5.4/net-avoid-address-overwrite-in-kernel_connect.patch diff --git a/queue-5.4/net-avoid-address-overwrite-in-kernel_connect.patch b/queue-5.4/net-avoid-address-overwrite-in-kernel_connect.patch new file mode 100644 index 00000000000..e8ce0bf3f19 --- /dev/null +++ b/queue-5.4/net-avoid-address-overwrite-in-kernel_connect.patch @@ -0,0 +1,51 @@ +From 0bdf399342c5acbd817c9098b6c7ed21f1974312 Mon Sep 17 00:00:00 2001 +From: Jordan Rife +Date: Mon, 21 Aug 2023 16:45:23 -0500 +Subject: net: Avoid address overwrite in kernel_connect + +From: Jordan Rife + +commit 0bdf399342c5acbd817c9098b6c7ed21f1974312 upstream. + +BPF programs that run on connect can rewrite the connect address. For +the connect system call this isn't a problem, because a copy of the address +is made when it is moved into kernel space. However, kernel_connect +simply passes through the address it is given, so the caller may observe +its address value unexpectedly change. + +A practical example where this is problematic is where NFS is combined +with a system such as Cilium which implements BPF-based load balancing. +A common pattern in software-defined storage systems is to have an NFS +mount that connects to a persistent virtual IP which in turn maps to an +ephemeral server IP. This is usually done to achieve high availability: +if your server goes down you can quickly spin up a replacement and remap +the virtual IP to that endpoint. With BPF-based load balancing, mounts +will forget the virtual IP address when the address rewrite occurs +because a pointer to the only copy of that address is passed down the +stack. Server failover then breaks, because clients have forgotten the +virtual IP address. Reconnects fail and mounts remain broken. This patch +was tested by setting up a scenario like this and ensuring that NFS +reconnects worked after applying the patch. + +Signed-off-by: Jordan Rife +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +--- + net/socket.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +--- a/net/socket.c ++++ b/net/socket.c +@@ -3637,7 +3637,11 @@ EXPORT_SYMBOL(kernel_accept); + int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen, + int flags) + { +- return sock->ops->connect(sock, addr, addrlen, flags); ++ struct sockaddr_storage address; ++ ++ memcpy(&address, addr, addrlen); ++ ++ return sock->ops->connect(sock, (struct sockaddr *)&address, addrlen, flags); + } + EXPORT_SYMBOL(kernel_connect); + diff --git a/queue-5.4/series b/queue-5.4/series index 4600143109d..bd20d5de8a4 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -40,3 +40,4 @@ cifs-add-a-warning-when-the-in-flight-count-goes-neg.patch scsi-storvsc-always-set-no_report_opcodes.patch alsa-seq-oss-fix-racy-open-close-of-midi-devices.patch platform-mellanox-fix-mlxbf-tmfifo-not-handling-all-.patch +net-avoid-address-overwrite-in-kernel_connect.patch -- 2.47.3