[PATCH 10/10] vsock/virtio: clear peer creds on connect
From: Marc-André Lureau
Date: Thu Oct 21 2021 - 08:38:43 EST
Since providing foreign creds wouldn't make much sense over VIRTIO,
let's clear the socket peer credentials on connect.
Signed-off-by: Marc-André Lureau <marcandre.lureau@xxxxxxxxxx>
---
net/vmw_vsock/virtio_transport.c | 22 +++++++++++++++++++++-
1 file changed, 21 insertions(+), 1 deletion(-)
diff --git a/net/vmw_vsock/virtio_transport.c b/net/vmw_vsock/virtio_transport.c
index 4f7c99dfd16c..705789272a0f 100644
--- a/net/vmw_vsock/virtio_transport.c
+++ b/net/vmw_vsock/virtio_transport.c
@@ -449,6 +449,26 @@ static void virtio_vsock_rx_done(struct virtqueue *vq)
static bool virtio_transport_seqpacket_allow(u32 remote_cid);
+static int transport_connect(struct vsock_sock *vsk)
+{
+ struct sock *sk;
+ int ret;
+
+ ret = virtio_transport_connect(vsk);
+ if (ret < 0) {
+ return ret;
+ }
+
+ /* clear creds, as we can't provide foreign creds */
+ sk = sk_vsock(vsk);
+ put_pid(sk->sk_peer_pid);
+ sk->sk_peer_pid = NULL;
+ put_cred(sk->sk_peer_cred);
+ sk->sk_peer_cred = NULL;
+
+ return ret;
+}
+
static struct virtio_transport virtio_transport = {
.transport = {
.module = THIS_MODULE,
@@ -458,7 +478,7 @@ static struct virtio_transport virtio_transport = {
.init = virtio_transport_do_socket_init,
.destruct = virtio_transport_destruct,
.release = virtio_transport_release,
- .connect = virtio_transport_connect,
+ .connect = transport_connect,
.shutdown = virtio_transport_shutdown,
.cancel_pkt = virtio_transport_cancel_pkt,
--
2.33.0.721.g106298f7f9