[PATCH] net: Added security socket

From: Denis Arefev
Date: Wed Apr 05 2023 - 08:53:17 EST

Next message: Thierry Reding: "Re: [PATCH v2] PCI: tegra194: Handle errors in BPMP response"
Previous message: Linux regression tracking #update (Thorsten Leemhuis): "Re: kernel 6.2 stuck at boot (efi_call_rts) on arm64"
In reply to: Alexander Duyck: "Re: [PATCH] net: Added security socket"
Next in thread: Jakub Kicinski: "Re: [PATCH] net: Added security socket"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Added security_socket_connect
kernel_connect is in kernel space,
but kernel_connect is used in RPC
requests (/net/sunrpc/xprtsock.c),
and the RPC protocol is used by the NFS server.
This is how we protect the TCP connection
initiated by the client.

Signed-off-by: Denis Arefev <arefev@xxxxxxxxx>
---
net/socket.c | 6 ++++++
1 file changed, 6 insertions(+)

diff --git a/net/socket.c b/net/socket.c
index 9c92c0e6c4da..9afa2b44a9e5 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -3526,6 +3526,12 @@ EXPORT_SYMBOL(kernel_accept);
int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen,
int flags)
{
+ int err;
+
+ err = security_socket_connect(sock, (struct sockaddr *)addr, addrlen);
+ if (err)
+ return err;
+
return sock->ops->connect(sock, addr, addrlen, flags);
}
EXPORT_SYMBOL(kernel_connect);
--
2.25.1

Next message: Thierry Reding: "Re: [PATCH v2] PCI: tegra194: Handle errors in BPMP response"
Previous message: Linux regression tracking #update (Thorsten Leemhuis): "Re: kernel 6.2 stuck at boot (efi_call_rts) on arm64"
In reply to: Alexander Duyck: "Re: [PATCH] net: Added security socket"
Next in thread: Jakub Kicinski: "Re: [PATCH] net: Added security socket"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]