On Wed, Oct 4, 2023 at 10:15 AM Steve French <smfrench@xxxxxxxxx> wrote: > > tentatively merged into cifs-2.6.git for-next pending testing and > additional review > > On Wed, Oct 4, 2023 at 10:44 AM Paulo Alcantara <pc@xxxxxxxxxxxxx> wrote: > > > > Jordan Rife <jrife@xxxxxxxxxx> writes: > > > > > Recent changes to kernel_connect() and kernel_bind() ensure that > > > callers are insulated from changes to the address parameter made by BPF > > > SOCK_ADDR hooks. This patch wraps direct calls to ops->connect() and > > > ops->bind() with kernel_connect() and kernel_bind() to ensure that SMB > > > mounts do not see their mount address overwritten in such cases. > > > > > > Link: https://lore.kernel.org/netdev/9944248dba1bce861375fcce9de663934d933ba9.camel@xxxxxxxxxx/ > > > Cc: <stable@xxxxxxxxxxxxxxx> # 6.x.y > > > Signed-off-by: Jordan Rife <jrife@xxxxxxxxxx> > > > --- > > > fs/smb/client/connect.c | 10 +++++----- > > > 1 file changed, 5 insertions(+), 5 deletions(-) > > > > Acked-by: Paulo Alcantara (SUSE) <pc@xxxxxxxxxxxxx> > > > > -- > Thanks, > > Steve > Do you want this to go through the cifs tree? Yes. This was originally a part of a larger patch set destined for the net tree (https://lore.kernel.org/netdev/20230919175159.144073-1-jrife@xxxxxxxxxx/T/#u). It was ultimately decided (https://lore.kernel.org/netdev/20230919175323.144902-1-jrife@xxxxxxxxxx/T/#m905ead9bdce794112a6cdc440f6887b787532023) over there to try sending patches to the appropriate trees to avoid merge conflicts. > How urgent do you think it is (or should it wait for 6.7)? Not super urgent, but ultimately it should be backported to stable kernels 4.19+ (all versions where it's possible to overwrite the address parameter with BPF hooks). The risk here is in environments where BPF hooks are used to rewrite the connect/bind addresses (common in systems like Kubernetes w/ Cilium). Doing so can break your mounts, since the original mount address is "forgotten" when a call to ops->connect() overwrites it (have confirmed this scenario myself). IME, this scenario is more common to see with NFS mounts, but still possible with SMB. - Jordan
