Patch "libceph: use kernel_connect()" has been added to the 4.19-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Fri, 20 Oct 2023 20:28:20 -0400

This is a note to let you know that I've just added the patch titled

    libceph: use kernel_connect()

to the 4.19-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     libceph-use-kernel_connect.patch
and it can be found in the queue-4.19 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 57582d427ff2c2dbb1ca581f90e9cdb61d029c05
Author: Jordan Rife <jrife@xxxxxxxxxx>
Date:   Wed Oct 4 18:38:27 2023 -0500

    libceph: use kernel_connect()
    
    [ Upstream commit 7563cf17dce0a875ba3d872acdc63a78ea344019 ]
    
    Direct calls to ops->connect() can overwrite the address parameter when
    used in conjunction with BPF SOCK_ADDR hooks. Recent changes to
    kernel_connect() ensure that callers are insulated from such side
    effects. This patch wraps the direct call to ops->connect() with
    kernel_connect() to prevent unexpected changes to the address passed to
    ceph_tcp_connect().
    
    This change was originally part of a larger patch targeting the net tree
    addressing all instances of unprotected calls to ops->connect()
    throughout the kernel, but this change was split up into several patches
    targeting various trees.
    
    Cc: stable@xxxxxxxxxxxxxxx
    Link: https://lore.kernel.org/netdev/20230821100007.559638-1-jrife@xxxxxxxxxx/
    Link: https://lore.kernel.org/netdev/9944248dba1bce861375fcce9de663934d933ba9.camel@xxxxxxxxxx/
    Fixes: d74bad4e74ee ("bpf: Hooks for sys_connect")
    Signed-off-by: Jordan Rife <jrife@xxxxxxxxxx>
    Reviewed-by: Ilya Dryomov <idryomov@xxxxxxxxx>
    Signed-off-by: Ilya Dryomov <idryomov@xxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c
index 53ab8fc713a3e..7fd18e10755ec 100644
--- a/net/ceph/messenger.c
+++ b/net/ceph/messenger.c
@@ -487,8 +487,8 @@ static int ceph_tcp_connect(struct ceph_connection *con)
 	dout("connect %s\n", ceph_pr_addr(&con->peer_addr.in_addr));
 
 	con_sock_state_connecting(con);
-	ret = sock->ops->connect(sock, (struct sockaddr *)&ss, sizeof(ss),
-				 O_NONBLOCK);
+	ret = kernel_connect(sock, (struct sockaddr *)&ss, sizeof(ss),
+			     O_NONBLOCK);
 	if (ret == -EINPROGRESS) {
 		dout("connect %s EINPROGRESS sk_state = %u\n",
 		     ceph_pr_addr(&con->peer_addr.in_addr),






