This is a note to let you know that I've just added the patch titled libceph: use kernel_connect() to the 4.19-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: libceph-use-kernel_connect.patch and it can be found in the queue-4.19 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. commit 57582d427ff2c2dbb1ca581f90e9cdb61d029c05 Author: Jordan Rife <jrife@xxxxxxxxxx> Date: Wed Oct 4 18:38:27 2023 -0500 libceph: use kernel_connect() [ Upstream commit 7563cf17dce0a875ba3d872acdc63a78ea344019 ] Direct calls to ops->connect() can overwrite the address parameter when used in conjunction with BPF SOCK_ADDR hooks. Recent changes to kernel_connect() ensure that callers are insulated from such side effects. This patch wraps the direct call to ops->connect() with kernel_connect() to prevent unexpected changes to the address passed to ceph_tcp_connect(). This change was originally part of a larger patch targeting the net tree addressing all instances of unprotected calls to ops->connect() throughout the kernel, but this change was split up into several patches targeting various trees. Cc: stable@xxxxxxxxxxxxxxx Link: https://lore.kernel.org/netdev/20230821100007.559638-1-jrife@xxxxxxxxxx/ Link: https://lore.kernel.org/netdev/9944248dba1bce861375fcce9de663934d933ba9.camel@xxxxxxxxxx/ Fixes: d74bad4e74ee ("bpf: Hooks for sys_connect") Signed-off-by: Jordan Rife <jrife@xxxxxxxxxx> Reviewed-by: Ilya Dryomov <idryomov@xxxxxxxxx> Signed-off-by: Ilya Dryomov <idryomov@xxxxxxxxx> Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> diff --git a/net/ceph/messenger.c b/net/ceph/messenger.c index 53ab8fc713a3e..7fd18e10755ec 100644 --- a/net/ceph/messenger.c +++ b/net/ceph/messenger.c @@ -487,8 +487,8 @@ static int ceph_tcp_connect(struct ceph_connection *con) dout("connect %s\n", ceph_pr_addr(&con->peer_addr.in_addr)); con_sock_state_connecting(con); - ret = sock->ops->connect(sock, (struct sockaddr *)&ss, sizeof(ss), - O_NONBLOCK); + ret = kernel_connect(sock, (struct sockaddr *)&ss, sizeof(ss), + O_NONBLOCK); if (ret == -EINPROGRESS) { dout("connect %s EINPROGRESS sk_state = %u\n", ceph_pr_addr(&con->peer_addr.in_addr),