On Wed, 2023-09-20 at 09:28 -0400, Willem de Bruijn wrote: > Jordan Rife wrote: > > Callers of sock_sendmsg(), and similarly kernel_sendmsg(), in kernel > > space may observe their value of msg_name change in cases where BPF > > sendmsg hooks rewrite the send address. This has been confirmed to break > > NFS mounts running in UDP mode and has the potential to break other > > systems. > > > > This patch: > > > > 1) Creates a new function called __sock_sendmsg() with same logic as the > > old sock_sendmsg() function. > > 2) Replaces calls to sock_sendmsg() made by __sys_sendto() and > > __sys_sendmsg() with __sock_sendmsg() to avoid an unnecessary copy, > > as these system calls are already protected. > > 3) Modifies sock_sendmsg() so that it makes a copy of msg_name if > > present before passing it down the stack to insulate callers from > > changes to the send address. > > > > Link: https://lore.kernel.org/netdev/20230912013332.2048422-1-jrife@xxxxxxxxxx/ > > Fixes: 1cedee13d25a ("bpf: Hooks for sys_sendmsg") > > Cc: stable@xxxxxxxxxxxxxxx > > Signed-off-by: Jordan Rife <jrife@xxxxxxxxxx> > > Reviewed-by: Willem de Bruijn <willemb@xxxxxxxxxx> CC Jens and Pavel, as I guess io_uring likely want to use __sock_sendmsg(), in a follow-up patch. Cheers, Paolo
