From: Peter Zijlstra <a.p.zijlstra@chello.nl>
To: linux-kernel@vger.kernel.org, linux-mm@kvack.org, netdev@vger.kernel.org
Cc: Peter Zijlstra <a.p.zijlstra@chello.nl>,
Trond Myklebust <trond.myklebust@fys.uio.no>,
Thomas Graf <tgraf@suug.ch>, David Miller <davem@davemloft.net>,
James Bottomley <James.Bottomley@SteelEye.com>,
Mike Christie <michaelc@cs.wisc.edu>,
Andrew Morton <akpm@linux-foundation.org>,
Daniel Phillips <phillips@google.com>,
Mike Christie <mchristi@redhat.com>
Subject: [PATCH 34/40] sock: safely expose kernel sockets to userspace
Date: Fri, 04 May 2007 12:27:25 +0200 [thread overview]
Message-ID: <20070504103203.418277742@chello.nl> (raw)
In-Reply-To: <20070504102651.923946304@chello.nl>
[-- Attachment #1: net-SOCK_KERNEL.patch --]
[-- Type: text/plain, Size: 2426 bytes --]
SOCK_KERNEL - avoids user-space from actually using this socket for anything.
This enables sticking kernel sockets into the files_table for identifying and
reference counting purposes.
(iSCSI wants to do this)
Signed-off-by: Peter Zijlstra <a.p.zijlstra@chello.nl>
Cc: Mike Christie <mchristi@redhat.com>
---
include/net/sock.h | 1 +
net/socket.c | 10 +++++++++-
2 files changed, 10 insertions(+), 1 deletion(-)
Index: linux-2.6-git/include/net/sock.h
===================================================================
--- linux-2.6-git.orig/include/net/sock.h 2007-03-22 11:29:07.000000000 +0100
+++ linux-2.6-git/include/net/sock.h 2007-03-22 11:29:08.000000000 +0100
@@ -394,6 +394,7 @@ enum sock_flags {
SOCK_LOCALROUTE, /* route locally only, %SO_DONTROUTE setting */
SOCK_QUEUE_SHRUNK, /* write queue has been shrunk recently */
SOCK_VMIO, /* the VM depends on us - make sure we're serviced */
+ SOCK_KERNEL, /* userspace cannot touch this socket */
};
static inline void sock_copy_flags(struct sock *nsk, struct sock *osk)
Index: linux-2.6-git/net/socket.c
===================================================================
--- linux-2.6-git.orig/net/socket.c 2007-03-22 11:28:58.000000000 +0100
+++ linux-2.6-git/net/socket.c 2007-03-26 12:00:36.000000000 +0200
@@ -353,7 +353,7 @@ static int sock_alloc_fd(struct file **f
return fd;
}
-static int sock_attach_fd(struct socket *sock, struct file *file)
+static noinline int sock_attach_fd(struct socket *sock, struct file *file)
{
struct qstr this;
char name[32];
@@ -381,6 +381,10 @@ static int sock_attach_fd(struct socket
file->f_op = SOCK_INODE(sock)->i_fop = &socket_file_ops;
file->f_mode = FMODE_READ | FMODE_WRITE;
file->f_flags = O_RDWR;
+ if (unlikely(sock->sk && sock_flag(sock->sk, SOCK_KERNEL))) {
+ file->f_mode = 0;
+ file->f_flags = 0;
+ }
file->f_pos = 0;
file->private_data = sock;
@@ -806,6 +810,10 @@ static long sock_ioctl(struct file *file
int pid, err;
sock = file->private_data;
+
+ if (unlikely(sock_flag(sock->sk, SOCK_KERNEL)))
+ return -EBADF;
+
if (cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15)) {
err = dev_ioctl(cmd, argp);
} else
--
--
To unsubscribe, send a message with 'unsubscribe linux-mm' in
the body to majordomo@kvack.org. For more info on Linux MM,
see: http://www.linux-mm.org/ .
Don't email: <a href=mailto:"dont@kvack.org"> email@kvack.org </a>
next prev parent reply other threads:[~2007-05-04 10:27 UTC|newest]
Thread overview: 78+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-05-04 10:26 [PATCH 00/40] Swap over Networked storage -v12 Peter Zijlstra
2007-05-04 10:26 ` [PATCH 01/40] mm: page allocation rank Peter Zijlstra
2007-05-04 10:26 ` [PATCH 02/40] mm: slab allocation fairness Peter Zijlstra
2007-05-16 20:41 ` Christoph Lameter
2007-05-04 10:26 ` [PATCH 03/40] mm: allow PF_MEMALLOC from softirq context Peter Zijlstra
2007-05-04 10:26 ` [PATCH 04/40] mm: serialize access to min_free_kbytes Peter Zijlstra
2007-05-04 10:26 ` [PATCH 05/40] mm: emergency pool Peter Zijlstra
2007-05-04 10:26 ` [PATCH 06/40] mm: __GFP_EMERGENCY Peter Zijlstra
2007-05-04 10:26 ` [PATCH 07/40] mm: allow mempool to fall back to memalloc reserves Peter Zijlstra
2007-05-04 10:26 ` [PATCH 08/40] mm: kmem_cache_objsize Peter Zijlstra
2007-05-04 10:54 ` Pekka Enberg
2007-05-04 16:09 ` Christoph Lameter
2007-05-04 16:15 ` Peter Zijlstra
2007-05-04 16:23 ` Christoph Lameter
2007-05-04 16:30 ` Peter Zijlstra
2007-05-04 16:36 ` Christoph Lameter
2007-05-04 17:59 ` Peter Zijlstra
2007-05-04 18:04 ` Christoph Lameter
2007-05-04 18:21 ` Peter Zijlstra
2007-05-04 18:30 ` Christoph Lameter
2007-05-04 18:32 ` Peter Zijlstra
2007-05-04 18:45 ` Pekka Enberg
2007-05-04 18:47 ` Christoph Lameter
2007-05-04 18:54 ` Pekka Enberg
2007-05-04 19:59 ` Christoph Lameter
2007-05-05 9:00 ` Pekka J Enberg
2007-05-04 18:41 ` Pekka Enberg
2007-05-04 18:46 ` Christoph Lameter
2007-05-04 18:53 ` Pekka Enberg
2007-05-04 19:58 ` Christoph Lameter
2007-05-04 10:27 ` [PATCH 09/40] mm: optimize gfp_to_rank() Peter Zijlstra
2007-05-04 10:27 ` [PATCH 10/40] selinux: tag avc cache alloc as non-critical Peter Zijlstra
2007-05-04 10:27 ` [PATCH 11/40] net: wrap sk->sk_backlog_rcv() Peter Zijlstra
2007-05-04 10:27 ` [PATCH 12/40] net: packet split receive api Peter Zijlstra
2007-05-04 10:27 ` [PATCH 13/40] net: sk_allocation() - concentrate socket related allocations Peter Zijlstra
2007-05-04 10:27 ` [PATCH 14/40] netvm: link network to vm layer Peter Zijlstra
2007-05-04 10:27 ` [PATCH 15/40] netvm: INET reserves Peter Zijlstra
2007-05-04 10:27 ` [PATCH 16/40] netvm: hook skb allocation to reserves Peter Zijlstra
2007-05-04 14:07 ` Arnaldo Carvalho de Melo
2007-05-04 10:27 ` [PATCH 17/40] netvm: filter emergency skbs Peter Zijlstra
2007-05-04 10:27 ` [PATCH 18/40] netvm: prevent a TCP specific deadlock Peter Zijlstra
2007-05-04 10:27 ` [PATCH 19/40] netfilter: notify about NF_QUEUE vs emergency skbs Peter Zijlstra
2007-05-04 10:27 ` [PATCH 20/40] netvm: skb processing Peter Zijlstra
2007-05-04 10:27 ` [PATCH 21/40] uml: rename arch/um remove_mapping() Peter Zijlstra
2007-05-04 10:27 ` [PATCH 22/40] mm: prepare swap entry methods for use in page methods Peter Zijlstra
2007-05-04 10:27 ` [PATCH 23/40] mm: add support for non block device backed swap files Peter Zijlstra
2007-05-04 10:27 ` [PATCH 24/40] mm: methods for teaching filesystems about PG_swapcache pages Peter Zijlstra
2007-05-04 10:27 ` [PATCH 25/40] nfs: remove mempools Peter Zijlstra
2007-05-04 10:27 ` [PATCH 26/40] nfs: teach the NFS client how to treat PG_swapcache pages Peter Zijlstra
2007-05-04 10:27 ` [PATCH 27/40] nfs: disable data cache revalidation for swapfiles Peter Zijlstra
2007-05-04 10:27 ` [PATCH 28/40] nfs: enable swap on NFS Peter Zijlstra
2007-05-04 10:27 ` [PATCH 29/40] nfs: fix various memory recursions possible with swap over NFS Peter Zijlstra
2007-05-04 10:27 ` [PATCH 30/40] nfs: fixup missing error code Peter Zijlstra
2007-05-04 13:10 ` Peter Staubach
2007-05-04 13:18 ` Peter Zijlstra
2007-05-04 10:27 ` [PATCH 31/40] mm: balance_dirty_pages() vs throttle_vm_writeout() deadlock Peter Zijlstra
2007-05-04 10:27 ` [PATCH 32/40] block: add a swapdev callback to the request_queue Peter Zijlstra
2007-05-04 10:27 ` [PATCH 33/40] uml: enable scsi and add iscsi config Peter Zijlstra
2007-05-04 10:27 ` Peter Zijlstra [this message]
2007-05-04 10:27 ` [PATCH 35/40] From: Mike Christie <mchristi@redhat.com> Peter Zijlstra
2007-05-04 10:27 ` [PATCH 36/40] iscsi: fixup of the ep_connect patch Peter Zijlstra
2007-05-04 10:27 ` [PATCH 37/40] iscsi: ensure the iscsi kernel fd is not usable in userspace Peter Zijlstra
2007-05-04 10:27 ` [PATCH 38/40] netlink: add SOCK_VMIO support to AF_NETLINK Peter Zijlstra
2007-05-04 10:27 ` [PATCH 39/40] mm: a process flags to avoid blocking allocations Peter Zijlstra
2007-05-04 10:27 ` [PATCH 40/40] iscsi: support for swapping over iSCSI Peter Zijlstra
2007-05-04 15:22 ` [PATCH 00/40] Swap over Networked storage -v12 Daniel Walker
2007-05-04 15:38 ` Peter Zijlstra
2007-05-04 15:59 ` Daniel Walker
2007-05-04 18:09 ` Mike Snitzer
2007-05-04 19:31 ` Daniel Walker
2007-05-04 19:54 ` David Miller, Mike Snitzer
2007-05-04 21:36 ` Arnaldo Carvalho de Melo
2007-05-04 19:27 ` David Miller, Peter Zijlstra
2007-05-04 19:41 ` Peter Zijlstra
2007-05-04 20:02 ` David Miller, Peter Zijlstra
2007-05-04 20:29 ` Jeff Garzik
2007-05-05 9:43 ` Christoph Hellwig
2007-05-05 9:55 ` William Lee Irwin III
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070504103203.418277742@chello.nl \
--to=a.p.zijlstra@chello.nl \
--cc=James.Bottomley@SteelEye.com \
--cc=akpm@linux-foundation.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mchristi@redhat.com \
--cc=michaelc@cs.wisc.edu \
--cc=netdev@vger.kernel.org \
--cc=phillips@google.com \
--cc=tgraf@suug.ch \
--cc=trond.myklebust@fys.uio.no \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox