From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id D1653C636D3 for ; Thu, 2 Feb 2023 23:59:02 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 0FCE86B0071; Thu, 2 Feb 2023 18:59:02 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 085A66B0073; Thu, 2 Feb 2023 18:59:02 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id E40946B0074; Thu, 2 Feb 2023 18:59:01 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id D069F6B0071 for ; Thu, 2 Feb 2023 18:59:01 -0500 (EST) Received: from smtpin29.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id 9BCDA160819 for ; Thu, 2 Feb 2023 23:59:01 +0000 (UTC) X-FDA: 80424020082.29.BD3EB60 Received: from mail-pj1-f46.google.com (mail-pj1-f46.google.com [209.85.216.46]) by imf13.hostedemail.com (Postfix) with ESMTP id D1D4E20018 for ; Thu, 2 Feb 2023 23:58:59 +0000 (UTC) Authentication-Results: imf13.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=UoxLyfqS; spf=pass (imf13.hostedemail.com: domain of aloktiagi@gmail.com designates 209.85.216.46 as permitted sender) smtp.mailfrom=aloktiagi@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1675382339; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=uZLUE4h1sqc7MySbUKRBEYcGGu756rHDYEhBHMqoe3o=; b=iUTzr8nJoLcygSyeOTCgs4ZDS8SkYN+KGhNkalTkglFQXWDCI3bNjqDjuW9V+u83NUSFFe /4zIP3FPwFgYxMeNGezjXnTvBpJC/TBVoJBfzkP32fJ9/529TywR2b855Lgg7ayXhF7Ii/ f9z5vhLTcMh1MfztNbYYKpePbiKoJKk= ARC-Authentication-Results: i=1; imf13.hostedemail.com; dkim=pass header.d=gmail.com header.s=20210112 header.b=UoxLyfqS; spf=pass (imf13.hostedemail.com: domain of aloktiagi@gmail.com designates 209.85.216.46 as permitted sender) smtp.mailfrom=aloktiagi@gmail.com; dmarc=pass (policy=none) header.from=gmail.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1675382339; a=rsa-sha256; cv=none; b=K7sVnCI0XhcMgc+yFZWEVWbLNUxJlAp6AhRQ2G+y+Ae0KM110Q5bo+JTSjpdoxPGkdcs78 GRul/gChntcf2JhMecuEsh77/NzLavUN0FKdULc95CChRKyBNwyNNcUUKyZ7oNGIq5qLXK l/pG0iJvxt98LSq0T5BvXUP97s3Gy0Q= Received: by mail-pj1-f46.google.com with SMTP id e10-20020a17090a630a00b0022bedd66e6dso7243239pjj.1 for ; Thu, 02 Feb 2023 15:58:59 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=uZLUE4h1sqc7MySbUKRBEYcGGu756rHDYEhBHMqoe3o=; b=UoxLyfqSDWqaV4GeE8i3UHEP6i2oUc6EGHJltUEZOCv0Ev7uf2q3YPnbs2eFr5eHOV zFXl1NNcpc6tiZL1h0ig51Nb3qzgqiHGsL4qgL5w3BwyG+fpNbSk/PtJj5x+4RNFuGep f4e1bIB/26pRzspcZRgCgWTmKNZSvsSZ1Z1FasxdMoNLms8C+OqPBq22eNa6jCLquwCA eCSsSQOsndyXQtlILC8r4MG4uXsOdWOzXNwQhUYEzkS10Y7SO98H6ls3ECtfeqbfIOO8 /qWiRYOA/R+LGSRP7cI0Q03VbjmBsB2SjaAWvmDpO7JTxy+38eRgx6XKeCr5cfaDeZWJ aiRw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=uZLUE4h1sqc7MySbUKRBEYcGGu756rHDYEhBHMqoe3o=; b=4YD8mGFe7oSAl6mK4SDPpaMksRc7K3PEXI1q/ATqcIETi0+EhfvrRQBPv5yZrHaM8f itvWmCbpGgAKbgE39Qf8C6aNvxujRg7FHkTk0HdTmpVPyhBvBSXyrTbmhKjmdyhooA7I Lsen3daVvowua5ZVHsVrK4s1ZjWqw6Ma8l69W0341beMWFg+BNXqLgUHLDXe8+VWR/to FE+FiQX+s7vnVyeuEfJJtXa+Q6gpFre3gLAcXbtQ80am5snDbpfZtQxRpgqkOi0JaAiE 1KwjqsO6N88SjSnXxVtmAIkt6pBs/H3RIBwKlTOVvwqHfDOagN35zrmlCS7tfcGcq2/6 74wg== X-Gm-Message-State: AO0yUKVJfm6fH+GbBLicCodv/gsx8Iz5AiSWlshyjYTTrznQwvl0XCgM PawWGE1JfNBiLN2DwcbB8Bs= X-Google-Smtp-Source: AK7set8YV+w4lOgomi3a/KhDR9OhXQsAl+NAVu3VhHD9Mr62epwrYLVzzChFLCDk3gr05WMkvfiUvg== X-Received: by 2002:a17:903:2484:b0:193:1203:6e3f with SMTP id p4-20020a170903248400b0019312036e3fmr9179269plw.3.1675382338285; Thu, 02 Feb 2023 15:58:58 -0800 (PST) Received: from ip-172-31-38-16.us-west-2.compute.internal (ec2-52-37-71-140.us-west-2.compute.amazonaws.com. [52.37.71.140]) by smtp.gmail.com with ESMTPSA id f2-20020a170902ff0200b001869ba04c83sm223448plj.245.2023.02.02.15.58.57 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 02 Feb 2023 15:58:57 -0800 (PST) Date: Thu, 2 Feb 2023 23:58:56 +0000 From: Alok Tiagi To: Eric Dumazet Cc: Hillf Danton , ebiederm@xmission.com, netdev@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: [RFC] net: add new socket option SO_SETNETNS Message-ID: References: <20230202014810.744-1-hdanton@sina.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspamd-Queue-Id: D1D4E20018 X-Stat-Signature: jau414g97ifq8tcrhdrjwtczager494h X-Rspam-User: X-Rspamd-Server: rspam08 X-HE-Tag: 1675382339-941313 X-HE-Meta: U2FsdGVkX18h+ZSHlGqdyNOjRMp/Y95EmxjzqEUv0h9zYzph2Xq6RYv3DMH6XZXSeuTAXdAFUER9K94TDmcwOBiDxANuG94hmTzqEz5YbdkRWGXk2caxyhwgGHJZj44nH9akIxxaILNEHfJAcimtUDhsaoz6EI25Shb4XxaCUTqYHwT1g0vaZfc8fL6FzO6YpBsnXzNbXIM7BTE09M8kSscpTjTrBBacFK1PCbomeY12pjuFwMdosSDcvk2copjRyoZeszbzrrea4hmcMCyduNwxz+QtROBJXki2ViBqk4NsKnLpGeXnr2Qzb0+KoGsrtfbMx/jimg0/xvU6hS4WLwMiZ+ASGDIwMq9qbYV0VD8+T1cFsfo1BntK6THC+TqD/MvG4LTFnMSb579FDTg5R0QQXuxl66umB5M/q39o2CPV2LFaPtK6mRcYzBk4ntSBa0/Y9hkjnnwPhzOD5ZqrRnse65HzO1l3AUh74JC3As9gyzgddHz94jFApvQDprGm1PqIq1StaJaHiJRSpMJPM+kCwbfJAc0ayHNnhZ2Ho/fz6UwIPo8mm2kQKY2kxZVBSyCZr6g8V+aOJMujnc9zzo2X2IlHGjiGWX0KY41t/u7+On3w14VNJNJ8AutvvYO2ee0zUpKVY4/QhSQaDNFD2gpQtE3rXJYdA5E/4N5mgXjm8Z8fhHzUqofpH6ZxQBsh05ZOKIz0hhpWymYOjTIy6ZdJzlhZHoYACJcWJAO5QYuDDA0XloITrh7XXRKEhAlFKVeGbwGHrId5nG9+UoHhXP9Oq7gYl7LDDtfM5iExzAhWUFODs2akoM809+ZcjrKhPrs47X42M5WBLrpFSUC5BgL014nN6GdH3gOowozERAuAKnOlbh7wAaVDBvTDacmdXY9ZZpg3HehCFDGnHnYG4KSDMlM7MwWUju4HOBE8e4EMSpF7rQYZk3sSsAjzHdSqA2aBMNkQQ5V28EFLa9A QNih/Yaj TgeICRKvys05gvOmbIgQ31+IuiBMdR6/gmTLieP2IaMhqQ30vNxtIb82fLx7OTasBmDYhVdbQOUtH2KFKbYEpLm236F1VJdfYk5uxektd/nUjtVM+d4IY//LAN5zCV7cYgZ5wsq2VvwjqZPlVGE2qxVpJLZXkdT39sv4CA3EVAwEJY1OKXg3I2x8mLZiPctAVPKy8mJRJLtcQL+85NJDl0Cv4M0KoCEZ1rN+4f8KjpdnpkPu4jh4SvVoR1I4MT4SHXOgQalvkFOv7BxobIr0Mmch52A9fG8APUjNqWVXzfJnGhP/RsnvkD3ecvDZe9j+8bHQOIP4Ot2675Q54F/ZvwyBQrdv3Nk6lP54jtZqDv9dH7NFXY8lKyaYBlMso7TL33VczD/swLe6UXAD9mvaCdGEaGPYkyC1sLxu1+b7/k8hzFYAmgnv96zu1Qg3Js/uwtLUkDeVjOgYtVSAd9npw/zh1ozRx8HnB50kWg1mI2fWMErgd5OX9IUMx5DQToOUJHyIOP8lKDtJSNqLHWAGLHoNNkg== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Thu, Feb 02, 2023 at 09:10:23PM +0100, Eric Dumazet wrote: > On Thu, Feb 2, 2023 at 8:55 PM Alok Tiagi wrote: > > > > On Thu, Feb 02, 2023 at 09:48:10AM +0800, Hillf Danton wrote: > > > On Wed, 1 Feb 2023 19:22:57 +0000 aloktiagi > > > > @@ -1535,6 +1535,52 @@ int sk_setsockopt(struct sock *sk, int level, int optname, > > > > WRITE_ONCE(sk->sk_txrehash, (u8)val); > > > > break; > > > > > > > > + case SO_SETNETNS: > > > > + { > > > > + struct net *other_ns, *my_ns; > > > > + > > > > + if (sk->sk_family != AF_INET && sk->sk_family != AF_INET6) { > > > > + ret = -EOPNOTSUPP; > > > > + break; > > > > + } > > > > + > > > > + if (sk->sk_type != SOCK_STREAM && sk->sk_type != SOCK_DGRAM) { > > > > + ret = -EOPNOTSUPP; > > > > + break; > > > > + } > > > > + > > > > + other_ns = get_net_ns_by_fd(val); > > > > + if (IS_ERR(other_ns)) { > > > > + ret = PTR_ERR(other_ns); > > > > + break; > > > > + } > > > > + > > > > + if (!ns_capable(other_ns->user_ns, CAP_NET_ADMIN)) { > > > > + ret = -EPERM; > > > > + goto out_err; > > > > + } > > > > + > > > > + /* check that the socket has never been connected or recently disconnected */ > > > > + if (sk->sk_state != TCP_CLOSE || sk->sk_shutdown & SHUTDOWN_MASK) { > > > > + ret = -EOPNOTSUPP; > > > > + goto out_err; > > > > + } > > > > + > > > > + /* check that the socket is not bound to an interface*/ > > > > + if (sk->sk_bound_dev_if != 0) { > > > > + ret = -EOPNOTSUPP; > > > > + goto out_err; > > > > + } > > > > + > > > > + my_ns = sock_net(sk); > > > > + sock_net_set(sk, other_ns); > > > > + put_net(my_ns); > > > > + break; > > > > > > cpu 0 cpu 2 > > > --- --- > > > ns = sock_net(sk); > > > my_ns = sock_net(sk); > > > sock_net_set(sk, other_ns); > > > put_net(my_ns); > > > ns is invalid ? > > > > That is the reason we want the socket to be in an un-connected state. That > > should help us avoid this situation. > > This is not enough.... > > Another thread might look at sock_net(sk), for example from inet_diag > or tcp timers > (which can be fired even in un-connected state) > > Even UDP sockets can receive packets while being un-connected, > and they need to deref the net pointer. > > Currently there is no protection about sock_net(sk) being changed on the fly, > and the struct net could disappear and be freed. > > There are ~1500 uses of sock_net(sk) in the kernel, I do not think > you/we want to audit all > of them to check what could go wrong... I agree, auditing all the uses of sock_net(sk) is not a feasible option. From my exploration of the usage of sock_net(sk) it appeared that it might be safe to swap a sockets net ns if it had never been connected but I looked at only a subset of such uses. Introducing a ref counting logic to every access of sock_net(sk) may help get around this but invovles a bigger change to increment and decrement the count at every use of sock_net(). Any suggestions if this could be achieved in another way much close to the socket creation time or any comments on our workaround for injecting sockets using seccomp addfd?