From patchwork Wed Apr 5 12:53:08 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Denis Arefev X-Patchwork-Id: 13201710 X-Patchwork-Delegate: kuba@kernel.org Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 95FE1C7619A for ; Wed, 5 Apr 2023 12:53:16 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S235652AbjDEMxP (ORCPT ); Wed, 5 Apr 2023 08:53:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59362 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232465AbjDEMxO (ORCPT ); Wed, 5 Apr 2023 08:53:14 -0400 Received: from mx.swemel.ru (mx.swemel.ru [95.143.211.150]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A52251FFE; Wed, 5 Apr 2023 05:53:11 -0700 (PDT) From: Denis Arefev DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=swemel.ru; s=mail; t=1680699188; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=8jSMehI3NmhiQSs4S6ALsvgGoTEzZsyVpigKpvyvIMQ=; b=FxLX8o09yM2S0bA/+HUGYBcyyZYWUad7hCBh69Sv0x0Mu25Y99ITwdHN6q4IR43mWhzWzT RSVuWFmWy47ZJYc9velx3Z9T7P7TU9NvGJ989bhBbiVKgOjwTHGFjJKyw4EUNNH2bGw12e hLhBYXLzmaZ3S9axo2drB/zYo19HNbk= To: "David S. Miller" Cc: Eric Dumazet , Jakub Kicinski , Paolo Abeni , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, trufanov@swemel.ru, vfh@swemel.ru Subject: [PATCH] net: Added security socket Date: Wed, 5 Apr 2023 15:53:08 +0300 Message-Id: <20230405125308.57821-1-arefev@swemel.ru> MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org X-Patchwork-Delegate: kuba@kernel.org Added security_socket_connect kernel_connect is in kernel space, but kernel_connect is used in RPC requests (/net/sunrpc/xprtsock.c), and the RPC protocol is used by the NFS server. This is how we protect the TCP connection initiated by the client. Signed-off-by: Denis Arefev --- net/socket.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/net/socket.c b/net/socket.c index 9c92c0e6c4da..9afa2b44a9e5 100644 --- a/net/socket.c +++ b/net/socket.c @@ -3526,6 +3526,12 @@ EXPORT_SYMBOL(kernel_accept); int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen, int flags) { + int err; + + err = security_socket_connect(sock, (struct sockaddr *)addr, addrlen); + if (err) + return err; + return sock->ops->connect(sock, addr, addrlen, flags); } EXPORT_SYMBOL(kernel_connect);