Skip to content

K
Kernel

openeuler / Kernel
大约 2 年 前同步成功

通知 8
Star 0
Fork 0
K
Kernel
提交 2f23d451 编写于 作者: P Pietro Borrello 提交者: Yongqiang Liu
浏览文件
操作

net: add sock_init_data_uid() 

mainline inclusion
from mainline-v6.3-rc1
commit 584f3742
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I6I7UC
CVE: CVE-2023-1076

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=584f3742890e966d2f0a1f3c418c9ead70b2d99e

--------------------------------

Add sock_init_data_uid() to explicitly initialize the socket uid.
To initialise the socket uid, sock_init_data() assumes a the struct
socket* sock is always embedded in a struct socket_alloc, used to
access the corresponding inode uid. This may not be true.
Examples are sockets created in tun_chr_open() and tap_open().

Fixes: 86741ec2 ("net: core: Add a UID field to struct sock.")
Signed-off-by: NPietro Borrello <borrello@diag.uniroma1.it>
Reviewed-by: NEric Dumazet <edumazet@google.com>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>

Conflicts:
	net/core/sock.c
Signed-off-by: NBaisong Zhong <zhongbaisong@huawei.com>
Reviewed-by: NLiu Jian <liujian56@huawei.com>
Reviewed-by: NXiu Jianfeng <xiujianfeng@huawei.com>
Reviewed-by: NYue Haibing <yuehaibing@huawei.com>
Signed-off-by: NYongqiang Liu <liuyongqiang13@huawei.com>
上级 5c7ddc56
隐藏空白更改
内联 并排
Showing with 18 addition and 4 deletion
include/net/sock.h
浏览文件 @ 2f23d451
...@@ -1727,7 +1727,12 @@ void sk_common_release(struct sock *sk); ...@@ -1727,7 +1727,12 @@ void sk_common_release(struct sock *sk);
* Default socket callbacks and setup code * Default socket callbacks and setup code
*/ */
/* Initialise core socket variables */ /* Initialise core socket variables using an explicit uid. */
void sock_init_data_uid(struct socket *sock, struct sock *sk, kuid_t uid);
/* Initialise core socket variables.
* Assumes struct socket *sock is embedded in a struct socket_alloc.
*/
void sock_init_data(struct socket *sock, struct sock *sk); void sock_init_data(struct socket *sock, struct sock *sk);
/* /*
......
net/core/sock.c
浏览文件 @ 2f23d451
...@@ -2814,7 +2814,7 @@ void sk_stop_timer(struct sock *sk, struct timer_list* timer) ...@@ -2814,7 +2814,7 @@ void sk_stop_timer(struct sock *sk, struct timer_list* timer)
} }
EXPORT_SYMBOL(sk_stop_timer); EXPORT_SYMBOL(sk_stop_timer);
void sock_init_data(struct socket *sock, struct sock *sk) void sock_init_data_uid(struct socket *sock, struct sock *sk, kuid_t uid)
{ {
sk_init_common(sk); sk_init_common(sk);
sk->sk_send_head = NULL; sk->sk_send_head = NULL;
...@@ -2833,11 +2833,10 @@ void sock_init_data(struct socket *sock, struct sock *sk) ...@@ -2833,11 +2833,10 @@ void sock_init_data(struct socket *sock, struct sock *sk)
sk->sk_type = sock->type; sk->sk_type = sock->type;
sk->sk_wq = sock->wq; sk->sk_wq = sock->wq;
sock->sk = sk; sock->sk = sk;
sk->sk_uid = SOCK_INODE(sock)->i_uid;
} else { } else {
sk->sk_wq = NULL; sk->sk_wq = NULL;
sk->sk_uid = make_kuid(sock_net(sk)->user_ns, 0);
} }
sk->sk_uid = uid;
rwlock_init(&sk->sk_callback_lock); rwlock_init(&sk->sk_callback_lock);
if (sk->sk_kern_sock) if (sk->sk_kern_sock)
...@@ -2895,6 +2894,16 @@ void sock_init_data(struct socket *sock, struct sock *sk) ...@@ -2895,6 +2894,16 @@ void sock_init_data(struct socket *sock, struct sock *sk)
refcount_set(&sk->sk_refcnt, 1); refcount_set(&sk->sk_refcnt, 1);
atomic_set(&sk->sk_drops, 0); atomic_set(&sk->sk_drops, 0);
} }
EXPORT_SYMBOL(sock_init_data_uid);
void sock_init_data(struct socket *sock, struct sock *sk)
{
kuid_t uid = sock ?
SOCK_INODE(sock)->i_uid :
make_kuid(sock_net(sk)->user_ns, 0);
sock_init_data_uid(sock, sk, uid);
}
EXPORT_SYMBOL(sock_init_data); EXPORT_SYMBOL(sock_init_data);
void lock_sock_nested(struct sock *sk, int subclass) void lock_sock_nested(struct sock *sk, int subclass)
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册