releases/5.10.199/libceph-use-kernel_connect.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From 7563cf17dce0a875ba3d872acdc63a78ea344019 Mon Sep 17 00:00:00 2001
 From: Jordan Rife <jrife@google.com>
 Date: Wed, 4 Oct 2023 18:38:27 -0500
 Subject: libceph: use kernel_connect()

 From: Jordan Rife <jrife@google.com>

 commit 7563cf17dce0a875ba3d872acdc63a78ea344019 upstream.

 Direct calls to ops->connect() can overwrite the address parameter when
 used in conjunction with BPF SOCK_ADDR hooks. Recent changes to
 kernel_connect() ensure that callers are insulated from such side
 effects. This patch wraps the direct call to ops->connect() with
 kernel_connect() to prevent unexpected changes to the address passed to
 ceph_tcp_connect().

 This change was originally part of a larger patch targeting the net tree
 addressing all instances of unprotected calls to ops->connect()
 throughout the kernel, but this change was split up into several patches
 targeting various trees.

 Cc: stable@vger.kernel.org
 Link: https://lore.kernel.org/netdev/20230821100007.559638-1-jrife@google.com/
 Link: https://lore.kernel.org/netdev/9944248dba1bce861375fcce9de663934d933ba9.camel@redhat.com/
 Fixes: d74bad4e74ee ("bpf: Hooks for sys_connect")
 Signed-off-by: Jordan Rife <jrife@google.com>
 Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
 Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  net/ceph/messenger.c |    4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)

 --- a/net/ceph/messenger.c
 +++ b/net/ceph/messenger.c
 @@ -477,8 +477,8 @@ static int ceph_tcp_connect(struct ceph_
  	dout("connect %s\n", ceph_pr_addr(&con->peer_addr));

  	con_sock_state_connecting(con);
 -	ret = sock->ops->connect(sock, (struct sockaddr *)&ss, sizeof(ss),
 -				 O_NONBLOCK);
 +	ret = kernel_connect(sock, (struct sockaddr *)&ss, sizeof(ss),
 +			     O_NONBLOCK);
  	if (ret == -EINPROGRESS) {
  		dout("connect %s EINPROGRESS sk_state = %u\n",
  		     ceph_pr_addr(&con->peer_addr),
	From 7563cf17dce0a875ba3d872acdc63a78ea344019 Mon Sep 17 00:00:00 2001
	From: Jordan Rife <jrife@google.com>
	Date: Wed, 4 Oct 2023 18:38:27 -0500
	Subject: libceph: use kernel_connect()

	From: Jordan Rife <jrife@google.com>

	commit 7563cf17dce0a875ba3d872acdc63a78ea344019 upstream.

	Direct calls to ops->connect() can overwrite the address parameter when
	used in conjunction with BPF SOCK_ADDR hooks. Recent changes to
	kernel_connect() ensure that callers are insulated from such side
	effects. This patch wraps the direct call to ops->connect() with
	kernel_connect() to prevent unexpected changes to the address passed to
	ceph_tcp_connect().

	This change was originally part of a larger patch targeting the net tree
	addressing all instances of unprotected calls to ops->connect()
	throughout the kernel, but this change was split up into several patches
	targeting various trees.

	Cc: stable@vger.kernel.org
	Link: https://lore.kernel.org/netdev/20230821100007.559638-1-jrife@google.com/
	Link: https://lore.kernel.org/netdev/9944248dba1bce861375fcce9de663934d933ba9.camel@redhat.com/
	Fixes: d74bad4e74ee ("bpf: Hooks for sys_connect")
	Signed-off-by: Jordan Rife <jrife@google.com>
	Reviewed-by: Ilya Dryomov <idryomov@gmail.com>
	Signed-off-by: Ilya Dryomov <idryomov@gmail.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	net/ceph/messenger.c \| 4 ++--
	1 file changed, 2 insertions(+), 2 deletions(-)

	--- a/net/ceph/messenger.c
	+++ b/net/ceph/messenger.c
	@@ -477,8 +477,8 @@ static int ceph_tcp_connect(struct ceph_
	dout("connect %s\n", ceph_pr_addr(&con->peer_addr));

	con_sock_state_connecting(con);
	- ret = sock->ops->connect(sock, (struct sockaddr *)&ss, sizeof(ss),
	- O_NONBLOCK);
	+ ret = kernel_connect(sock, (struct sockaddr *)&ss, sizeof(ss),
	+ O_NONBLOCK);
	if (ret == -EINPROGRESS) {
	dout("connect %s EINPROGRESS sk_state = %u\n",
	ceph_pr_addr(&con->peer_addr),