diff options
| author | Kuniyuki Iwashima <[email protected]> | 2022-07-02 08:48:17 -0700 | 
|---|---|---|
| committer | Paolo Abeni <[email protected]> | 2022-07-05 11:34:58 +0200 | 
| commit | 51bae889fe111e418321ff0e6bb5f67e64cb9042 (patch) | |
| tree | 1d6f8d9b8db77155c231e441e58e3a9dea454c3e /tools/perf/scripts/python/check-perf-trace.py | |
| parent | 874bdbfe624e577687c2053a26aab44715c68453 (diff) | |
af_unix: Put pathname sockets in the global hash table.
Commit cf2f225e2653 ("af_unix: Put a socket into a per-netns hash table.")
accidentally broke user API for pathname sockets.  A socket was able to
connect() to a pathname socket whose file was visible even if they were in
different network namespaces.
The commit puts all sockets into a per-netns hash table.  As a result,
connect() to a pathname socket in a different netns fails to find it in the
caller's per-netns hash table and returns -ECONNREFUSED even when the task
can view the peer socket file.
We can reproduce this issue by:
  Console A:
    # python3
    >>> from socket import *
    >>> s = socket(AF_UNIX, SOCK_STREAM, 0)
    >>> s.bind('test')
    >>> s.listen(32)
  Console B:
    # ip netns add test
    # ip netns exec test sh
    # python3
    >>> from socket import *
    >>> s = socket(AF_UNIX, SOCK_STREAM, 0)
    >>> s.connect('test')
Note when dumping sockets by sock_diag, procfs, and bpf_iter, they are
filtered only by netns.  In other words, even if they are visible and
connect()able, all sockets in different netns are skipped while iterating
sockets.  Thus, we need a fix only for finding a peer pathname socket.
This patch adds a global hash table for pathname sockets, links them with
sk_bind_node, and uses it in unix_find_socket_byinode().  By doing so, we
can keep sockets in per-netns hash tables and dump them easily.
Thanks to Sachin Sant and Leonard Crestez for reports, logs and a reproducer.
Fixes: cf2f225e2653 ("af_unix: Put a socket into a per-netns hash table.")
Reported-by: Sachin Sant <[email protected]>
Reported-by: Leonard Crestez <[email protected]>
Tested-by: Sachin Sant <[email protected]>
Tested-by: Nathan Chancellor <[email protected]>
Signed-off-by: Kuniyuki Iwashima <[email protected]>
Tested-by: Leonard Crestez <[email protected]>
Signed-off-by: Paolo Abeni <[email protected]>
Diffstat (limited to 'tools/perf/scripts/python/check-perf-trace.py')
0 files changed, 0 insertions, 0 deletions