linux-stable/net/sunrpc
Daniel Borkmann 626dfed5fa net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket
When using a BPF program on kernel_connect(), the call can return -EPERM. This
causes xs_tcp_setup_socket() to loop forever, filling up the syslog and causing
the kernel to potentially freeze up.

Neil suggested:

  This will propagate -EPERM up into other layers which might not be ready
  to handle it. It might be safer to map EPERM to an error we would be more
  likely to expect from the network system - such as ECONNREFUSED or ENETDOWN.

ECONNREFUSED as error seems reasonable. For programs setting a different error
can be out of reach (see handling in 4fbac77d2d) in particular on kernels
which do not have f10d059661 ("bpf: Make BPF_PROG_RUN_ARRAY return -err
instead of allow boolean"), thus given that it is better to simply remap for
consistent behavior. UDP does handle EPERM in xs_udp_send_request().

Fixes: d74bad4e74 ("bpf: Hooks for sys_connect")
Fixes: 4fbac77d2d ("bpf: Hooks for sys_bind")
Co-developed-by: Lex Siegel <usiegl00@gmail.com>
Signed-off-by: Lex Siegel <usiegl00@gmail.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Cc: Neil Brown <neilb@suse.de>
Cc: Trond Myklebust <trondmy@kernel.org>
Cc: Anna Schumaker <anna@kernel.org>
Link: https://github.com/cilium/cilium/issues/33395
Link: https://lore.kernel.org/bpf/171374175513.12877.8993642908082014881@noble.neil.brown.name
Link: https://patch.msgid.link/9069ec1d59e4b2129fc23433349fd5580ad43921.1720075070.git.daniel@iogearbox.net
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2024-07-11 12:17:45 +02:00
..
auth_gss NFS client bugfixes for Linux 6.10 2024-06-13 11:07:32 -07:00
xprtrdma NFS client updates for Linux 6.10 2024-05-23 13:51:09 -07:00
.kunitconfig SUNRPC: Remove RPCSEC_GSS_KRB5_ENCTYPES_DES 2023-08-29 17:45:22 -04:00
addr.c net: sunrpc: Fix an off by one in rpc_sockaddr2uaddr() 2024-02-28 16:18:18 -05:00
auth_null.c SUNRPC: Add rpc_auth::au_ralign field 2019-02-14 11:48:36 -05:00
auth_tls.c SUNRPC: Fail quickly when server does not recognize TLS 2023-09-27 15:16:40 -04:00
auth_unix.c SUNRPC: Fix unx_lookup_cred() allocation 2022-03-22 15:52:55 -04:00
auth.c cred: get rid of CONFIG_DEBUG_CREDENTIALS 2023-12-15 14:19:48 -08:00
backchannel_rqst.c SUNRPC: change the back-channel queue to lwq 2023-10-16 12:44:08 -04:00
cache.c treewide: use get_random_u32_below() instead of deprecated function 2022-11-18 02:15:15 +01:00
clnt.c sunrpc: fix NFSACL RPC retry on soft mount 2024-05-20 11:37:15 -04:00
debugfs.c SUNRPC: Cache deferral injection 2022-05-19 12:25:38 -04:00
fail.h SUNRPC: Cache deferral injection 2022-05-19 12:25:38 -04:00
Kconfig SUNRPC: Remove CONFIG_RPCSEC_GSS_KRB5_CRYPTOSYSTEM 2023-08-29 17:45:22 -04:00
Makefile SUNRPC: Add RPC client support for the RPC_AUTH_TLS auth flavor 2023-06-19 12:18:36 -04:00
netns.h SUNRPC: Fix occasional warning when destroying gss_krb5_enctypes 2023-02-20 09:20:57 -05:00
rpc_pipe.c mm, slab: remove last vestiges of SLAB_MEM_SPREAD 2024-03-12 20:32:19 -07:00
rpcb_clnt.c SUNRPC: Add an IS_ERR() check back to where it was 2023-11-01 15:40:44 -04:00
sched.c SUNRPC: Don't change task->tk_status after the call to rpc_exit_task 2023-05-19 16:50:05 -04:00
socklib.c use less confusing names for iov_iter direction initializers 2022-11-25 13:01:55 -05:00
socklib.h SUNRPC: Refactor xs_sendpages() 2020-03-16 12:04:33 -04:00
stats.c sunrpc: use the struct net as the svc proc private 2024-03-01 09:12:09 -05:00
sunrpc_syms.c net: fill in MODULE_DESCRIPTION()s for Sun RPC 2024-01-11 16:16:08 -08:00
sunrpc.h treewide: Replace GPLv2 boilerplate/reference with SPDX - gpl-2.0_149.RULE 2022-06-10 14:51:35 +02:00
svc_xprt.c SUNRPC: Remove comment for sp_lock 2024-05-06 09:07:23 -04:00
svc.c SUNRPC: Fix backchannel reply, again 2024-06-21 17:26:02 -04:00
svcauth_unix.c SUNRPC: Add enum svc_auth_status 2023-08-29 17:45:22 -04:00
svcauth.c SUNRPC: Add a server-side API for retrieving an RPC's pseudoflavor 2024-01-07 17:54:25 -05:00
svcsock.c SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP 2024-04-04 09:43:02 -04:00
sysctl.c net: sunrpc: Remove the now superfluous sentinel elements from ctl_table array 2024-05-03 13:29:42 +01:00
sysfs.c SUNRPC: Add a TCP-with-TLS RPC transport class 2023-06-19 12:28:10 -04:00
sysfs.h NFS: Add sysfs links to sunrpc clients for nfs_clients 2023-06-19 15:04:13 -04:00
timer.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00
xdr.c NFS CLient Updates for Linux 6.6 2023-08-31 15:36:41 -07:00
xprt.c SUNRPC: Add a transport callback to handle dequeuing of an RPC request 2024-02-28 15:00:14 -05:00
xprtmultipath.c SUNRPC: fix _xprt_switch_find_current_entry logic 2024-01-04 10:47:56 -05:00
xprtsock.c net, sunrpc: Remap EPERM in case of connection failure in xs_tcp_setup_socket 2024-07-11 12:17:45 +02:00