Skip to content

Commit 4ff0c8a

Browse files
Ubunturoot
Ubuntu
authored and
root
committed
fix-bug:restrict SO_PASS{CRED,SEC} dump to supported socket families while kernel>=6.16.0
Linux 6.16+ restricts SO_PASSCRED and SO_PASSSEC to AF_UNIX, AF_NETLINK, and AF_BLUETOOTH. This patch updates criu/sockets.c to check the socket family via getsockopt(SO_DOMAIN) before dumping these options, avoiding EOPNOTSUPP errors. Test logic updated to skip SO_PASSCRED and SO_PASSSEC validation when unsupported. Signed-off-by: Dong Sunchao <[email protected]>
1 parent 17a5c6e commit 4ff0c8a

File tree

2 files changed

+26
-7
lines changed

2 files changed

+26
-7
lines changed

criu/sockets.c

Lines changed: 18 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -654,6 +654,7 @@ int dump_socket_opts(int sk, SkOptsEntry *soe)
654654
int ret = 0, val;
655655
struct timeval tv;
656656
struct linger so_linger = { 0, 0 };
657+
int family;
657658

658659
ret |= dump_opt(sk, SOL_SOCKET, SO_SNDBUF, &soe->so_sndbuf);
659660
ret |= dump_opt(sk, SOL_SOCKET, SO_RCVBUF, &soe->so_rcvbuf);
@@ -688,13 +689,24 @@ int dump_socket_opts(int sk, SkOptsEntry *soe)
688689
soe->so_reuseport = val ? true : false;
689690
soe->has_so_reuseport = true;
690691

691-
ret |= dump_opt(sk, SOL_SOCKET, SO_PASSCRED, &val);
692-
soe->has_so_passcred = true;
693-
soe->so_passcred = val ? true : false;
692+
if (dump_opt(sk, SOL_SOCKET, SO_DOMAIN, &family))
693+
return -1;
694+
695+
switch (family) {
696+
case AF_UNIX:
694697

695-
ret |= dump_opt(sk, SOL_SOCKET, SO_PASSSEC, &val);
696-
soe->has_so_passsec = true;
697-
soe->so_passsec = val ? true : false;
698+
case AF_NETLINK:
699+
ret |= dump_opt(sk, SOL_SOCKET, SO_PASSCRED, &val);
700+
soe->has_so_passcred = true;
701+
soe->so_passcred = val ? true : false;
702+
703+
ret |= dump_opt(sk, SOL_SOCKET, SO_PASSSEC, &val);
704+
soe->has_so_passsec = true;
705+
soe->so_passsec = val ? true : false;
706+
break;
707+
default:
708+
break;
709+
}
698710

699711
ret |= dump_opt(sk, SOL_SOCKET, SO_DONTROUTE, &val);
700712
soe->has_so_dontroute = true;

test/zdtm/static/sock_opts00.c

Lines changed: 8 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -83,8 +83,15 @@ int main(int argc, char **argv)
8383
pr_perror("can't verify %s", vname[i].name);
8484
return 1;
8585
}
86-
86+
/*
87+
* for kernel version >= 6.16.0 Restrict
88+
* SO_PASS{CRED,PIDFD,SEC} to AF_{UNIX,NETLINK,BLUETOOTH}
89+
*/
8790
if (val[i] != rval) {
91+
if (vname[i].opt == SO_PASSCRED || vname[i].opt == SO_PASSSEC) {
92+
continue;
93+
}
94+
8895
errno = 0;
8996
fail("%s changed: %d -> %d", vname[i].name, val[i], rval);
9097
return 1;

0 commit comments

Comments
 (0)