Skip to content

Commit ec04868

Browse files
author
Dong Sunchao
committed
criu/sockets: Restrict SO_PASSCRED and SO_PASSSEC to supported families
Linux 6.16+ restricts SO_PASSCRED and SO_PASSSEC to AF_UNIX, AF_NETLINK, and AF_BLUETOOTH This patch updates CRIU to check the socket family before dumping these options Fixes: #2705 Signed-off-by: Dong Sunchao <[email protected]>
1 parent 28074cc commit ec04868

File tree

6 files changed

+14
-12
lines changed

6 files changed

+14
-12
lines changed

criu/include/sockets.h

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ struct socket_desc {
2525
};
2626

2727
extern int dump_socket(struct fd_parms *p, int lfd, FdinfoEntry *);
28-
extern int dump_socket_opts(int sk, SkOptsEntry *soe);
28+
extern int dump_socket_opts(int sk, int family, SkOptsEntry *soe);
2929
extern int restore_socket_opts(int sk, SkOptsEntry *soe);
3030
extern int sk_setbufs(int sk, uint32_t *bufs);
3131
extern void release_skopts(SkOptsEntry *);

criu/sk-inet.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -581,7 +581,7 @@ static int do_dump_one_inet_fd(int lfd, u32 id, const struct fd_parms *p, int fa
581581
if (dump_ip_opts(lfd, family, type, proto, &ipopts))
582582
goto err;
583583

584-
if (dump_socket_opts(lfd, &skopts))
584+
if (dump_socket_opts(lfd, family, &skopts))
585585
goto err;
586586

587587
pr_info("Dumping inet socket at %d\n", p->fd);

criu/sk-netlink.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -165,7 +165,7 @@ static int dump_one_netlink_fd(int lfd, u32 id, const struct fd_parms *p)
165165
ne.fown = (FownEntry *)&p->fown;
166166
ne.opts = &skopts;
167167

168-
if (dump_socket_opts(lfd, &skopts))
168+
if (dump_socket_opts(lfd, AF_NETLINK, &skopts))
169169
goto err;
170170

171171
fe.type = FD_TYPES__NETLINKSK;

criu/sk-packet.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -173,7 +173,7 @@ static int dump_one_packet_fd(int lfd, u32 id, const struct fd_parms *p)
173173
psk.fown = (FownEntry *)&p->fown;
174174
psk.opts = &skopts;
175175

176-
if (dump_socket_opts(lfd, &skopts))
176+
if (dump_socket_opts(lfd, AF_PACKET, &skopts))
177177
return -1;
178178

179179
psk.protocol = sd->proto;

criu/sk-unix.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -527,7 +527,7 @@ static int dump_one_unix_fd(int lfd, uint32_t id, const struct fd_parms *p)
527527
}
528528
}
529529
dump:
530-
if (dump_socket_opts(lfd, skopts))
530+
if (dump_socket_opts(lfd, AF_UNIX, skopts))
531531
goto err;
532532

533533
pr_info("Dumping unix socket at %d\n", p->fd);

criu/sockets.c

Lines changed: 9 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -649,7 +649,7 @@ int do_dump_opt(int sk, int level, int name, void *val, int len)
649649
return 0;
650650
}
651651

652-
int dump_socket_opts(int sk, SkOptsEntry *soe)
652+
int dump_socket_opts(int sk, int family, SkOptsEntry *soe)
653653
{
654654
int ret = 0, val;
655655
struct timeval tv;
@@ -688,13 +688,15 @@ int dump_socket_opts(int sk, SkOptsEntry *soe)
688688
soe->so_reuseport = val ? true : false;
689689
soe->has_so_reuseport = true;
690690

691-
ret |= dump_opt(sk, SOL_SOCKET, SO_PASSCRED, &val);
692-
soe->has_so_passcred = true;
693-
soe->so_passcred = val ? true : false;
691+
if(family == AF_UNIX || family == AF_NETLINK)
692+
ret |= dump_opt(sk, SOL_SOCKET, SO_PASSCRED, &val);
693+
soe->has_so_passcred = true;
694+
soe->so_passcred = val ? true : false;
694695

695-
ret |= dump_opt(sk, SOL_SOCKET, SO_PASSSEC, &val);
696-
soe->has_so_passsec = true;
697-
soe->so_passsec = val ? true : false;
696+
ret |= dump_opt(sk, SOL_SOCKET, SO_PASSSEC, &val);
697+
soe->has_so_passsec = true;
698+
soe->so_passsec = val ? true : false;
699+
}
698700

699701
ret |= dump_opt(sk, SOL_SOCKET, SO_DONTROUTE, &val);
700702
soe->has_so_dontroute = true;

0 commit comments

Comments
 (0)