Thread (17 messages) 17 messages, 6 authors, 2025-11-24

Re: [PATCH] nbd: restrict sockets to TCP and UDP

From: Eric Dumazet <edumazet@google.com>
Date: 2025-09-09 14:36:01
Also in: linux-block, lkml

On Tue, Sep 9, 2025 at 7:04 AM Eric Dumazet [off-list ref] wrote:
On Tue, Sep 9, 2025 at 6:32 AM Richard W.M. Jones [off-list ref] wrote:
quoted
On Tue, Sep 09, 2025 at 01:22:43PM +0000, Eric Dumazet wrote:
quoted
Recently, syzbot started to abuse NBD with all kinds of sockets.

Commit cf1b2326b734 ("nbd: verify socket is supported during setup")
made sure the socket supported a shutdown() method.

Explicitely accept TCP and UNIX stream sockets.
I'm not clear what the actual problem is, but I will say that libnbd &
nbdkit (which are another NBD client & server, interoperable with the
kernel) we support and use NBD over vsock[1].  And we could support
NBD over pretty much any stream socket (Infiniband?) [2].

[1] https://libguestfs.org/nbd_aio_connect_vsock.3.html
    https://libguestfs.org/nbdkit-service.1.html#AF_VSOCK
[2] https://libguestfs.org/nbd_connect_socket.3.html

TCP and Unix domain sockets are by far the most widely used, but I
don't think it's fair to exclude other socket types.
If we have known and supported socket types, please send a patch to add them.

I asked the question last week and got nothing about vsock or other types.

https://lore.kernel.org/netdev/CANn89iLNFHBMTF2Pb6hHERYpuih9eQZb6A12+ndzBcQs_kZoBA@mail.gmail.com/ (local)

For sure, we do not want datagram sockets, RAW, netlink, and many others.
BTW vsock will probably fire lockdep warnings, I see GFP_KERNEL being used
in net/vmw_vsock/virtio_transport.c

So you will have to fix this.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help