/
0011-tsi-allow-hijacking-sockets-tsi_hijack.patch
73 lines (65 loc) · 2.15 KB
/
0011-tsi-allow-hijacking-sockets-tsi_hijack.patch
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
From 4a30a9b50081ae8863e02d206ba316bf4444ca4a Mon Sep 17 00:00:00 2001
From: Sergio Lopez <slp@redhat.com>
Date: Thu, 19 May 2022 22:42:01 +0200
Subject: [PATCH 11/11] tsi: allow hijacking sockets (tsi_hijack)
Add a kernel command line option (tsi_hijack) enabling users to
request the kernel to hijack AF_INET(SOCK_STREAM || SOCK_DGRAM)
sockets to turn them into TSI sockets.
Signed-off-by: Sergio Lopez <slp@redhat.com>
---
net/socket.c | 17 +++++++++++++++++
net/tsi/af_tsi.c | 2 +-
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/net/socket.c b/net/socket.c
index 683a9cde976c..ef01c056a178 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -113,6 +113,10 @@ unsigned int sysctl_net_busy_read __read_mostly;
unsigned int sysctl_net_busy_poll __read_mostly;
#endif
+#ifdef CONFIG_TSI
+bool tsi_hijack = false;
+#endif
+
static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to);
static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from);
static int sock_mmap(struct file *file, struct vm_area_struct *vma);
@@ -1459,6 +1463,10 @@ int sock_wake_async(struct socket_wq *wq, int how, int band)
}
EXPORT_SYMBOL(sock_wake_async);
+#ifdef CONFIG_TSI
+core_param(tsi_hijack, tsi_hijack, bool, 0644);
+#endif
+
/**
* __sock_create - creates a socket
* @net: net namespace
@@ -1529,6 +1537,15 @@ int __sock_create(struct net *net, int family, int type, int protocol,
request_module("net-pf-%d", family);
#endif
+#ifdef CONFIG_TSI
+ if (tsi_hijack && !kern && family == AF_INET &&
+ (type == SOCK_STREAM || type == SOCK_DGRAM)) {
+ pr_debug("%s - tsi: hijacking AF_INET socket\n",
+ current->comm);
+ family = AF_TSI;
+ }
+#endif
+
rcu_read_lock();
pf = rcu_dereference(net_families[family]);
err = -EAFNOSUPPORT;
diff --git a/net/tsi/af_tsi.c b/net/tsi/af_tsi.c
index 38a383634ccd..91c9c5cb2285 100644
--- a/net/tsi/af_tsi.c
+++ b/net/tsi/af_tsi.c
@@ -474,7 +474,7 @@ static int tsi_accept(struct socket *sock, struct socket *newsock, int flags,
struct socket *csocket;
struct tsi_sock *tsk;
struct tsi_sock *newtsk;
- struct socket *nsock;
+ struct socket *nsock = NULL;
struct sock *sk;
int err;
--
2.40.0