net: Avoid address overwrite in kernel_connect
JIRA: https://issues.redhat.com/browse/RHEL-39929
Tested:
- https://brewweb.engineering.redhat.com/brew/taskinfo?taskID=61660237
- Use of NFS client and NFS server to kernel_connect and kernel_bind
BPF programs that run on kernel connect can rewrite the connect address. We have a specific report of this causing an issue with Kubernetes and Cilium and an NFS load-balancing operator implemented as a BPF program. When there is an outage in one of the load-balanced NFS servers, the kernel NFS client connects to the old non-existent NFS server instead of the correct available NFS server, causing a production outage. This is repaired upstream with this patch series: one patch to change kernel_connect() and three follow-ups and a fix which avoid the same issue in other places.
EL 9 already has the later three patches:
410.el9 0235a0b8 net: Save and restore msg_namelen in sock_sendmsg 388.el9 d95dec3b net: prevent address rewrite in kernel_bind() 388.el9 80054377 net: prevent rewrite of msg_name in sock_sendmsg()
This series adds the two earlier patches which avoid the above issue. One patch conflicts due to READ_ONCE in upstream but not in RHEL. Kept the READ_ONCE in EL9 just like the EL8 patch. The other cherry-picks cleanly.
Signed-off-by: Jamie Bainbridge jbainbri@redhat.com Cc: Florian Westphal fwestpha@redhat.com Cc: Jiri Benc jbenc@redhat.com Cc: Marcelo Leitner mleitner@redhat.com Cc: Andrea Claudi aclaudi@redhat.com Cc: Antoine Tenart atenart@redhat.com Cc: Balazs Nemeth bnemeth@redhat.com Cc: Davide Caratti dcaratti@redhat.com Cc: Eric Garver egarver@redhat.com Cc: Felix Maurer fmaurer@redhat.com Cc: Flavio Leitner fbl@redhat.com Cc: Guillaume Nault gnault@redhat.com Cc: Hangbin Liu haliu@redhat.com Cc: Ivan Vecera ivecera@redhat.com Cc: Jarod Wilson jarod@redhat.com Cc: Lorenzo Bianconi lorenzo.bianconi@redhat.com Cc: Paolo Abeni pabeni@redhat.com Cc: Phil Sutter psutter@redhat.com Cc: Sabrina Dubroca sdubroca@redhat.com Cc: "Toke Høiland-Jørgensen" toke@redhat.com Cc: Xin Long lxin@redhat.com