Return-Path: Received: from mx1.redhat.com ([209.132.183.28]:54186 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S934244AbdKGNbV (ORCPT ); Tue, 7 Nov 2017 08:31:21 -0500 Date: Tue, 7 Nov 2017 13:31:11 +0000 From: Stefan Hajnoczi To: Jeff Layton Cc: linux-nfs@vger.kernel.org, Abbas Naderi , Anna Schumaker , Trond Myklebust , "J. Bruce Fields" , Chuck Lever Subject: Re: [PATCH v3 08/14] SUNRPC: add AF_VSOCK support to svc_xprt.c Message-ID: <20171107133111.GK6809@stefanha-x1.localdomain> References: <20170630132352.32133-1-stefanha@redhat.com> <20170630132352.32133-9-stefanha@redhat.com> <1509459038.4553.26.camel@redhat.com> MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="vbzKE9fGfpHIBC6T" In-Reply-To: <1509459038.4553.26.camel@redhat.com> Sender: linux-nfs-owner@vger.kernel.org List-ID: --vbzKE9fGfpHIBC6T Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, Oct 31, 2017 at 10:10:38AM -0400, Jeff Layton wrote: > On Fri, 2017-06-30 at 14:23 +0100, Stefan Hajnoczi wrote: > > @@ -595,6 +609,10 @@ int svc_port_is_privileged(struct sockaddr *sin) > > case AF_INET6: > > return ntohs(((struct sockaddr_in6 *)sin)->sin6_port) > > < PROT_SOCK; > > + case AF_VSOCK: > > + return ((struct sockaddr_vm *)sin)->svm_port <=3D > > + LAST_RESERVED_PORT; > > + > > default: > > return 0; > > } >=20 > Does vsock even have the concept of a privileged port? I would imagine > that root in a guest VM would carry no particular significance from an > export security standpoint >=20 > Since you're defining a new transport here, it might be nice write the > RFCs to avoid that distinction, if possible. >=20 > Note that RDMA just has svc_port_is_privileged always return 1. AF_VSOCK has the same 0-1023 privileged port range as TCP. Stefan --vbzKE9fGfpHIBC6T Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQEcBAEBAgAGBQJaAbWfAAoJEJykq7OBq3PI5dEH/0j3+GmPc4MgCdDHNMCpzdO1 lVTPAL39xHcXScZ4hLyu+y2NkmurVnkp1hy2EzjDYxYD3BM0hd97YjaGsTM1AO8d GWmLrhLSBX2q/VxVwodTLPinG7n11eOFrQ83BwpeaJA3i+4OlVE+KkHhGZcHHSXW WLBQJ0EZN8LW5bgfF6e8eYEWjOh0P+5/962ykXRucmcQ3zrUFM/mHXdcWaktIbtY N/IlLc3eCfRtzuNc5Ij+uvauOFi9MVJogCmRKMXvMI251vUeJXoiWFBsObh7qKoR aUgMzXNJOfVNwikhkOmCsjkhgDrtSW2VHFavtKucpBARj6gZcgR1TzYhakL/BXc= =38/A -----END PGP SIGNATURE----- --vbzKE9fGfpHIBC6T--