From: ChenXiaoSong <chenxiaosong@kylinos.cn>

Change __sock_create() to sock_create_kern() for explicitness.

Signed-off-by: ChenXiaoSong <chenxiaosong@kylinos.cn>
---
 fs/smb/client/connect.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c
index 6bf04d9a5491..3275f2ff84cb 100644
--- a/fs/smb/client/connect.c
+++ b/fs/smb/client/connect.c
@@ -3350,8 +3350,7 @@ generic_ip_connect(struct TCP_Server_Info *server)
 		struct net *net = cifs_net_ns(server);
 		struct sock *sk;
 
-		rc = __sock_create(net, sfamily, SOCK_STREAM,
-				   IPPROTO_TCP, &server->ssocket, 1);
+		rc = sock_create_kern(net, sfamily, SOCK_STREAM, IPPROTO_TCP, &server->ssocket);
 		if (rc < 0) {
 			cifs_server_dbg(VFS, "Error %d creating socket\n", rc);
 			return rc;
-- 
2.34.1

Weren't there issues brought up earlier with using sock_create_kern
due to network namespaces and refcounts?

On Tue, May 27, 2025 at 10:18 PM <chenxiaosong@chenxiaosong.com> wrote:
>
> From: ChenXiaoSong <chenxiaosong@kylinos.cn>
>
> Change __sock_create() to sock_create_kern() for explicitness.
>
> Signed-off-by: ChenXiaoSong <chenxiaosong@kylinos.cn>
> ---
>  fs/smb/client/connect.c | 3 +--
>  1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c
> index 6bf04d9a5491..3275f2ff84cb 100644
> --- a/fs/smb/client/connect.c
> +++ b/fs/smb/client/connect.c
> @@ -3350,8 +3350,7 @@ generic_ip_connect(struct TCP_Server_Info *server)
>                 struct net *net = cifs_net_ns(server);
>                 struct sock *sk;
>
> -               rc = __sock_create(net, sfamily, SOCK_STREAM,
> -                                  IPPROTO_TCP, &server->ssocket, 1);
> +               rc = sock_create_kern(net, sfamily, SOCK_STREAM, IPPROTO_TCP, &server->ssocket);
>                 if (rc < 0) {
>                         cifs_server_dbg(VFS, "Error %d creating socket\n", rc);
>                         return rc;
> --
> 2.34.1
>
>


-- 
Thanks,

Steve

This patch is simply a cleanup that wraps the original code for 
explicitness, the last argument of __sock_create(..., 1) specifies that 
the socket is created in kernel space.

在 2025/5/28 11:39, Steve French 写道:
> Weren't there issues brought up earlier with using sock_create_kern
> due to network namespaces and refcounts?
> 
> On Tue, May 27, 2025 at 10:18 PM <chenxiaosong@chenxiaosong.com> wrote:
>>
>> From: ChenXiaoSong <chenxiaosong@kylinos.cn>
>>
>> Change __sock_create() to sock_create_kern() for explicitness.
>>
>> Signed-off-by: ChenXiaoSong <chenxiaosong@kylinos.cn>
>> ---
>>   fs/smb/client/connect.c | 3 +--
>>   1 file changed, 1 insertion(+), 2 deletions(-)
>>
>> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c
>> index 6bf04d9a5491..3275f2ff84cb 100644
>> --- a/fs/smb/client/connect.c
>> +++ b/fs/smb/client/connect.c
>> @@ -3350,8 +3350,7 @@ generic_ip_connect(struct TCP_Server_Info *server)
>>                  struct net *net = cifs_net_ns(server);
>>                  struct sock *sk;
>>
>> -               rc = __sock_create(net, sfamily, SOCK_STREAM,
>> -                                  IPPROTO_TCP, &server->ssocket, 1);
>> +               rc = sock_create_kern(net, sfamily, SOCK_STREAM, IPPROTO_TCP, &server->ssocket);
>>                  if (rc < 0) {
>>                          cifs_server_dbg(VFS, "Error %d creating socket\n", rc);
>>                          return rc;
>> --
>> 2.34.1
>>
>>
> 
> 

Thanks for CCing me, Steve.

From: ChenXiaoSong <chenxiaosong@chenxiaosong.com>
Date: Wed, 28 May 2025 12:09:01 +0800
> This patch is simply a cleanup that wraps the original code for 
> explicitness, the last argument of __sock_create(..., 1) specifies that 
> the socket is created in kernel space.

Not sure how you came up with this patch, maybe coincidence, but
I'm trying to clean these up at once on the netdev side, so it would
be appreciated if this is kept as is to avoid unnecessary conflicts.

https://lore.kernel.org/netdev/20250523182128.59346-2-kuniyu@amazon.com/


> 
> 在 2025/5/28 11:39, Steve French 写道:
> > Weren't there issues brought up earlier with using sock_create_kern
> > due to network namespaces and refcounts?
> > 
> > On Tue, May 27, 2025 at 10:18 PM <chenxiaosong@chenxiaosong.com> wrote:
> >>
> >> From: ChenXiaoSong <chenxiaosong@kylinos.cn>
> >>
> >> Change __sock_create() to sock_create_kern() for explicitness.
> >>
> >> Signed-off-by: ChenXiaoSong <chenxiaosong@kylinos.cn>
> >> ---
> >>   fs/smb/client/connect.c | 3 +--
> >>   1 file changed, 1 insertion(+), 2 deletions(-)
> >>
> >> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c
> >> index 6bf04d9a5491..3275f2ff84cb 100644
> >> --- a/fs/smb/client/connect.c
> >> +++ b/fs/smb/client/connect.c
> >> @@ -3350,8 +3350,7 @@ generic_ip_connect(struct TCP_Server_Info *server)
> >>                  struct net *net = cifs_net_ns(server);
> >>                  struct sock *sk;
> >>
> >> -               rc = __sock_create(net, sfamily, SOCK_STREAM,
> >> -                                  IPPROTO_TCP, &server->ssocket, 1);
> >> +               rc = sock_create_kern(net, sfamily, SOCK_STREAM, IPPROTO_TCP, &server->ssocket);
> >>                  if (rc < 0) {
> >>                          cifs_server_dbg(VFS, "Error %d creating socket\n", rc);
> >>                          return rc;
> >> --
> >> 2.34.1
> >>
> >>
> > 
> > 

On Wed, 28 May 2025 12:09:01 +0800
ChenXiaoSong <chenxiaosong@chenxiaosong.com> wrote:
> 在 2025/5/28 11:39, Steve French 写道:
> > Weren't there issues brought up earlier with using sock_create_kern
> > due to network namespaces and refcounts?

> This patch is simply a cleanup that wraps the original code for 
> explicitness, the last argument of __sock_create(..., 1) specifies that 
> the socket is created in kernel space.

Except that 'kernel space' doesn't really mean anything.
IIRC it does two separate things:
1) Skips some 'permission' checks on the current process.
2) Doesn't 'hold' the network namespace.

The extra permission checks might be relevant even if the socket is
only indirectly accessible from a process.

But code like smb doesn't want the extra checks but does need the
namespace held (or it has to go through 'hoops' to request a callback
when the namespace is removed and delete the connection from the
callback).

Maybe there should be a 'kernel_socket()' (cf kernel_sendmsg()) that
code like smb should use.

	David


> 
> > 
> > On Tue, May 27, 2025 at 10:18 PM <chenxiaosong@chenxiaosong.com> wrote:  
> >>
> >> From: ChenXiaoSong <chenxiaosong@kylinos.cn>
> >>
> >> Change __sock_create() to sock_create_kern() for explicitness.
> >>
> >> Signed-off-by: ChenXiaoSong <chenxiaosong@kylinos.cn>
> >> ---
> >>   fs/smb/client/connect.c | 3 +--
> >>   1 file changed, 1 insertion(+), 2 deletions(-)
> >>
> >> diff --git a/fs/smb/client/connect.c b/fs/smb/client/connect.c
> >> index 6bf04d9a5491..3275f2ff84cb 100644
> >> --- a/fs/smb/client/connect.c
> >> +++ b/fs/smb/client/connect.c
> >> @@ -3350,8 +3350,7 @@ generic_ip_connect(struct TCP_Server_Info *server)
> >>                  struct net *net = cifs_net_ns(server);
> >>                  struct sock *sk;
> >>
> >> -               rc = __sock_create(net, sfamily, SOCK_STREAM,
> >> -                                  IPPROTO_TCP, &server->ssocket, 1);
> >> +               rc = sock_create_kern(net, sfamily, SOCK_STREAM, IPPROTO_TCP, &server->ssocket);
> >>                  if (rc < 0) {
> >>                          cifs_server_dbg(VFS, "Error %d creating socket\n", rc);
> >>                          return rc;
> >> --
> >> 2.34.1
> >>
> >>  
> > 
> >   
> 
>