Re: [PATCH] nbd: restrict sockets to TCP and UDP
- To: Pavel Machek <pavel@ucw.cz>
- Cc: Eric Dumazet <edumazet@google.com>, Josef Bacik <josef@toxicpanda.com>, Jens Axboe <axboe@kernel.dk>, linux-kernel <linux-kernel@vger.kernel.org>, netdev@vger.kernel.org, Eric Dumazet <eric.dumazet@gmail.com>, syzbot+e1cd6bd8493060bd701d@syzkaller.appspotmail.com, Mike Christie <mchristi@redhat.com>, Yu Kuai <yukuai1@huaweicloud.com>, linux-block@vger.kernel.org, nbd@other.debian.org
- Subject: Re: [PATCH] nbd: restrict sockets to TCP and UDP
- From: "Richard W.M. Jones" <rjones@redhat.com>
- Date: Tue, 18 Nov 2025 18:16:23 +0000
- Message-id: <[🔎] 20251118181623.GK1427@redhat.com>
- In-reply-to: <aRyzUc/WndKJBAz0@duo.ucw.cz>
- References: <20250909132243.1327024-1-edumazet@google.com> <aRyzUc/WndKJBAz0@duo.ucw.cz>
On Tue, Nov 18, 2025 at 06:56:33PM +0100, Pavel Machek wrote:
> Hi!
>
> > Recently, syzbot started to abuse NBD with all kinds of sockets.
> >
> > Commit cf1b2326b734 ("nbd: verify socket is supported during setup")
> > made sure the socket supported a shutdown() method.
> >
> > Explicitely accept TCP and UNIX stream sockets.
>
> Note that running nbd server and client on same machine is not safe in
> read-write mode. It may deadlock under low memory conditions.
>
> Thus I'm not sure if we should accept UNIX sockets.
Both nbd-client and nbdkit have modes where they can mlock themselves
into RAM.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW
Reply to: