)]}'
{
  "commit": "0a9771f609e44dfec5656c2d2aa8bf722969fc82",
  "tree": "ff6deca7cfe7c90929d7492bab4f376455163f8f",
  "parents": [
    "ec234a2c38205232f4accd468f48dab3b9787b49"
  ],
  "author": {
    "name": "Jordan Rife",
    "email": "jrife@google.com",
    "time": "Mon Aug 21 16:45:23 2023 -0500"
  },
  "committer": {
    "name": "COS Cherry Picker",
    "email": "cloud-image-release@prod.google.com",
    "time": "Fri Sep 08 16:39:02 2023 -0700"
  },
  "message": "net: Avoid address overwrite in kernel_connect\n\nBPF programs that run on connect can rewrite the connect address. For\nthe connect system call this isn\u0027t a problem, because a copy of the address\nis made when it is moved into kernel space. However, kernel_connect\nsimply passes through the address it is given, so the caller may observe\nits address value unexpectedly change.\n\nA practical example where this is problematic is where NFS is combined\nwith a system such as Cilium which implements BPF-based load balancing.\nA common pattern in software-defined storage systems is to have an NFS\nmount that connects to a persistent virtual IP which in turn maps to an\nephemeral server IP. This is usually done to achieve high availability:\nif your server goes down you can quickly spin up a replacement and remap\nthe virtual IP to that endpoint. With BPF-based load balancing, mounts\nwill forget the virtual IP address when the address rewrite occurs\nbecause a pointer to the only copy of that address is passed down the\nstack. Server failover then breaks, because clients have forgotten the\nvirtual IP address. Reconnects fail and mounts remain broken. This patch\nwas tested by setting up a scenario like this and ensuring that NFS\nreconnects worked after applying the patch.\n\nBUG\u003db/294602647\nTEST\u003dpresubmit\nRELEASE_NOTE\u003dFixes problem with NFS reconnects when using DPv2 in\nkube-proxy-free mode.\n\ncos-patch: bug\nChange-Id: I2f47461d2cbf7aafbadfb148d7c612cb6b7589c1\nSigned-off-by: Jordan Rife \u003cjrife@google.com\u003e\nSigned-off-by: David S. Miller \u003cdavem@davemloft.net\u003e\n(cherry picked from commit 0bdf399342c5acbd817c9098b6c7ed21f1974312)\nSigned-off-by: Chenglong Tang \u003cchenglongtang@google.com\u003e\nReviewed-on: https://cos-review.googlesource.com/c/third_party/kernel/+/56888\nMain-Branch-Verified: Cusky Presubmit Bot \u003cpresubmit@cos-infra-prod.iam.gserviceaccount.com\u003e\nTested-by: Cusky Presubmit Bot \u003cpresubmit@cos-infra-prod.iam.gserviceaccount.com\u003e\nReviewed-by: Robert Kolchmeyer \u003crkolchmeyer@google.com\u003e\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "84223419da8620520c2390d2a4b9e6ccedc55f07",
      "old_mode": 33188,
      "old_path": "net/socket.c",
      "new_id": "7097516261c3ac042e96bf5d35470033710d4ed7",
      "new_mode": 33188,
      "new_path": "net/socket.c"
    }
  ]
}