[PATCH] net: revert "align SO_RCVMARK required privileges with SO_MARK"

[PATCH] net: revert "align SO_RCVMARK required privileges with SO_MARK"

[Maciej Żenczykowski]

This reverts:
    commit 1f86123b97491cc2b5071d7f9933f0e91890c976
    net: align SO_RCVMARK required privileges with SO_MARK

    The commit referenced in the "Fixes" tag added the SO_RCVMARK socket
    option for receiving the skb mark in the ancillary data.

    Since this is a new capability, and exposes admin configured details
    regarding the underlying network setup to sockets, let's align the
    needed capabilities with those of SO_MARK.

This reasoning is not really correct:
  SO_RCVMARK is used for 'reading' incoming skb mark (via cmsg), as such
  it is more equivalent to 'getsockopt(SO_MARK)' which has no priv check
  and retrieves the socket mark, rather than 'setsockopt(SO_MARK) which
  sets the socket mark and does require privs.

  Additionally incoming skb->mark may already be visible if
  sysctl_fwmark_reflect and/or sysctl_tcp_fwmark_accept are enabled.

  Furthermore, it is easier to block the getsockopt via bpf
  (either cgroup setsockopt hook, or via syscall filters)
  then to unblock it if it requires CAP_NET_RAW/ADMIN.

On Android the socket mark is (among other things) used to store
the network identifier a socket is bound to.  Setting it is privileged,
but retrieving it is not.  We'd like unprivileged userspace to be able
to read the network id of incoming packets (where mark is set via iptables
[to be moved to bpf])...

An alternative would be to add another sysctl to control whether
setting SO_RCVMARK is privilged or not.
(or even a MASK of which bits in the mark can be exposed)
But this seems like over-engineering...

Note: This is a non-trivial revert, due to later merged:
  commit e42c7beee71d0d84a6193357e3525d0cf2a3e168
  bpf: net: Consider has_current_bpf_ctx() when testing capable() in sk_setsockopt()
which changed both 'ns_capable' into 'sockopt_ns_capable' calls.

Fixes: 1f86123b9749 ("align SO_RCVMARK required privileges with SO_MARK")
Cc: Eyal Birger <eyal.birger@gmail.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Patrick Rohr <prohr@google.com>
Signed-off-by: Maciej Żenczykowski <maze@google.com>
---
 net/core/sock.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/net/core/sock.c b/net/core/sock.c
index 24f2761bdb1d..6e5662ca00fe 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1362,12 +1362,6 @@ int sk_setsockopt(struct sock *sk, int level, int optname,
 		__sock_set_mark(sk, val);
 		break;
 	case SO_RCVMARK:
-		if (!sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
-		    !sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
-			ret = -EPERM;
-			break;
-		}
-
 		sock_valbool_flag(sk, SOCK_RCVMARK, valbool);
 		break;
 
-- 
2.41.0.rc0.172.g3f132b7071-goog

Re: [PATCH] net: revert "align SO_RCVMARK required privileges with SO_MARK"

[Larysa Zaremba]

On Mon, Jun 05, 2023 at 01:12:18AM -0700, Maciej Żenczykowski wrote:
> This reverts:
>     commit 1f86123b97491cc2b5071d7f9933f0e91890c976
>     net: align SO_RCVMARK required privileges with SO_MARK
> 
>     The commit referenced in the "Fixes" tag added the SO_RCVMARK socket
>     option for receiving the skb mark in the ancillary data.
> 
>     Since this is a new capability, and exposes admin configured details
>     regarding the underlying network setup to sockets, let's align the
>     needed capabilities with those of SO_MARK.
> 

No need to copy-paste reverted commit in full. Others are supposed to look it up 
in the log. The proper way to reference another commit is [0]:

Commit e21d2170f36602ae2708 ("video: remove unnecessary
platform_set_drvdata()") removed the unnecessary
platform_set_drvdata(), but left the variable "dev" unused,
delete it.

Have you checked your patch with checkpatch? I am quite sure it would not allow 
copy-pasted commit message.

[0] kernel.org/doc/html/v4.17/process/submitting-patches.html

Also, please add patch prefix with tree name specified (net/net-next).

> This reasoning is not really correct:
>   SO_RCVMARK is used for 'reading' incoming skb mark (via cmsg), as such
>   it is more equivalent to 'getsockopt(SO_MARK)' which has no priv check
>   and retrieves the socket mark, rather than 'setsockopt(SO_MARK) which
>   sets the socket mark and does require privs.
> 
>   Additionally incoming skb->mark may already be visible if
>   sysctl_fwmark_reflect and/or sysctl_tcp_fwmark_accept are enabled.
> 
>   Furthermore, it is easier to block the getsockopt via bpf
>   (either cgroup setsockopt hook, or via syscall filters)
>   then to unblock it if it requires CAP_NET_RAW/ADMIN.
> 
> On Android the socket mark is (among other things) used to store
> the network identifier a socket is bound to.  Setting it is privileged,
> but retrieving it is not.  We'd like unprivileged userspace to be able
> to read the network id of incoming packets (where mark is set via iptables
> [to be moved to bpf])...
> 
> An alternative would be to add another sysctl to control whether
> setting SO_RCVMARK is privilged or not.
> (or even a MASK of which bits in the mark can be exposed)
> But this seems like over-engineering...
> 
> Note: This is a non-trivial revert, due to later merged:
>   commit e42c7beee71d0d84a6193357e3525d0cf2a3e168
>   bpf: net: Consider has_current_bpf_ctx() when testing capable() in sk_setsockopt()
> which changed both 'ns_capable' into 'sockopt_ns_capable' calls.
> 
> Fixes: 1f86123b9749 ("align SO_RCVMARK required privileges with SO_MARK")

I have never seen a reverted commit referenced with a "Fixes: " tag.

> Cc: Eyal Birger <eyal.birger@gmail.com>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Eric Dumazet <edumazet@google.com>
> Cc: Patrick Rohr <prohr@google.com>
> Signed-off-by: Maciej Żenczykowski <maze@google.com>
> ---
>  net/core/sock.c | 6 ------
>  1 file changed, 6 deletions(-)
> 
> diff --git a/net/core/sock.c b/net/core/sock.c
> index 24f2761bdb1d..6e5662ca00fe 100644
> --- a/net/core/sock.c
> +++ b/net/core/sock.c
> @@ -1362,12 +1362,6 @@ int sk_setsockopt(struct sock *sk, int level, int optname,
>  		__sock_set_mark(sk, val);
>  		break;
>  	case SO_RCVMARK:
> -		if (!sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
> -		    !sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
> -			ret = -EPERM;
> -			break;
> -		}
> -
>  		sock_valbool_flag(sk, SOCK_RCVMARK, valbool);
>  		break;
>  

Both code and your reasoning seem fine.

> -- 
> 2.41.0.rc0.172.g3f132b7071-goog
> 
> 

Re: [PATCH] net: revert "align SO_RCVMARK required privileges with SO_MARK"

[Simon Horman]

On Mon, Jun 05, 2023 at 05:27:32PM +0200, Larysa Zaremba wrote:
> On Mon, Jun 05, 2023 at 01:12:18AM -0700, Maciej Żenczykowski wrote:
> > This reverts:
> >     commit 1f86123b97491cc2b5071d7f9933f0e91890c976
> >     net: align SO_RCVMARK required privileges with SO_MARK
> > 
> >     The commit referenced in the "Fixes" tag added the SO_RCVMARK socket
> >     option for receiving the skb mark in the ancillary data.
> > 
> >     Since this is a new capability, and exposes admin configured details
> >     regarding the underlying network setup to sockets, let's align the
> >     needed capabilities with those of SO_MARK.
> > 
> 
> No need to copy-paste reverted commit in full. Others are supposed to look it up 
> in the log. The proper way to reference another commit is [0]:
> 
> Commit e21d2170f36602ae2708 ("video: remove unnecessary
> platform_set_drvdata()") removed the unnecessary
> platform_set_drvdata(), but left the variable "dev" unused,
> delete it.
> 
> Have you checked your patch with checkpatch? I am quite sure it would not allow 
> copy-pasted commit message.
> 
> [0] kernel.org/doc/html/v4.17/process/submitting-patches.html
> 
> Also, please add patch prefix with tree name specified (net/net-next).

To add some colour to that, assuming 'net', and with a slightly
fixed-up subject:

	[PATCH net]: Revert "net: align SO_RCVMARK required privileges with SO_MARK"

> 
> > This reasoning is not really correct:
> >   SO_RCVMARK is used for 'reading' incoming skb mark (via cmsg), as such
> >   it is more equivalent to 'getsockopt(SO_MARK)' which has no priv check
> >   and retrieves the socket mark, rather than 'setsockopt(SO_MARK) which
> >   sets the socket mark and does require privs.
> > 
> >   Additionally incoming skb->mark may already be visible if
> >   sysctl_fwmark_reflect and/or sysctl_tcp_fwmark_accept are enabled.
> > 
> >   Furthermore, it is easier to block the getsockopt via bpf
> >   (either cgroup setsockopt hook, or via syscall filters)
> >   then to unblock it if it requires CAP_NET_RAW/ADMIN.
> > 
> > On Android the socket mark is (among other things) used to store
> > the network identifier a socket is bound to.  Setting it is privileged,
> > but retrieving it is not.  We'd like unprivileged userspace to be able
> > to read the network id of incoming packets (where mark is set via iptables
> > [to be moved to bpf])...
> > 
> > An alternative would be to add another sysctl to control whether
> > setting SO_RCVMARK is privilged or not.
> > (or even a MASK of which bits in the mark can be exposed)
> > But this seems like over-engineering...
> > 
> > Note: This is a non-trivial revert, due to later merged:
> >   commit e42c7beee71d0d84a6193357e3525d0cf2a3e168
> >   bpf: net: Consider has_current_bpf_ctx() when testing capable() in sk_setsockopt()
> > which changed both 'ns_capable' into 'sockopt_ns_capable' calls.
> > 
> > Fixes: 1f86123b9749 ("align SO_RCVMARK required privileges with SO_MARK")
> 
> I have never seen a reverted commit referenced with a "Fixes: " tag.

Yes, maybe. Though an example seems to be:

	e7480a44d7c4 ("Revert "net: Remove low_thresh in ip defrag"")

If we do want a fixes tag, then I think it should be:

Fixes: 1f86123b9749 ("net: align SO_RCVMARK required privileges with SO_MARK")

> > Cc: Eyal Birger <eyal.birger@gmail.com>
> > Cc: Jakub Kicinski <kuba@kernel.org>
> > Cc: Eric Dumazet <edumazet@google.com>
> > Cc: Patrick Rohr <prohr@google.com>
> > Signed-off-by: Maciej Żenczykowski <maze@google.com>
> > ---
> >  net/core/sock.c | 6 ------
> >  1 file changed, 6 deletions(-)
> > 
> > diff --git a/net/core/sock.c b/net/core/sock.c
> > index 24f2761bdb1d..6e5662ca00fe 100644
> > --- a/net/core/sock.c
> > +++ b/net/core/sock.c
> > @@ -1362,12 +1362,6 @@ int sk_setsockopt(struct sock *sk, int level, int optname,
> >  		__sock_set_mark(sk, val);
> >  		break;
> >  	case SO_RCVMARK:
> > -		if (!sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
> > -		    !sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
> > -			ret = -EPERM;
> > -			break;
> > -		}
> > -
> >  		sock_valbool_flag(sk, SOCK_RCVMARK, valbool);
> >  		break;
> >  
> 
> Both code and your reasoning seem fine.

-- 
pw-bot: cr

Re: [PATCH] net: revert "align SO_RCVMARK required privileges with SO_MARK"

[Paolo Abeni]

On Mon, 2023-06-05 at 01:12 -0700, Maciej Żenczykowski wrote:
> This reverts:
>     commit 1f86123b97491cc2b5071d7f9933f0e91890c976
>     net: align SO_RCVMARK required privileges with SO_MARK
> 
>     The commit referenced in the "Fixes" tag added the SO_RCVMARK socket
>     option for receiving the skb mark in the ancillary data.
> 
>     Since this is a new capability, and exposes admin configured details
>     regarding the underlying network setup to sockets, let's align the
>     needed capabilities with those of SO_MARK.
> 
> This reasoning is not really correct:
>   SO_RCVMARK is used for 'reading' incoming skb mark (via cmsg), as such
>   it is more equivalent to 'getsockopt(SO_MARK)' which has no priv check
>   and retrieves the socket mark, rather than 'setsockopt(SO_MARK) which
>   sets the socket mark and does require privs.
> 
>   Additionally incoming skb->mark may already be visible if
>   sysctl_fwmark_reflect and/or sysctl_tcp_fwmark_accept are enabled.
> 
>   Furthermore, it is easier to block the getsockopt via bpf
>   (either cgroup setsockopt hook, or via syscall filters)
>   then to unblock it if it requires CAP_NET_RAW/ADMIN.
> 
> On Android the socket mark is (among other things) used to store
> the network identifier a socket is bound to.  Setting it is privileged,
> but retrieving it is not.  We'd like unprivileged userspace to be able
> to read the network id of incoming packets (where mark is set via iptables
> [to be moved to bpf])...
> 
> An alternative would be to add another sysctl to control whether
> setting SO_RCVMARK is privilged or not.
> (or even a MASK of which bits in the mark can be exposed)
> But this seems like over-engineering...
> 
> Note: This is a non-trivial revert, due to later merged:
>   commit e42c7beee71d0d84a6193357e3525d0cf2a3e168
>   bpf: net: Consider has_current_bpf_ctx() when testing capable() in sk_setsockopt()

When you repost, please additionally change the above with the usual
commit reference, e.g. commit <12# hash> ("<title>")

> which changed both 'ns_capable' into 'sockopt_ns_capable' calls.
> 
> Fixes: 1f86123b9749 ("align SO_RCVMARK required privileges with SO_MARK")
> Cc: Eyal Birger <eyal.birger@gmail.com>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Eric Dumazet <edumazet@google.com>
> Cc: Patrick Rohr <prohr@google.com>
> Signed-off-by: Maciej Żenczykowski <maze@google.com>
> ---
>  net/core/sock.c | 6 ------
>  1 file changed, 6 deletions(-)
> 
> diff --git a/net/core/sock.c b/net/core/sock.c
> index 24f2761bdb1d..6e5662ca00fe 100644
> --- a/net/core/sock.c
> +++ b/net/core/sock.c
> @@ -1362,12 +1362,6 @@ int sk_setsockopt(struct sock *sk, int level, int optname,
>  		__sock_set_mark(sk, val);
>  		break;
>  	case SO_RCVMARK:
> -		if (!sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
> -		    !sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
> -			ret = -EPERM;
> -			break;
> -		}
> -
>  		sock_valbool_flag(sk, SOCK_RCVMARK, valbool);
>  		break;
>  

[PATCH net v2] revert "net: align SO_RCVMARK required privileges with SO_MARK"

[Maciej Żenczykowski]

This reverts commit 1f86123b9749 ("net: align SO_RCVMARK required
privileges with SO_MARK") because the reasoning in the commit message
is not really correct:
  SO_RCVMARK is used for 'reading' incoming skb mark (via cmsg), as such
  it is more equivalent to 'getsockopt(SO_MARK)' which has no priv check
  and retrieves the socket mark, rather than 'setsockopt(SO_MARK) which
  sets the socket mark and does require privs.

  Additionally incoming skb->mark may already be visible if
  sysctl_fwmark_reflect and/or sysctl_tcp_fwmark_accept are enabled.

  Furthermore, it is easier to block the getsockopt via bpf
  (either cgroup setsockopt hook, or via syscall filters)
  then to unblock it if it requires CAP_NET_RAW/ADMIN.

On Android the socket mark is (among other things) used to store
the network identifier a socket is bound to.  Setting it is privileged,
but retrieving it is not.  We'd like unprivileged userspace to be able
to read the network id of incoming packets (where mark is set via
iptables [to be moved to bpf])...

An alternative would be to add another sysctl to control whether
setting SO_RCVMARK is privilged or not.
(or even a MASK of which bits in the mark can be exposed)
But this seems like over-engineering...

Note: This is a non-trivial revert, due to later merged commit e42c7beee71d
("bpf: net: Consider has_current_bpf_ctx() when testing capable() in sk_setsockopt()")
which changed both 'ns_capable' into 'sockopt_ns_capable' calls.

Fixes: 1f86123b9749 ("net: align SO_RCVMARK required privileges with SO_MARK")
Cc: Larysa Zaremba <larysa.zaremba@intel.com>
Cc: Simon Horman <simon.horman@corigine.com>
Cc: Paolo Abeni <pabeni@redhat.com>
Cc: Eyal Birger <eyal.birger@gmail.com>
Cc: Jakub Kicinski <kuba@kernel.org>
Cc: Eric Dumazet <edumazet@google.com>
Cc: Patrick Rohr <prohr@google.com>
Signed-off-by: Maciej Żenczykowski <maze@google.com>
---
 net/core/sock.c | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/net/core/sock.c b/net/core/sock.c
index 24f2761bdb1d..6e5662ca00fe 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -1362,12 +1362,6 @@ int sk_setsockopt(struct sock *sk, int level, int optname,
 		__sock_set_mark(sk, val);
 		break;
 	case SO_RCVMARK:
-		if (!sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
-		    !sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
-			ret = -EPERM;
-			break;
-		}
-
 		sock_valbool_flag(sk, SOCK_RCVMARK, valbool);
 		break;
 
-- 
2.41.0.162.gfafddb0af9-goog

Re: [PATCH net v2] revert "net: align SO_RCVMARK required privileges with SO_MARK"

[Simon Horman]

On Sun, Jun 18, 2023 at 03:31:30AM -0700, Maciej Żenczykowski wrote:
> This reverts commit 1f86123b9749 ("net: align SO_RCVMARK required
> privileges with SO_MARK") because the reasoning in the commit message
> is not really correct:
>   SO_RCVMARK is used for 'reading' incoming skb mark (via cmsg), as such
>   it is more equivalent to 'getsockopt(SO_MARK)' which has no priv check
>   and retrieves the socket mark, rather than 'setsockopt(SO_MARK) which
>   sets the socket mark and does require privs.
> 
>   Additionally incoming skb->mark may already be visible if
>   sysctl_fwmark_reflect and/or sysctl_tcp_fwmark_accept are enabled.
> 
>   Furthermore, it is easier to block the getsockopt via bpf
>   (either cgroup setsockopt hook, or via syscall filters)
>   then to unblock it if it requires CAP_NET_RAW/ADMIN.
> 
> On Android the socket mark is (among other things) used to store
> the network identifier a socket is bound to.  Setting it is privileged,
> but retrieving it is not.  We'd like unprivileged userspace to be able
> to read the network id of incoming packets (where mark is set via
> iptables [to be moved to bpf])...
> 
> An alternative would be to add another sysctl to control whether
> setting SO_RCVMARK is privilged or not.
> (or even a MASK of which bits in the mark can be exposed)
> But this seems like over-engineering...
> 
> Note: This is a non-trivial revert, due to later merged commit e42c7beee71d
> ("bpf: net: Consider has_current_bpf_ctx() when testing capable() in sk_setsockopt()")
> which changed both 'ns_capable' into 'sockopt_ns_capable' calls.
> 
> Fixes: 1f86123b9749 ("net: align SO_RCVMARK required privileges with SO_MARK")
> Cc: Larysa Zaremba <larysa.zaremba@intel.com>
> Cc: Simon Horman <simon.horman@corigine.com>
> Cc: Paolo Abeni <pabeni@redhat.com>
> Cc: Eyal Birger <eyal.birger@gmail.com>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Eric Dumazet <edumazet@google.com>
> Cc: Patrick Rohr <prohr@google.com>
> Signed-off-by: Maciej Żenczykowski <maze@google.com>

Reviewed-by: Simon Horman <simon.horman@corigine.com>

Re: [PATCH net v2] revert "net: align SO_RCVMARK required privileges with SO_MARK"

[Kuniyuki Iwashima]

From: Maciej Żenczykowski <maze@google.com>
Date: Sun, 18 Jun 2023 03:31:30 -0700
> This reverts commit 1f86123b9749 ("net: align SO_RCVMARK required
> privileges with SO_MARK") because the reasoning in the commit message
> is not really correct:
>   SO_RCVMARK is used for 'reading' incoming skb mark (via cmsg), as such
>   it is more equivalent to 'getsockopt(SO_MARK)' which has no priv check
>   and retrieves the socket mark, rather than 'setsockopt(SO_MARK) which
>   sets the socket mark and does require privs.
> 
>   Additionally incoming skb->mark may already be visible if
>   sysctl_fwmark_reflect and/or sysctl_tcp_fwmark_accept are enabled.
> 
>   Furthermore, it is easier to block the getsockopt via bpf
>   (either cgroup setsockopt hook, or via syscall filters)
>   then to unblock it if it requires CAP_NET_RAW/ADMIN.
> 
> On Android the socket mark is (among other things) used to store
> the network identifier a socket is bound to.  Setting it is privileged,
> but retrieving it is not.  We'd like unprivileged userspace to be able
> to read the network id of incoming packets (where mark is set via
> iptables [to be moved to bpf])...
> 
> An alternative would be to add another sysctl to control whether
> setting SO_RCVMARK is privilged or not.
> (or even a MASK of which bits in the mark can be exposed)
> But this seems like over-engineering...
> 
> Note: This is a non-trivial revert, due to later merged commit e42c7beee71d
> ("bpf: net: Consider has_current_bpf_ctx() when testing capable() in sk_setsockopt()")
> which changed both 'ns_capable' into 'sockopt_ns_capable' calls.
> 
> Fixes: 1f86123b9749 ("net: align SO_RCVMARK required privileges with SO_MARK")
> Cc: Larysa Zaremba <larysa.zaremba@intel.com>
> Cc: Simon Horman <simon.horman@corigine.com>
> Cc: Paolo Abeni <pabeni@redhat.com>
> Cc: Eyal Birger <eyal.birger@gmail.com>
> Cc: Jakub Kicinski <kuba@kernel.org>
> Cc: Eric Dumazet <edumazet@google.com>
> Cc: Patrick Rohr <prohr@google.com>
> Signed-off-by: Maciej Żenczykowski <maze@google.com>

Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>


> ---
>  net/core/sock.c | 6 ------
>  1 file changed, 6 deletions(-)
> 
> diff --git a/net/core/sock.c b/net/core/sock.c
> index 24f2761bdb1d..6e5662ca00fe 100644
> --- a/net/core/sock.c
> +++ b/net/core/sock.c
> @@ -1362,12 +1362,6 @@ int sk_setsockopt(struct sock *sk, int level, int optname,
>  		__sock_set_mark(sk, val);
>  		break;
>  	case SO_RCVMARK:
> -		if (!sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
> -		    !sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
> -			ret = -EPERM;
> -			break;
> -		}
> -
>  		sock_valbool_flag(sk, SOCK_RCVMARK, valbool);
>  		break;
>  
> -- 
> 2.41.0.162.gfafddb0af9-goog

Re: [PATCH net v2] revert "net: align SO_RCVMARK required privileges with SO_MARK"

[patchwork-bot+netdevbpf]

Hello:

This patch was applied to netdev/net.git (main)
by Paolo Abeni <pabeni@redhat.com>:

On Sun, 18 Jun 2023 03:31:30 -0700 you wrote:
> This reverts commit 1f86123b9749 ("net: align SO_RCVMARK required
> privileges with SO_MARK") because the reasoning in the commit message
> is not really correct:
>   SO_RCVMARK is used for 'reading' incoming skb mark (via cmsg), as such
>   it is more equivalent to 'getsockopt(SO_MARK)' which has no priv check
>   and retrieves the socket mark, rather than 'setsockopt(SO_MARK) which
>   sets the socket mark and does require privs.
> 
> [...]

Here is the summary with links:
  - [net,v2] revert "net: align SO_RCVMARK required privileges with SO_MARK"
    https://git.kernel.org/netdev/net/c/a9628e88776e

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html