From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Maxime Jayat <maxime.jayat@mobile-devices.fr>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.10 03/21] net: socket: fix recvmmsg not returning error from sock_error
Date: Fri, 24 Feb 2017 09:40:02 +0100 [thread overview]
Message-ID: <20170224083851.500333953@linuxfoundation.org> (raw)
In-Reply-To: <20170224083851.364707301@linuxfoundation.org>
4.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maxime Jayat <maxime.jayat@mobile-devices.fr>
[ Upstream commit e623a9e9dec29ae811d11f83d0074ba254aba374 ]
Commit 34b88a68f26a ("net: Fix use after free in the recvmmsg exit path"),
changed the exit path of recvmmsg to always return the datagrams
variable and modified the error paths to set the variable to the error
code returned by recvmsg if necessary.
However in the case sock_error returned an error, the error code was
then ignored, and recvmmsg returned 0.
Change the error path of recvmmsg to correctly return the error code
of sock_error.
The bug was triggered by using recvmmsg on a CAN interface which was
not up. Linux 4.6 and later return 0 in this case while earlier
releases returned -ENETDOWN.
Fixes: 34b88a68f26a ("net: Fix use after free in the recvmmsg exit path")
Signed-off-by: Maxime Jayat <maxime.jayat@mobile-devices.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/socket.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/net/socket.c
+++ b/net/socket.c
@@ -2228,8 +2228,10 @@ int __sys_recvmmsg(int fd, struct mmsghd
return err;
err = sock_error(sock->sk);
- if (err)
+ if (err) {
+ datagrams = err;
goto out_put;
+ }
entry = mmsg;
compat_entry = (struct compat_mmsghdr __user *)mmsg;
next prev parent reply other threads:[~2017-02-24 8:44 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-24 8:39 [PATCH 4.10 00/21] 4.10.1-stable review Greg Kroah-Hartman
2017-02-24 8:40 ` [PATCH 4.10 01/21] ptr_ring: fix race conditions when resizing Greg Kroah-Hartman
2017-02-24 8:40 ` [PATCH 4.10 02/21] ip: fix IP_CHECKSUM handling Greg Kroah-Hartman
2017-02-24 8:40 ` Greg Kroah-Hartman [this message]
2017-02-24 8:40 ` [PATCH 4.10 04/21] tty: serial: msm: Fix module autoload Greg Kroah-Hartman
2017-02-24 8:40 ` [PATCH 4.10 05/21] USB: serial: mos7840: fix another NULL-deref at open Greg Kroah-Hartman
2017-02-24 8:40 ` [PATCH 4.10 06/21] USB: serial: cp210x: add new IDs for GE Bx50v3 boards Greg Kroah-Hartman
2017-02-24 8:40 ` [PATCH 4.10 07/21] USB: serial: ftdi_sio: fix modem-status error handling Greg Kroah-Hartman
2017-02-24 8:40 ` [PATCH 4.10 08/21] USB: serial: ftdi_sio: fix extreme low-latency setting Greg Kroah-Hartman
2017-02-24 8:40 ` [PATCH 4.10 09/21] USB: serial: ftdi_sio: fix line-status over-reporting Greg Kroah-Hartman
2017-02-24 8:40 ` [PATCH 4.10 10/21] USB: serial: digi_acceleport: fix OOB data sanity check Greg Kroah-Hartman
2017-02-24 8:40 ` [PATCH 4.10 11/21] USB: serial: spcp8x5: fix modem-status handling Greg Kroah-Hartman
2017-02-24 8:40 ` [PATCH 4.10 12/21] USB: serial: opticon: fix CTS retrieval at open Greg Kroah-Hartman
2017-02-24 8:40 ` [PATCH 4.10 13/21] USB: serial: ark3116: fix register-accessor error handling Greg Kroah-Hartman
2017-02-24 8:40 ` [PATCH 4.10 14/21] USB: serial: console: fix uninitialised spinlock Greg Kroah-Hartman
2017-02-24 8:40 ` [PATCH 4.10 15/21] x86/platform/goldfish: Prevent unconditional loading Greg Kroah-Hartman
2017-02-24 8:40 ` [PATCH 4.10 16/21] goldfish: Sanitize the broken interrupt handler Greg Kroah-Hartman
2017-02-24 8:40 ` [PATCH 4.10 17/21] netfilter: nf_ct_helper: warn when not applying default helper assignment Greg Kroah-Hartman
2017-02-24 8:40 ` [PATCH 4.10 18/21] ACPICA: Linuxize: Restore and fix Intel compiler build Greg Kroah-Hartman
2017-02-24 8:40 ` [PATCH 4.10 19/21] block: fix double-free in the failure path of cgwb_bdi_init() Greg Kroah-Hartman
2017-02-24 8:40 ` [PATCH 4.10 20/21] rtlwifi: rtl_usb: Fix for URB leaking when doing ifconfig up/down Greg Kroah-Hartman
2017-02-24 8:40 ` [PATCH 4.10 21/21] xfs: clear delalloc and cache on buffered write failure Greg Kroah-Hartman
2017-02-24 18:20 ` [PATCH 4.10 00/21] 4.10.1-stable review Shuah Khan
2017-02-26 15:54 ` Greg Kroah-Hartman
2017-02-25 4:24 ` Guenter Roeck
2017-02-26 15:54 ` Greg Kroah-Hartman
[not found] ` <58b076d2.04162e0a.21a12.5d40@mx.google.com>
2017-02-26 15:55 ` Greg Kroah-Hartman
2017-02-27 20:24 ` Kevin Hilman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170224083851.500333953@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=maxime.jayat@mobile-devices.fr \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox