Patch "crypto: af_alg - Forbid bind(2) when nokey child sockets are present" has been added to the 4.4-stable tree

[<gregkh@linuxfoundation.org>]

This is a note to let you know that I've just added the patch titled

    crypto: af_alg - Forbid bind(2) when nokey child sockets are present

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     crypto-af_alg-forbid-bind-2-when-nokey-child-sockets-are-present.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.


>From a6a48c565f6f112c6983e2a02b1602189ed6e26e Mon Sep 17 00:00:00 2001
From: Herbert Xu <herbert@gondor.apana.org.au>
Date: Wed, 13 Jan 2016 15:03:32 +0800
Subject: crypto: af_alg - Forbid bind(2) when nokey child sockets are present

From: Herbert Xu <herbert@gondor.apana.org.au>

commit a6a48c565f6f112c6983e2a02b1602189ed6e26e upstream.

This patch forbids the calling of bind(2) when there are child
sockets created by accept(2) in existence, even if they are created
on the nokey path.

This is needed as those child sockets have references to the tfm
object which bind(2) will destroy.

Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 crypto/af_alg.c |   16 +++++++---------
 1 file changed, 7 insertions(+), 9 deletions(-)

--- a/crypto/af_alg.c
+++ b/crypto/af_alg.c
@@ -130,19 +130,16 @@ EXPORT_SYMBOL_GPL(af_alg_release);
 void af_alg_release_parent(struct sock *sk)
 {
 	struct alg_sock *ask = alg_sk(sk);
-	bool last;
+	unsigned int nokey = ask->nokey_refcnt;
+	bool last = nokey && !ask->refcnt;
 
 	sk = ask->parent;
-
-	if (ask->nokey_refcnt && !ask->refcnt) {
-		sock_put(sk);
-		return;
-	}
-
 	ask = alg_sk(sk);
 
 	lock_sock(sk);
-	last = !--ask->refcnt;
+	ask->nokey_refcnt -= nokey;
+	if (!last)
+		last = !--ask->refcnt;
 	release_sock(sk);
 
 	if (last)
@@ -188,7 +185,7 @@ static int alg_bind(struct socket *sock,
 
 	err = -EBUSY;
 	lock_sock(sk);
-	if (ask->refcnt)
+	if (ask->refcnt | ask->nokey_refcnt)
 		goto unlock;
 
 	swap(ask->type, type);
@@ -306,6 +303,7 @@ int af_alg_accept(struct sock *sk, struc
 
 	if (nokey || !ask->refcnt++)
 		sock_hold(sk);
+	ask->nokey_refcnt += nokey;
 	alg_sk(sk2)->parent = sk;
 	alg_sk(sk2)->type = type;
 	alg_sk(sk2)->nokey_refcnt = nokey;


Patches currently in stable-queue which might be from herbert@gondor.apana.org.au are

queue-4.4/crypto-af_alg-disallow-bind-setkey-...-after-accept-2.patch
queue-4.4/crypto-crc32c-fix-crc32c-soft-dependency.patch
queue-4.4/crypto-af_alg-forbid-bind-2-when-nokey-child-sockets-are-present.patch
queue-4.4/crypto-algif_hash-fix-race-condition-in-hash_check_key.patch
queue-4.4/crypto-skcipher-add-crypto_skcipher_has_setkey.patch
queue-4.4/crypto-chacha20-ssse3-align-stack-pointer-to-64-bytes.patch
queue-4.4/crypto-algif_skcipher-add-key-check-exception-for-cipher_null.patch
queue-4.4/crypto-algif_hash-remove-custom-release-parent-function.patch
queue-4.4/crypto-algif_skcipher-load-tx-sg-list-after-waiting.patch
queue-4.4/crypto-algif_skcipher-require-setkey-before-accept-2.patch
queue-4.4/crypto-algif_skcipher-add-nokey-compatibility-path.patch
queue-4.4/crypto-shash-fix-has_key-setting.patch
queue-4.4/crypto-algif_skcipher-remove-custom-release-parent-function.patch
queue-4.4/crypto-af_alg-allow-af_af_alg_release_parent-to-be-called-on-nokey-path.patch
queue-4.4/crypto-hash-add-crypto_ahash_has_setkey.patch
queue-4.4/crypto-af_alg-add-nokey-compatibility-path.patch
queue-4.4/crypto-sun4i-ss-add-missing-statesize.patch
queue-4.4/crypto-algif_hash-require-setkey-before-accept-2.patch
queue-4.4/crypto-algif_skcipher-sendmsg-sg-marking-is-off-by-one.patch
queue-4.4/crypto-algif_skcipher-fix-race-condition-in-skcipher_check_key.patch
queue-4.4/crypto-caam-make-write-transactions-bufferable-on-ppc-platforms.patch
queue-4.4/crypto-af_alg-fix-socket-double-free-when-accept-fails.patch