From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:59524 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751710AbdFHHBP (ORCPT ); Thu, 8 Jun 2017 03:01:15 -0400 Subject: Patch "net: ping: do not abuse udp_poll()" has been added to the 4.9-stable tree To: edumazet@google.com, alexander.levin@verizon.com, davem@davemloft.net, gregkh@linuxfoundation.org, lorenzo@google.com, segoon@openwall.com, solar@openwall.com Cc: , From: Date: Thu, 08 Jun 2017 08:59:55 +0200 Message-ID: <1496905195185@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled net: ping: do not abuse udp_poll() to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: net-ping-do-not-abuse-udp_poll.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From foo@baz Thu Jun 8 08:58:26 CEST 2017 From: Eric Dumazet Date: Sat, 3 Jun 2017 09:29:25 -0700 Subject: net: ping: do not abuse udp_poll() From: Eric Dumazet [ Upstream commit 77d4b1d36926a9b8387c6b53eeba42bcaaffcea3 ] Alexander reported various KASAN messages triggered in recent kernels The problem is that ping sockets should not use udp_poll() in the first place, and recent changes in UDP stack finally exposed this old bug. Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind") Fixes: 6d0bfe226116 ("net: ipv6: Add IPv6 support to the ping socket.") Signed-off-by: Eric Dumazet Reported-by: Sasha Levin Cc: Solar Designer Cc: Vasiliy Kulikov Cc: Lorenzo Colitti Acked-By: Lorenzo Colitti Tested-By: Lorenzo Colitti Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- include/net/ipv6.h | 1 + net/ipv4/af_inet.c | 2 +- net/ipv6/ping.c | 2 +- net/ipv6/raw.c | 2 +- 4 files changed, 4 insertions(+), 3 deletions(-) --- a/include/net/ipv6.h +++ b/include/net/ipv6.h @@ -1001,6 +1001,7 @@ int inet6_hash_connect(struct inet_timew */ extern const struct proto_ops inet6_stream_ops; extern const struct proto_ops inet6_dgram_ops; +extern const struct proto_ops inet6_sockraw_ops; struct group_source_req; struct group_filter; --- a/net/ipv4/af_inet.c +++ b/net/ipv4/af_inet.c @@ -1015,7 +1015,7 @@ static struct inet_protosw inetsw_array[ .type = SOCK_DGRAM, .protocol = IPPROTO_ICMP, .prot = &ping_prot, - .ops = &inet_dgram_ops, + .ops = &inet_sockraw_ops, .flags = INET_PROTOSW_REUSE, }, --- a/net/ipv6/ping.c +++ b/net/ipv6/ping.c @@ -198,7 +198,7 @@ static struct inet_protosw pingv6_protos .type = SOCK_DGRAM, .protocol = IPPROTO_ICMPV6, .prot = &pingv6_prot, - .ops = &inet6_dgram_ops, + .ops = &inet6_sockraw_ops, .flags = INET_PROTOSW_REUSE, }; --- a/net/ipv6/raw.c +++ b/net/ipv6/raw.c @@ -1330,7 +1330,7 @@ void raw6_proc_exit(void) #endif /* CONFIG_PROC_FS */ /* Same as inet6_dgram_ops, sans udp_poll. */ -static const struct proto_ops inet6_sockraw_ops = { +const struct proto_ops inet6_sockraw_ops = { .family = PF_INET6, .owner = THIS_MODULE, .release = inet6_release, Patches currently in stable-queue which might be from edumazet@google.com are queue-4.9/tcp-disallow-cwnd-undo-when-switching-congestion-control.patch queue-4.9/net-ping-do-not-abuse-udp_poll.patch