From: <gregkh@linuxfoundation.org>
To: edumazet@google.com, davem@davemloft.net, dvyukov@google.com,
gregkh@linuxfoundation.org, tom@quantonium.net
Cc: <stable@vger.kernel.org>, <stable-commits@vger.kernel.org>
Subject: Patch "kcm: do not attach PF_KCM sockets to avoid deadlock" has been added to the 4.9-stable tree
Date: Thu, 14 Sep 2017 23:22:13 -0700 [thread overview]
Message-ID: <150545653383106@kroah.com> (raw)
This is a note to let you know that I've just added the patch titled
kcm: do not attach PF_KCM sockets to avoid deadlock
to the 4.9-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
kcm-do-not-attach-pf_kcm-sockets-to-avoid-deadlock.patch
and it can be found in the queue-4.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From foo@baz Thu Sep 14 23:20:08 PDT 2017
From: Eric Dumazet <edumazet@google.com>
Date: Wed, 30 Aug 2017 09:29:31 -0700
Subject: kcm: do not attach PF_KCM sockets to avoid deadlock
From: Eric Dumazet <edumazet@google.com>
[ Upstream commit 351050ecd6523374b370341cc29fe61e2201556b ]
syzkaller had no problem to trigger a deadlock, attaching a KCM socket
to another one (or itself). (original syzkaller report was a very
confusing lockdep splat during a sendmsg())
It seems KCM claims to only support TCP, but no enforcement is done,
so we might need to add additional checks.
Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Acked-by: Tom Herbert <tom@quantonium.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/kcm/kcmsock.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/net/kcm/kcmsock.c
+++ b/net/kcm/kcmsock.c
@@ -1381,6 +1381,10 @@ static int kcm_attach(struct socket *soc
if (!csk)
return -EINVAL;
+ /* We must prevent loops or risk deadlock ! */
+ if (csk->sk_family == PF_KCM)
+ return -EOPNOTSUPP;
+
psock = kmem_cache_zalloc(kcm_psockp, GFP_KERNEL);
if (!psock)
return -ENOMEM;
Patches currently in stable-queue which might be from edumazet@google.com are
queue-4.9/ipv6-fix-typo-in-fib6_net_exit.patch
queue-4.9/ipv6-fix-sparse-warning-on-rt6i_node.patch
queue-4.9/udp-on-peeking-bad-csum-drop-packets-even-if-not-at-head.patch
queue-4.9/tcp-initialize-rcv_mss-to-tcp_min_mss-instead-of-0.patch
queue-4.9/ipv6-add-rcu-grace-period-before-freeing-fib6_node.patch
queue-4.9/kcm-do-not-attach-pf_kcm-sockets-to-avoid-deadlock.patch
reply other threads:[~2017-09-15 6:22 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=150545653383106@kroah.com \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=dvyukov@google.com \
--cc=edumazet@google.com \
--cc=stable-commits@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=tom@quantonium.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).