* Patch "packet: in packet_do_bind, test fanout with bind_lock held" has been added to the 3.18-stable tree
@ 2017-10-19 13:08 gregkh
0 siblings, 0 replies; only message in thread
From: gregkh @ 2017-10-19 13:08 UTC (permalink / raw)
To: willemb, davem, edumazet, gregkh; +Cc: stable, stable-commits
This is a note to let you know that I've just added the patch titled
packet: in packet_do_bind, test fanout with bind_lock held
to the 3.18-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
packet-in-packet_do_bind-test-fanout-with-bind_lock-held.patch
and it can be found in the queue-3.18 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@vger.kernel.org> know about it.
>From foo@baz Thu Oct 19 14:44:13 CEST 2017
From: Willem de Bruijn <willemb@google.com>
Date: Tue, 26 Sep 2017 12:19:37 -0400
Subject: packet: in packet_do_bind, test fanout with bind_lock held
From: Willem de Bruijn <willemb@google.com>
[ Upstream commit 4971613c1639d8e5f102c4e797c3bf8f83a5a69e ]
Once a socket has po->fanout set, it remains a member of the group
until it is destroyed. The prot_hook must be constant and identical
across sockets in the group.
If fanout_add races with packet_do_bind between the test of po->fanout
and taking the lock, the bind call may make type or dev inconsistent
with that of the fanout group.
Hold po->bind_lock when testing po->fanout to avoid this race.
I had to introduce artificial delay (local_bh_enable) to actually
observe the race.
Fixes: dc99f600698d ("packet: Add fanout support.")
Signed-off-by: Willem de Bruijn <willemb@google.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/packet/af_packet.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -2662,13 +2662,15 @@ static int packet_do_bind(struct sock *s
int ret = 0;
bool unlisted = false;
- if (po->fanout)
- return -EINVAL;
-
lock_sock(sk);
spin_lock(&po->bind_lock);
rcu_read_lock();
+ if (po->fanout) {
+ ret = -EINVAL;
+ goto out_unlock;
+ }
+
if (name) {
dev = dev_get_by_name_rcu(sock_net(sk), name);
if (!dev) {
Patches currently in stable-queue which might be from willemb@google.com are
queue-3.18/packet-in-packet_do_bind-test-fanout-with-bind_lock-held.patch
queue-3.18/packet-hold-bind-lock-when-rebinding-to-fanout-hook.patch
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2017-10-19 13:08 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-10-19 13:08 Patch "packet: in packet_do_bind, test fanout with bind_lock held" has been added to the 3.18-stable tree gregkh
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).