From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Andrey Konovalov <andreyknvl@google.com>,
Cong Wang <xiyou.wangcong@gmail.com>,
Oliver Hartkopp <socketcan@hartkopp.net>,
Marc Kleine-Budde <mkl@pengutronix.de>
Subject: [PATCH 4.4 06/31] can: bcm: fix warning in bcm_connect/proc_register
Date: Thu, 24 Nov 2016 15:55:27 +0100 [thread overview]
Message-ID: <20161124145447.294497189@linuxfoundation.org> (raw)
In-Reply-To: <20161124145446.993225208@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Oliver Hartkopp <socketcan@hartkopp.net>
commit deb507f91f1adbf64317ad24ac46c56eeccfb754 upstream.
Andrey Konovalov reported an issue with proc_register in bcm.c.
As suggested by Cong Wang this patch adds a lock_sock() protection and
a check for unsuccessful proc_create_data() in bcm_connect().
Reference: http://marc.info/?l=linux-netdev&m=147732648731237
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Suggested-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/can/bcm.c | 32 +++++++++++++++++++++++---------
1 file changed, 23 insertions(+), 9 deletions(-)
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -1500,24 +1500,31 @@ static int bcm_connect(struct socket *so
struct sockaddr_can *addr = (struct sockaddr_can *)uaddr;
struct sock *sk = sock->sk;
struct bcm_sock *bo = bcm_sk(sk);
+ int ret = 0;
if (len < sizeof(*addr))
return -EINVAL;
- if (bo->bound)
- return -EISCONN;
+ lock_sock(sk);
+
+ if (bo->bound) {
+ ret = -EISCONN;
+ goto fail;
+ }
/* bind a device to this socket */
if (addr->can_ifindex) {
struct net_device *dev;
dev = dev_get_by_index(&init_net, addr->can_ifindex);
- if (!dev)
- return -ENODEV;
-
+ if (!dev) {
+ ret = -ENODEV;
+ goto fail;
+ }
if (dev->type != ARPHRD_CAN) {
dev_put(dev);
- return -ENODEV;
+ ret = -ENODEV;
+ goto fail;
}
bo->ifindex = dev->ifindex;
@@ -1528,17 +1535,24 @@ static int bcm_connect(struct socket *so
bo->ifindex = 0;
}
- bo->bound = 1;
-
if (proc_dir) {
/* unique socket address as filename */
sprintf(bo->procname, "%lu", sock_i_ino(sk));
bo->bcm_proc_read = proc_create_data(bo->procname, 0644,
proc_dir,
&bcm_proc_fops, sk);
+ if (!bo->bcm_proc_read) {
+ ret = -ENOMEM;
+ goto fail;
+ }
}
- return 0;
+ bo->bound = 1;
+
+fail:
+ release_sock(sk);
+
+ return ret;
}
static int bcm_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,
next prev parent reply other threads:[~2016-11-24 14:55 UTC|newest]
Thread overview: 29+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20161124145446.993225208@linuxfoundation.org>
2016-11-24 14:55 ` [PATCH 4.4 01/31] x86/cpu/AMD: Fix cpu_llc_id for AMD Fam17h systems Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 04/31] fuse: fix fuse_write_end() if zero bytes were copied Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 05/31] mfd: intel-lpss: Do not put device in reset state on suspend Greg Kroah-Hartman
2016-11-24 15:25 ` Shaikh, Azhar
2016-11-24 14:55 ` Greg Kroah-Hartman [this message]
2016-11-24 14:55 ` [PATCH 4.4 07/31] i2c: mux: fix up dependencies Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 09/31] scripts/has-stack-protector: add -fno-PIE Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 10/31] x86/kexec: " Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 11/31] kbuild: Steal gccs pie from the very beginning Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 12/31] ext4: sanity check the block and cluster size at mount time Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 15/31] clk: mmp: pxa910: fix return value check in pxa910_clk_init() Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 16/31] clk: mmp: pxa168: fix return value check in pxa168_clk_init() Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 17/31] clk: mmp: mmp2: fix return value check in mmp2_clk_init() Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 18/31] rtc: omap: Fix selecting external osc Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 19/31] iwlwifi: pcie: fix SPLC structure parsing Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 20/31] mfd: core: Fix device reference leak in mfd_clone_cell Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 21/31] uwb: fix device reference leaks Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 22/31] PM / sleep: fix device reference leak in test_suspend Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 23/31] PM / sleep: dont suspend parent when async child suspend_{noirq, late} fails Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 24/31] IB/mlx4: Check gid_index return value Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 25/31] IB/mlx4: Fix create CQ error flow Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 26/31] IB/mlx5: Use cache line size to select CQE stride Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 27/31] IB/mlx5: Fix fatal error dispatching Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 28/31] IB/core: Avoid unsigned int overflow in sg_alloc_table Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 29/31] IB/uverbs: Fix leak of XRC target QPs Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 30/31] IB/cm: Mark stale CM ids whenever the mad agent was unregistered Greg Kroah-Hartman
2016-11-24 14:55 ` [PATCH 4.4 31/31] netfilter: nft_dynset: fix element timeout for HZ != 1000 Greg Kroah-Hartman
2016-11-24 23:13 ` [PATCH 4.4 00/31] 4.4.35-stable review Guenter Roeck
[not found] ` <5837c0c8.54161c0a.7b168.f7d1@mx.google.com>
2016-11-25 9:47 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20161124145447.294497189@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=andreyknvl@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mkl@pengutronix.de \
--cc=socketcan@hartkopp.net \
--cc=stable@vger.kernel.org \
--cc=xiyou.wangcong@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).