From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Maxime Jayat <maxime.jayat@mobile-devices.fr>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.4 10/25] net: socket: fix recvmmsg not returning error from sock_error
Date: Fri, 24 Feb 2017 09:25:22 +0100 [thread overview]
Message-ID: <20170224082129.614671752@linuxfoundation.org> (raw)
In-Reply-To: <20170224082128.156304123@linuxfoundation.org>
4.4-stable review patch. If anyone has any objections, please let me know.
------------------
From: Maxime Jayat <maxime.jayat@mobile-devices.fr>
[ Upstream commit e623a9e9dec29ae811d11f83d0074ba254aba374 ]
Commit 34b88a68f26a ("net: Fix use after free in the recvmmsg exit path"),
changed the exit path of recvmmsg to always return the datagrams
variable and modified the error paths to set the variable to the error
code returned by recvmsg if necessary.
However in the case sock_error returned an error, the error code was
then ignored, and recvmmsg returned 0.
Change the error path of recvmmsg to correctly return the error code
of sock_error.
The bug was triggered by using recvmmsg on a CAN interface which was
not up. Linux 4.6 and later return 0 in this case while earlier
releases returned -ENETDOWN.
Fixes: 34b88a68f26a ("net: Fix use after free in the recvmmsg exit path")
Signed-off-by: Maxime Jayat <maxime.jayat@mobile-devices.fr>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/socket.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
--- a/net/socket.c
+++ b/net/socket.c
@@ -2185,8 +2185,10 @@ int __sys_recvmmsg(int fd, struct mmsghd
return err;
err = sock_error(sock->sk);
- if (err)
+ if (err) {
+ datagrams = err;
goto out_put;
+ }
entry = mmsg;
compat_entry = (struct compat_mmsghdr __user *)mmsg;
next prev parent reply other threads:[~2017-02-24 8:36 UTC|newest]
Thread overview: 39+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-02-24 8:25 [PATCH 4.4 00/25] 4.4.52-stable review Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 01/25] rtlwifi: rtl_usb: Fix missing entry in USB drivers private data Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 02/25] rtc: interface: ignore expired timers when enqueuing new timers Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 03/25] blk-mq: really fix plug list flushing for nomerge queues Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 04/25] net/llc: avoid BUG_ON() in skb_orphan() Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 05/25] packet: fix races in fanout_add() Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 06/25] packet: Do not call fanout_release from atomic contexts Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 07/25] dccp: fix freeing skb too early for IPV6_RECVPKTINFO Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 08/25] irda: Fix lockdep annotations in hashbin_delete() Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 09/25] ip: fix IP_CHECKSUM handling Greg Kroah-Hartman
2017-02-24 8:25 ` Greg Kroah-Hartman [this message]
2017-02-24 8:25 ` [PATCH 4.4 11/25] tty: serial: msm: Fix module autoload Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 12/25] USB: serial: mos7840: fix another NULL-deref at open Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 13/25] USB: serial: cp210x: add new IDs for GE Bx50v3 boards Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 14/25] USB: serial: ftdi_sio: fix modem-status error handling Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 15/25] USB: serial: ftdi_sio: fix extreme low-latency setting Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 16/25] USB: serial: ftdi_sio: fix line-status over-reporting Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 17/25] USB: serial: digi_acceleport: fix OOB data sanity check Greg Kroah-Hartman
2017-02-24 13:38 ` Ben Hutchings
2017-02-24 17:33 ` Johan Hovold
2017-02-24 17:55 ` Greg Kroah-Hartman
2017-02-24 18:13 ` Johan Hovold
2017-03-13 17:14 ` Johan Hovold
2017-03-15 7:16 ` Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 18/25] USB: serial: spcp8x5: fix modem-status handling Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 19/25] USB: serial: opticon: fix CTS retrieval at open Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 20/25] USB: serial: ark3116: fix register-accessor error handling Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 21/25] x86/platform/goldfish: Prevent unconditional loading Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 22/25] goldfish: Sanitize the broken interrupt handler Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 23/25] block: fix double-free in the failure path of cgwb_bdi_init() Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 24/25] rtlwifi: rtl_usb: Fix for URB leaking when doing ifconfig up/down Greg Kroah-Hartman
2017-02-24 8:25 ` [PATCH 4.4 25/25] Revert "usb: chipidea: imx: enable CI_HDRC_SET_NON_ZERO_TTHA" Greg Kroah-Hartman
2017-02-24 13:55 ` [PATCH 4.4 00/25] 4.4.52-stable review Ben Hutchings
2017-02-24 14:43 ` Greg Kroah-Hartman
2017-02-24 15:31 ` David Miller
2017-02-24 15:41 ` Greg Kroah-Hartman
2017-02-24 16:30 ` Ben Hutchings
2017-02-24 16:22 ` Guenter Roeck
2017-02-24 18:15 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170224082129.614671752@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=maxime.jayat@mobile-devices.fr \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).