From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: stable@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
patches@lists.linux.dev, Marc Dionne <marc.dionne@auristor.com>,
Willem de Bruijn <willemb@google.com>,
"David S. Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>
Subject: [PATCH 6.6 044/124] net: Save and restore msg_namelen in sock_sendmsg
Date: Mon, 8 Jan 2024 16:07:50 +0100 [thread overview]
Message-ID: <20240108150605.002598206@linuxfoundation.org> (raw)
In-Reply-To: <20240108150602.976232871@linuxfoundation.org>
6.6-stable review patch. If anyone has any objections, please let me know.
------------------
From: Marc Dionne <marc.dionne@auristor.com>
[ Upstream commit 01b2885d9415152bcb12ff1f7788f500a74ea0ed ]
Commit 86a7e0b69bd5 ("net: prevent rewrite of msg_name in
sock_sendmsg()") made sock_sendmsg save the incoming msg_name pointer
and restore it before returning, to insulate the caller against
msg_name being changed by the called code. If the address length
was also changed however, we may return with an inconsistent structure
where the length doesn't match the address, and attempts to reuse it may
lead to lost packets.
For example, a kernel that doesn't have commit 1c5950fc6fe9 ("udp6: fix
potential access to stale information") will replace a v4 mapped address
with its ipv4 equivalent, and shorten namelen accordingly from 28 to 16.
If the caller attempts to reuse the resulting msg structure, it will have
the original ipv6 (v4 mapped) address but an incorrect v4 length.
Fixes: 86a7e0b69bd5 ("net: prevent rewrite of msg_name in sock_sendmsg()")
Signed-off-by: Marc Dionne <marc.dionne@auristor.com>
Reviewed-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/socket.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/net/socket.c b/net/socket.c
index c4a6f55329552..8d83c4bb163b4 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -757,6 +757,7 @@ int sock_sendmsg(struct socket *sock, struct msghdr *msg)
{
struct sockaddr_storage *save_addr = (struct sockaddr_storage *)msg->msg_name;
struct sockaddr_storage address;
+ int save_len = msg->msg_namelen;
int ret;
if (msg->msg_name) {
@@ -766,6 +767,7 @@ int sock_sendmsg(struct socket *sock, struct msghdr *msg)
ret = __sock_sendmsg(sock, msg);
msg->msg_name = save_addr;
+ msg->msg_namelen = save_len;
return ret;
}
--
2.43.0
next prev parent reply other threads:[~2024-01-08 15:11 UTC|newest]
Thread overview: 140+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-01-08 15:07 [PATCH 6.6 000/124] 6.6.11-rc1 review Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 001/124] keys, dns: Fix missing size check of V1 server-list header Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 002/124] ALSA: hda/tas2781: do not use regcache Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 003/124] ALSA: hda/tas2781: move set_drv_data outside tasdevice_init Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 004/124] ALSA: hda/tas2781: remove sound controls in unbind Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 005/124] ALSA: hda/realtek: enable SND_PCI_QUIRK for hp pavilion 14-ec1xxx series Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 006/124] ALSA: hda/realtek: fix mute/micmute LEDs for a HP ZBook Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 007/124] ALSA: hda/realtek: Fix mute and mic-mute LEDs for HP ProBook 440 G6 Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 008/124] drm/amd/display: pbn_div need be updated for hotplug event Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 009/124] mptcp: prevent tcp diag from closing listener subflows Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 010/124] Revert "PCI/ASPM: Remove pcie_aspm_pm_state_change()" Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 011/124] drm/mgag200: Fix gamma lut not initialized for G200ER, G200EV, G200SE Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 012/124] cifs: cifs_chan_is_iface_active should be called with chan_lock held Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 013/124] cifs: do not depend on release_iface for maintaining iface_list Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 014/124] KVM: x86/pmu: fix masking logic for MSR_CORE_PERF_GLOBAL_CTRL Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 015/124] accel/qaic: Fix GEM import path code Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 016/124] accel/qaic: Implement quirk for SOC_HW_VERSION Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 017/124] wifi: iwlwifi: pcie: dont synchronize IRQs from IRQ Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 018/124] drm/bridge: parade-ps8640: Never store more than msg->size bytes in AUX xfer Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 019/124] drm/bridge: ti-sn65dsi86: " Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 020/124] drm/bridge: ps8640: Fix size mismatch warning w/ len Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 021/124] netfilter: nf_tables: set transport offset from mac header for netdev/egress Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 022/124] nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 023/124] octeontx2-af: Fix marking couple of structure as __packed Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 024/124] drm/i915/dp: Fix passing the correct DPCD_REV for drm_dp_set_phy_test_pattern Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 025/124] drm/i915/perf: Update handling of MMIO triggered reports Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 026/124] ice: Fix link_down_on_close message Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 027/124] ice: Shut down VSI with "link-down-on-close" enabled Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 028/124] i40e: Fix filter input checks to prevent config with invalid values Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 029/124] igc: Report VLAN EtherType matching back to user Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 030/124] igc: Check VLAN TCI mask Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 031/124] igc: Check VLAN EtherType mask Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 032/124] ASoC: fsl_rpmsg: Fix error handler with pm_runtime_enable Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 033/124] ASoC: mediatek: mt8186: fix AUD_PAD_TOP register and offset Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 034/124] mlxbf_gige: fix receive packet race condition Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 035/124] net: sched: em_text: fix possible memory leak in em_text_destroy() Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 036/124] r8169: Fix PCI error on system resume Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 037/124] net: Implement missing getsockopt(SO_TIMESTAMPING_NEW) Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 038/124] selftests: bonding: do not set port down when adding to bond Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 039/124] ARM: sun9i: smp: Fix array-index-out-of-bounds read in sunxi_mc_smp_init Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 040/124] sfc: fix a double-free bug in efx_probe_filters Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 041/124] net: bcmgenet: Fix FCS generation for fragmented skbuffs Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 042/124] netfilter: nf_nat: fix action not being set for all ct states Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 043/124] netfilter: nft_immediate: drop chain reference counter on error Greg Kroah-Hartman
2024-01-08 15:07 ` Greg Kroah-Hartman [this message]
2024-01-08 15:07 ` [PATCH 6.6 045/124] i40e: fix use-after-free in i40e_aqc_add_filters() Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 046/124] ASoC: meson: g12a-toacodec: Validate written enum values Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 047/124] ASoC: meson: g12a-tohdmitx: " Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 048/124] ASoC: meson: g12a-toacodec: Fix event generation Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 049/124] ASoC: meson: g12a-tohdmitx: Fix event generation for S/PDIF mux Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 050/124] i40e: Restore VF MSI-X state during PCI reset Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 051/124] igc: Fix hicredit calculation Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 052/124] apparmor: Fix move_mount mediation by detecting if source is detached Greg Kroah-Hartman
2024-01-08 15:07 ` [PATCH 6.6 053/124] virtio_net: avoid data-races on dev->stats fields Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 054/124] virtio_net: fix missing dma unmap for resize Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 055/124] net/qla3xxx: fix potential memleak in ql_alloc_buffer_queues Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 056/124] net/smc: fix invalid link access in dumping SMC-R connections Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 057/124] octeontx2-af: Always configure NIX TX link credits based on max frame size Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 058/124] octeontx2-af: Re-enable MAC TX in otx2_stop processing Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 059/124] asix: Add check for usbnet_get_endpoints Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 060/124] net: ravb: Wait for operating mode to be applied Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 061/124] bnxt_en: Remove mis-applied code from bnxt_cfg_ntp_filters() Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 062/124] net: Implement missing SO_TIMESTAMPING_NEW cmsg support Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 063/124] mm: convert DAX lock/unlock page to lock/unlock folio Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 064/124] mm/memory-failure: pass the folio and the page to collect_procs() Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 065/124] xsk: add multi-buffer support for sockets sharing umem Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 066/124] media: qcom: camss: Fix V4L2 async notifier error path Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 067/124] media: qcom: camss: Fix genpd cleanup Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 068/124] tcp: derive delack_max from rto_min Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 069/124] bpftool: Fix -Wcast-qual warning Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 070/124] bpftool: Align output skeleton ELF code Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 071/124] crypto: xts - use spawn for underlying single-block cipher Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 072/124] crypto: qat - fix double free during reset Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 073/124] crypto: hisilicon/qm - fix EQ/AEQ interrupt issue Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 074/124] vfio/mtty: Overhaul mtty interrupt handling Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 075/124] clk: si521xx: Increase stack based print buffer size in probe Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 076/124] RDMA/mlx5: Fix mkey cache WQ flush Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 077/124] ACPI: thermal: Fix acpi_thermal_unregister_thermal_zone() cleanup Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 078/124] rcu: Break rcu_node_0 --> &rq->__lock order Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 079/124] rcu: Introduce rcu_cpu_online() Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 080/124] rcu/tasks: Handle new PF_IDLE semantics Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 081/124] rcu/tasks-trace: " Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 082/124] riscv: dont probe unaligned access speed if already done Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 083/124] KVM: s390: vsie: fix wrong VIR 37 when MSO is used Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 084/124] phy: ti: gmii-sel: Fix register offset when parent is not a syscon node Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 085/124] dmaengine: ti: k3-psil-am62: Fix SPI PDMA data Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 086/124] dmaengine: ti: k3-psil-am62a: " Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 087/124] dmaengine: fsl-edma: Do not suspend and resume the masked dma channel when the system is sleeping Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 088/124] dmaengine: fsl-edma: Add judgment on enabling round robin arbitration Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 089/124] iio: imu: adis16475: use bit numbers in assign_bit() Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 090/124] iommu/vt-d: Support enforce_cache_coherency only for empty domains Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 091/124] phy: mediatek: mipi: mt8183: fix minimal supported frequency Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 092/124] phy: sunplus: return negative error code in sp_usb_phy_probe Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 093/124] clk: rockchip: rk3128: Fix aclk_peri_srcs parent Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 094/124] clk: rockchip: rk3128: Fix SCLK_SDMMCs clock name Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 095/124] drm/i915: Call intel_pre_plane_updates() also for pipes getting enabled Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 096/124] drm/amd/display: Increase num voltage states to 40 Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 097/124] cxl: Add cxl_decoders_committed() helper Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 098/124] cxl/core: Always hold region_rwsem while reading poison lists Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 099/124] kernel/resource: Increment by align value in get_free_mem_region() Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 100/124] drm/amd/display: Increase frame warning limit with KASAN or KCSAN in dml Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 101/124] dmaengine: idxd: Protect int_handle field in hw descriptor Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 102/124] dmaengine: fsl-edma: fix wrong pointer check in fsl_edma3_attach_pd() Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 103/124] RISCV: KVM: update external interrupt atomically for IMSIC swfile Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 104/124] powerpc/pseries/vas: Migration suspend waits for no in-progress open windows Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 105/124] net: prevent mss overflow in skb_segment() Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 106/124] cxl/pmu: Ensure put_device on pmu devices Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 107/124] net: libwx: fix memory leak on free page Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 108/124] net: constify sk_dst_get() and __sk_dst_get() argument Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 109/124] mm/mglru: skip special VMAs in lru_gen_look_around() Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 110/124] firewire: ohci: suppress unexpected system reboot in AMD Ryzen machines and ASM108x/VT630x PCIe cards Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 111/124] x86/kprobes: fix incorrect return address calculation in kprobe_emulate_call_indirect Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 112/124] i2c: core: Fix atomic xfer check for non-preempt config Greg Kroah-Hartman
2024-01-08 15:08 ` [PATCH 6.6 113/124] mm: fix unmap_mapping_range high bits shift bug Greg Kroah-Hartman
2024-01-08 15:09 ` [PATCH 6.6 114/124] drm/amdgpu: skip gpu_info fw loading on navi12 Greg Kroah-Hartman
2024-01-08 15:09 ` [PATCH 6.6 115/124] drm/amd/display: add nv12 bounding box Greg Kroah-Hartman
2024-01-08 15:09 ` [PATCH 6.6 116/124] drm/amd/display: Fix sending VSC (+ colorimetry) packets for DP/eDP displays without PSR Greg Kroah-Hartman
2024-01-08 15:09 ` [PATCH 6.6 117/124] mmc: meson-mx-sdhc: Fix initialization frozen issue Greg Kroah-Hartman
2024-01-08 15:09 ` [PATCH 6.6 118/124] mmc: rpmb: fixes pause retune on all RPMB partitions Greg Kroah-Hartman
2024-01-08 15:09 ` [PATCH 6.6 119/124] mmc: core: Cancel delayed work before releasing host Greg Kroah-Hartman
2024-01-08 15:09 ` [PATCH 6.6 120/124] mmc: sdhci-sprd: Fix eMMC init failure after hw reset Greg Kroah-Hartman
2024-01-08 15:09 ` [PATCH 6.6 121/124] cxl: Add cxl_num_decoders_committed() usage to cxl_test Greg Kroah-Hartman
2024-01-08 15:09 ` [PATCH 6.6 122/124] cxl/hdm: Fix a benign lockdep splat Greg Kroah-Hartman
2024-01-08 15:09 ` [PATCH 6.6 123/124] cxl/memdev: Hold region_rwsem during inject and clear poison ops Greg Kroah-Hartman
2024-01-08 15:09 ` [PATCH 6.6 124/124] media: qcom: camss: Comment CSID dt_id field Greg Kroah-Hartman
2024-01-08 17:58 ` [PATCH 6.6 000/124] 6.6.11-rc1 review SeongJae Park
2024-01-08 18:50 ` Florian Fainelli
2024-01-08 19:02 ` Allen
2024-01-08 20:55 ` Shuah Khan
2024-01-09 7:03 ` Bagas Sanjaya
2024-01-09 7:32 ` Ron Economos
2024-01-09 11:31 ` Naresh Kamboju
2024-01-09 11:44 ` Takeshi Ogasawara
2024-01-09 13:08 ` Luna Jernberg
2024-01-09 13:29 ` Conor Dooley
2024-01-09 13:46 ` Jon Hunter
2024-01-09 18:59 ` Kelsey Steele
2024-01-10 2:16 ` Harshit Mogalapalli
2024-01-10 11:01 ` Shreeya Patel
2024-01-10 11:29 ` Ricardo B. Marliere
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240108150605.002598206@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=marc.dionne@auristor.com \
--cc=patches@lists.linux.dev \
--cc=sashal@kernel.org \
--cc=stable@vger.kernel.org \
--cc=willemb@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox