Re: [lvc-project] [PATCH] [RFC] net: smc: fix fasync leak in smc_release()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2024-03-07 at 10:57 +0100, Jan Karcher wrote:

> We think it might be an option to secure the path in this function with 
> the smc->clcsock_release_lock.
> 
> ```
> 	lock_sock(&smc->sk);
> 	if (smc->use_fallback) {
> 		if (!smc->clcsock) {
> 			release_sock(&smc->sk);
> 			return -EBADF;
> 		}
> +		mutex_lock(&smc->clcsock_release_lock);
> 		answ = smc->clcsock->ops->ioctl(smc->clcsock, cmd, arg);
> +		mutex_unlock(&smc->clcsock_release_lock);
> 		release_sock(&smc->sk);
> 		return answ;
> 	}
> ```
> 
> What do yo think about this?

You're trying to fix it on the wrong path. FIOASYNC is a generic rather
than protocol-specific thing. So userspace 'ioctl(sock, FIOASYNC, [])'
call is handled with:

-> sys_ioctl()
  -> do_vfs_ioctl()
    -> ioctl_fioasync()
      -> filp->f_op->fasync() (which is sock_fasync() for all sockets)

rather than 'sock->ops->ioctl(...)'.

Dmitry
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Kernel Development]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Info]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux