On Thu, 2024-03-07 at 10:57 +0100, Jan Karcher wrote: > We think it might be an option to secure the path in this function with > the smc->clcsock_release_lock. > > ``` > lock_sock(&smc->sk); > if (smc->use_fallback) { > if (!smc->clcsock) { > release_sock(&smc->sk); > return -EBADF; > } > + mutex_lock(&smc->clcsock_release_lock); > answ = smc->clcsock->ops->ioctl(smc->clcsock, cmd, arg); > + mutex_unlock(&smc->clcsock_release_lock); > release_sock(&smc->sk); > return answ; > } > ``` > > What do yo think about this? You're trying to fix it on the wrong path. FIOASYNC is a generic rather than protocol-specific thing. So userspace 'ioctl(sock, FIOASYNC, [])' call is handled with: -> sys_ioctl() -> do_vfs_ioctl() -> ioctl_fioasync() -> filp->f_op->fasync() (which is sock_fasync() for all sockets) rather than 'sock->ops->ioctl(...)'. Dmitry