This is a note to let you know that I've just added the patch titled net/compat: Add missing sock updates for SCM_RIGHTS to the 5.8-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: net-compat-add-missing-sock-updates-for-scm_rights.patch and it can be found in the queue-5.8 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From d9539752d23283db4692384a634034f451261e29 Mon Sep 17 00:00:00 2001 From: Kees Cook <keescook@xxxxxxxxxxxx> Date: Tue, 9 Jun 2020 16:11:29 -0700 Subject: net/compat: Add missing sock updates for SCM_RIGHTS From: Kees Cook <keescook@xxxxxxxxxxxx> commit d9539752d23283db4692384a634034f451261e29 upstream. Add missed sock updates to compat path via a new helper, which will be used more in coming patches. (The net/core/scm.c code is left as-is here to assist with -stable backports for the compat path.) Cc: Christoph Hellwig <hch@xxxxxx> Cc: Sargun Dhillon <sargun@xxxxxxxxx> Cc: Jakub Kicinski <kuba@xxxxxxxxxx> Cc: stable@xxxxxxxxxxxxxxx Fixes: 48a87cc26c13 ("net: netprio: fd passed in SCM_RIGHTS datagram not set correctly") Fixes: d84295067fc7 ("net: net_cls: fd passed in SCM_RIGHTS datagram not set correctly") Acked-by: Christian Brauner <christian.brauner@xxxxxxxxxx> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- include/net/sock.h | 4 ++++ net/compat.c | 1 + net/core/sock.c | 21 +++++++++++++++++++++ 3 files changed, 26 insertions(+) --- a/include/net/sock.h +++ b/include/net/sock.h @@ -891,6 +891,8 @@ static inline int sk_memalloc_socks(void { return static_branch_unlikely(&memalloc_socks_key); } + +void __receive_sock(struct file *file); #else static inline int sk_memalloc_socks(void) @@ -898,6 +900,8 @@ static inline int sk_memalloc_socks(void return 0; } +static inline void __receive_sock(struct file *file) +{ } #endif static inline gfp_t sk_gfp_mask(const struct sock *sk, gfp_t gfp_mask) --- a/net/compat.c +++ b/net/compat.c @@ -309,6 +309,7 @@ void scm_detach_fds_compat(struct msghdr break; } /* Bump the usage count and install the file. */ + __receive_sock(fp[i]); fd_install(new_fd, get_file(fp[i])); } --- a/net/core/sock.c +++ b/net/core/sock.c @@ -2842,6 +2842,27 @@ int sock_no_mmap(struct file *file, stru } EXPORT_SYMBOL(sock_no_mmap); +/* + * When a file is received (via SCM_RIGHTS, etc), we must bump the + * various sock-based usage counts. + */ +void __receive_sock(struct file *file) +{ + struct socket *sock; + int error; + + /* + * The resulting value of "error" is ignored here since we only + * need to take action when the file is a socket and testing + * "sock" for NULL is sufficient. + */ + sock = sock_from_file(file, &error); + if (sock) { + sock_update_netprioidx(&sock->sk->sk_cgrp_data); + sock_update_classid(&sock->sk->sk_cgrp_data); + } +} + ssize_t sock_no_sendpage(struct socket *sock, struct page *page, int offset, size_t size, int flags) { ssize_t res; Patches currently in stable-queue which might be from keescook@xxxxxxxxxxxx are queue-5.8/net-compat-add-missing-sock-updates-for-scm_rights.patch queue-5.8/pidfd-add-missing-sock-updates-for-pidfd_getfd.patch queue-5.8/selftests-seccomp-set-nnp-for-tsync-esrch-flag-test.patch queue-5.8/mm-fix-kthread_use_mm-vs-tlb-invalidate.patch