Patch "usbip: fix vhci_hcd to check for stream socket" has been added to the 4.4-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Sun, 14 Mar 2021 13:24:43 +0100

This is a note to let you know that I've just added the patch titled

    usbip: fix vhci_hcd to check for stream socket

to the 4.4-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     usbip-fix-vhci_hcd-to-check-for-stream-socket.patch
and it can be found in the queue-4.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From f55a0571690c4aae03180e001522538c0927432f Mon Sep 17 00:00:00 2001
From: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx>
Date: Sun, 7 Mar 2021 20:53:27 -0700
Subject: usbip: fix vhci_hcd to check for stream socket

From: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx>

commit f55a0571690c4aae03180e001522538c0927432f upstream.

Fix attach_store() to validate the passed in file descriptor is a
stream socket. If the file descriptor passed was a SOCK_DGRAM socket,
sock_recvmsg() can't detect end of stream.

Cc: stable@xxxxxxxxxxxxxxx
Suggested-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx>
Link: https://lore.kernel.org/r/52712aa308915bda02cece1589e04ee8b401d1f3.1615171203.git.skhan@xxxxxxxxxxxxxxxxxxx
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 drivers/usb/usbip/vhci_sysfs.c |   10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

--- a/drivers/usb/usbip/vhci_sysfs.c
+++ b/drivers/usb/usbip/vhci_sysfs.c
@@ -202,8 +202,16 @@ static ssize_t store_attach(struct devic
 
 	/* Extract socket from fd. */
 	socket = sockfd_lookup(sockfd, &err);
-	if (!socket)
+	if (!socket) {
+		dev_err(dev, "failed to lookup sock");
 		return -EINVAL;
+	}
+	if (socket->type != SOCK_STREAM) {
+		dev_err(dev, "Expecting SOCK_STREAM - found %d",
+			socket->type);
+		sockfd_put(socket);
+		return -EINVAL;
+	}
 
 	/* now need lock until setting vdev status as used */
 


Patches currently in stable-queue which might be from skhan@xxxxxxxxxxxxxxxxxxx are

queue-4.4/usbip-fix-vhci_hcd-to-check-for-stream-socket.patch
queue-4.4/usbip-fix-stub_dev-to-check-for-stream-socket.patch
queue-4.4/usbip-fix-stub_dev-usbip_sockfd_store-races-leading-to-gpf.patch






