This is a note to let you know that I've just added the patch titled usbip: fix stub_dev to check for stream socket to the 4.9-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: usbip-fix-stub_dev-to-check-for-stream-socket.patch and it can be found in the queue-4.9 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 47ccc8fc2c9c94558b27b6f9e2582df32d29e6e8 Mon Sep 17 00:00:00 2001 From: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx> Date: Sun, 7 Mar 2021 20:53:26 -0700 Subject: usbip: fix stub_dev to check for stream socket From: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx> commit 47ccc8fc2c9c94558b27b6f9e2582df32d29e6e8 upstream. Fix usbip_sockfd_store() to validate the passed in file descriptor is a stream socket. If the file descriptor passed was a SOCK_DGRAM socket, sock_recvmsg() can't detect end of stream. Cc: stable@xxxxxxxxxxxxxxx Suggested-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> Signed-off-by: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx> Link: https://lore.kernel.org/r/e942d2bd03afb8e8552bd2a5d84e18d17670d521.1615171203.git.skhan@xxxxxxxxxxxxxxxxxxx Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- drivers/usb/usbip/stub_dev.c | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) --- a/drivers/usb/usbip/stub_dev.c +++ b/drivers/usb/usbip/stub_dev.c @@ -83,8 +83,16 @@ static ssize_t store_sockfd(struct devic } socket = sockfd_lookup(sockfd, &err); - if (!socket) + if (!socket) { + dev_err(dev, "failed to lookup sock"); goto err; + } + + if (socket->type != SOCK_STREAM) { + dev_err(dev, "Expecting SOCK_STREAM - found %d", + socket->type); + goto sock_err; + } sdev->ud.tcp_socket = socket; sdev->ud.sockfd = sockfd; @@ -114,6 +122,8 @@ static ssize_t store_sockfd(struct devic return count; +sock_err: + sockfd_put(socket); err: spin_unlock_irq(&sdev->ud.lock); return -EINVAL; Patches currently in stable-queue which might be from skhan@xxxxxxxxxxxxxxxxxxx are queue-4.9/usbip-fix-vudc-to-check-for-stream-socket.patch queue-4.9/usbip-fix-vhci_hcd-to-check-for-stream-socket.patch queue-4.9/usbip-fix-stub_dev-to-check-for-stream-socket.patch queue-4.9/usbip-fix-stub_dev-usbip_sockfd_store-races-leading-to-gpf.patch queue-4.9/usbip-fix-vhci_hcd-attach_store-races-leading-to-gpf.patch