Patch "inet: read sk->sk_family once in inet_recv_error()" has been added to the 5.15-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This is a note to let you know that I've just added the patch titled

    inet: read sk->sk_family once in inet_recv_error()

to the 5.15-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     inet-read-sk-sk_family-once-in-inet_recv_error.patch
and it can be found in the queue-5.15 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit 719fe0f08db7b80a77735eb8b22351a304f6fb2d
Author: Eric Dumazet <edumazet@xxxxxxxxxx>
Date:   Fri Feb 2 09:54:04 2024 +0000

    inet: read sk->sk_family once in inet_recv_error()
    
    [ Upstream commit eef00a82c568944f113f2de738156ac591bbd5cd ]
    
    inet_recv_error() is called without holding the socket lock.
    
    IPv6 socket could mutate to IPv4 with IPV6_ADDRFORM
    socket option and trigger a KCSAN warning.
    
    Fixes: f4713a3dfad0 ("net-timestamp: make tcp_recvmsg call ipv6_recv_error for AF_INET6 socks")
    Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
    Cc: Willem de Bruijn <willemb@xxxxxxxxxx>
    Reviewed-by: Willem de Bruijn <willemb@xxxxxxxxxx>
    Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 6f6c05f198da..487f75993bf4 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1605,10 +1605,12 @@ EXPORT_SYMBOL(inet_current_timestamp);
 
 int inet_recv_error(struct sock *sk, struct msghdr *msg, int len, int *addr_len)
 {
-	if (sk->sk_family == AF_INET)
+	unsigned int family = READ_ONCE(sk->sk_family);
+
+	if (family == AF_INET)
 		return ip_recv_error(sk, msg, len, addr_len);
 #if IS_ENABLED(CONFIG_IPV6)
-	if (sk->sk_family == AF_INET6)
+	if (family == AF_INET6)
 		return pingv6_ops.ipv6_recv_error(sk, msg, len, addr_len);
 #endif
 	return -EINVAL;




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux