This is a note to let you know that I've just added the patch titled kcm: do not attach PF_KCM sockets to avoid deadlock to the 4.12-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: kcm-do-not-attach-pf_kcm-sockets-to-avoid-deadlock.patch and it can be found in the queue-4.12 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From foo@baz Thu Sep 14 23:20:23 PDT 2017 From: Eric Dumazet <edumazet@xxxxxxxxxx> Date: Wed, 30 Aug 2017 09:29:31 -0700 Subject: kcm: do not attach PF_KCM sockets to avoid deadlock From: Eric Dumazet <edumazet@xxxxxxxxxx> [ Upstream commit 351050ecd6523374b370341cc29fe61e2201556b ] syzkaller had no problem to trigger a deadlock, attaching a KCM socket to another one (or itself). (original syzkaller report was a very confusing lockdep splat during a sendmsg()) It seems KCM claims to only support TCP, but no enforcement is done, so we might need to add additional checks. Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module") Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx> Reported-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx> Acked-by: Tom Herbert <tom@xxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- net/kcm/kcmsock.c | 4 ++++ 1 file changed, 4 insertions(+) --- a/net/kcm/kcmsock.c +++ b/net/kcm/kcmsock.c @@ -1383,6 +1383,10 @@ static int kcm_attach(struct socket *soc if (!csk) return -EINVAL; + /* We must prevent loops or risk deadlock ! */ + if (csk->sk_family == PF_KCM) + return -EOPNOTSUPP; + psock = kmem_cache_zalloc(kcm_psockp, GFP_KERNEL); if (!psock) return -ENOMEM; Patches currently in stable-queue which might be from edumazet@xxxxxxxxxx are queue-4.12/ipv6-fix-typo-in-fib6_net_exit.patch queue-4.12/ipv6-fix-sparse-warning-on-rt6i_node.patch queue-4.12/udp-on-peeking-bad-csum-drop-packets-even-if-not-at-head.patch queue-4.12/ipv6-add-rcu-grace-period-before-freeing-fib6_node.patch queue-4.12/kcm-do-not-attach-pf_kcm-sockets-to-avoid-deadlock.patch