Patch "kcm: do not attach PF_KCM sockets to avoid deadlock" has been added to the 4.12-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    kcm: do not attach PF_KCM sockets to avoid deadlock

to the 4.12-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     kcm-do-not-attach-pf_kcm-sockets-to-avoid-deadlock.patch
and it can be found in the queue-4.12 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From foo@baz Thu Sep 14 23:20:23 PDT 2017
From: Eric Dumazet <edumazet@xxxxxxxxxx>
Date: Wed, 30 Aug 2017 09:29:31 -0700
Subject: kcm: do not attach PF_KCM sockets to avoid deadlock

From: Eric Dumazet <edumazet@xxxxxxxxxx>


[ Upstream commit 351050ecd6523374b370341cc29fe61e2201556b ]

syzkaller had no problem to trigger a deadlock, attaching a KCM socket
to another one (or itself). (original syzkaller report was a very
confusing lockdep splat during a sendmsg())

It seems KCM claims to only support TCP, but no enforcement is done,
so we might need to add additional checks.

Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
Reported-by: Dmitry Vyukov <dvyukov@xxxxxxxxxx>
Acked-by: Tom Herbert <tom@xxxxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 net/kcm/kcmsock.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/net/kcm/kcmsock.c
+++ b/net/kcm/kcmsock.c
@@ -1383,6 +1383,10 @@ static int kcm_attach(struct socket *soc
 	if (!csk)
 		return -EINVAL;
 
+	/* We must prevent loops or risk deadlock ! */
+	if (csk->sk_family == PF_KCM)
+		return -EOPNOTSUPP;
+
 	psock = kmem_cache_zalloc(kcm_psockp, GFP_KERNEL);
 	if (!psock)
 		return -ENOMEM;


Patches currently in stable-queue which might be from edumazet@xxxxxxxxxx are

queue-4.12/ipv6-fix-typo-in-fib6_net_exit.patch
queue-4.12/ipv6-fix-sparse-warning-on-rt6i_node.patch
queue-4.12/udp-on-peeking-bad-csum-drop-packets-even-if-not-at-head.patch
queue-4.12/ipv6-add-rcu-grace-period-before-freeing-fib6_node.patch
queue-4.12/kcm-do-not-attach-pf_kcm-sockets-to-avoid-deadlock.patch
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]