Patch "net: sctp: fix bug in sctp_poll for SOCK_SELECT_ERR_QUEUE" has been added to the 3.11-stable tree

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

This is a note to let you know that I've just added the patch titled

    net: sctp: fix bug in sctp_poll for SOCK_SELECT_ERR_QUEUE

to the 3.11-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     net-sctp-fix-bug-in-sctp_poll-for-sock_select_err_queue.patch
and it can be found in the queue-3.11 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 5ddbbde060353c916670fb28113e93e936b2c513 Mon Sep 17 00:00:00 2001
From: Daniel Borkmann <dborkman@xxxxxxxxxx>
Date: Sat, 7 Sep 2013 16:44:59 +0200
Subject: net: sctp: fix bug in sctp_poll for SOCK_SELECT_ERR_QUEUE

From: Daniel Borkmann <dborkman@xxxxxxxxxx>

[ Upstream commit a0fb05d1aef0f5df936f80b726d1b3bfd4275f95 ]

If we do not add braces around ...

  mask |= POLLERR |
          sock_flag(sk, SOCK_SELECT_ERR_QUEUE) ? POLLPRI : 0;

... then this condition always evaluates to true as POLLERR is
defined as 8 and binary or'd with whatever result comes out of
sock_flag(). Hence instead of (X | Y) ? A : B, transform it into
X | (Y ? A : B). Unfortunatelty, commit 8facd5fb73 ("net: fix
smatch warnings inside datagram_poll") forgot about SCTP. :-(

Introduced by 7d4c04fc170 ("net: add option to enable error queue
packets waking select").

Signed-off-by: Daniel Borkmann <dborkman@xxxxxxxxxx>
Cc: Jacob Keller <jacob.e.keller@xxxxxxxxx>
Acked-by: Neil Horman <nhorman@xxxxxxxxxxxxx>
Acked-by: Vlad Yasevich <vyasevich@xxxxxxxxx>
Acked-by: Jacob Keller <jacob.e.keller@xxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 net/sctp/socket.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -6182,7 +6182,7 @@ unsigned int sctp_poll(struct file *file
 	/* Is there any exceptional events?  */
 	if (sk->sk_err || !skb_queue_empty(&sk->sk_error_queue))
 		mask |= POLLERR |
-			sock_flag(sk, SOCK_SELECT_ERR_QUEUE) ? POLLPRI : 0;
+			(sock_flag(sk, SOCK_SELECT_ERR_QUEUE) ? POLLPRI : 0);
 	if (sk->sk_shutdown & RCV_SHUTDOWN)
 		mask |= POLLRDHUP | POLLIN | POLLRDNORM;
 	if (sk->sk_shutdown == SHUTDOWN_MASK)


Patches currently in stable-queue which might be from dborkman@xxxxxxxxxx are

queue-3.11/net-sctp-rfc4443-do-not-report-icmp-redirects-to-user-space.patch
queue-3.11/net-sctp-fix-ipv6-ipsec-encryption-bug-in-sctp_v6_xmit.patch
queue-3.11/net-sctp-fix-bug-in-sctp_poll-for-sock_select_err_queue.patch
queue-3.11/net-fib-fib6_add-fix-potential-null-pointer-dereference.patch
queue-3.11/net-flow_dissector-fix-thoff-for-ipproto_ah.patch
queue-3.11/net-sctp-fix-smatch-warning-in-sctp_send_asconf_del_ip.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]