Received: by 10.192.165.156 with SMTP id m28csp1069212imm; Wed, 11 Apr 2018 11:51:40 -0700 (PDT) X-Google-Smtp-Source: AIpwx48AcHjMiyP4njiXlDK9wgUtubkXpsFXvWnLtO2ZoSe7jDVJT7d1gRekBmF5EmajB+Y/9i1I X-Received: by 10.101.69.198 with SMTP id m6mr4275948pgr.244.1523472700536; Wed, 11 Apr 2018 11:51:40 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523472700; cv=none; d=google.com; s=arc-20160816; b=QT2s1FhkdFbJG2P3NchpVMVfcUUjSyEjeXbjUoMO84ShOLzMqPm1LY0pnwrhzglB2R Px8DYjIXmCDDmlyunarmHxhJKT/bh92iAgws9oqGl2kK/08qph7HBlR0p9JRvpLcgxRQ nWnQ4V5uzJTVhQUBG9bQrxAe/iuXMYtGBh2mLckluRA3QGfzisk/mBUeteIPw5X3CoOQ X27RxuwetvJyJqSgi0xlIoxEOSYAMHBMTrsMiKiHfJVX3wsKyCSlOkUkQBbC7TlHiufm 1ZFCZ1kVonJpBHjBf39cq892yF4Wz5jUSoV5Gsy/SpGBBfuOSb8aoPSPokM09SCNVso1 Nepg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=SWQl/+KrwP7CKG4erUNHUWPEHU3H18pCh9yjPNjkM9o=; b=lZAL8YNhgAisx119v2NMteaPAIbUvqtRIMWT45mjaauYzgYl7/VFIAfnD+dc2UoxYX 6HQ9TrBwYBttVH5wkYgmbJ4UHVuBOQoMG93QKtSHdMFi52z9/8tL8NBa02C8Ns2qt542 lC1Ke9Ut2bkSV92/HAwznkWqxDjbM+r0brakOUmRQoth2mqVQE7a2t7pELSoUGQp8CaM foP5f5JXiWKD99Brk3fS/qTJ/P+tUEKxgCdvSkGyQ2vfmFjyx/aWLaJP89loJl45q2Wa +1oJbKRYBPrxa1gWaA+NWZ+WzLnSpgWCweUTmGl1FUV9BD5kMOh8pePGZpz8pYhwnd9+ 8Q/Q== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h3si1291073pfn.158.2018.04.11.11.51.03; Wed, 11 Apr 2018 11:51:40 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1755826AbeDKSrC (ORCPT + 99 others); Wed, 11 Apr 2018 14:47:02 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:59110 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755811AbeDKSq7 (ORCPT ); Wed, 11 Apr 2018 14:46:59 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 30267D91; Wed, 11 Apr 2018 18:46:58 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lin Zhang , "David S. Miller" , Sasha Levin Subject: [PATCH 4.4 080/190] net: llc: add lock_sock in llc_ui_bind to avoid a race condition Date: Wed, 11 Apr 2018 20:35:26 +0200 Message-Id: <20180411183555.243503151@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180411183550.114495991@linuxfoundation.org> References: <20180411183550.114495991@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.4-stable review patch. If anyone has any objections, please let me know. ------------------ From: linzhang [ Upstream commit 0908cf4dfef35fc6ac12329007052ebe93ff1081 ] There is a race condition in llc_ui_bind if two or more processes/threads try to bind a same socket. If more processes/threads bind a same socket success that will lead to two problems, one is this action is not what we expected, another is will lead to kernel in unstable status or oops(in my simple test case, cause llc2.ko can't unload). The current code is test SOCK_ZAPPED bit to avoid a process to bind a same socket twice but that is can't avoid more processes/threads try to bind a same socket at the same time. So, add lock_sock in llc_ui_bind like others, such as llc_ui_connect. Signed-off-by: Lin Zhang Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- net/llc/af_llc.c | 3 +++ 1 file changed, 3 insertions(+) --- a/net/llc/af_llc.c +++ b/net/llc/af_llc.c @@ -309,6 +309,8 @@ static int llc_ui_bind(struct socket *so int rc = -EINVAL; dprintk("%s: binding %02X\n", __func__, addr->sllc_sap); + + lock_sock(sk); if (unlikely(!sock_flag(sk, SOCK_ZAPPED) || addrlen != sizeof(*addr))) goto out; rc = -EAFNOSUPPORT; @@ -380,6 +382,7 @@ static int llc_ui_bind(struct socket *so out_put: llc_sap_put(sap); out: + release_sock(sk); return rc; }