Received: by 10.192.165.156 with SMTP id m28csp1126205imm; Wed, 11 Apr 2018 12:57:05 -0700 (PDT) X-Google-Smtp-Source: AIpwx49K1VxhnlssNJN+DeGuJeS+ZgPZHlRX2Ei7fdhac5iwVuCFdciTJ8CWOzBRtdWGG49uzIKJ X-Received: by 2002:a17:902:ba94:: with SMTP id k20-v6mr6525820pls.193.1523476625129; Wed, 11 Apr 2018 12:57:05 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1523476625; cv=none; d=google.com; s=arc-20160816; b=vkeqKfw1dmsg5fHsHtTPYTJPvJxVnBGfsQaXrB6eHhglY+MeX/EkcicLNYx4vIB/Ei 8qmsm9xFUBsrtAIsgMRE6PIenZrihN+ipEymCYbvstyxLjFzdkx4JiJfn32Os0chZ6gO R2ZC0E2ujnXG+Ci3rtdKbRHTohW4HnYeZ6xP3KLz3HOYdYH6Xk7bEyvhwTgwc3V6Xyqt x8ZJMNpzRhJvkSDXAPz5UeNAWJ6goyiFetAe9/c6FiRMs9ZmPi638BHDZIahBck8ZBQj M0uuTLeA7Gmz5HwWwtuyjA9YUdF7CG6YMQfuUmnRZLZMUvwrU3ETXO91pZ2VnbLymJgD hUAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=il4F87FyBnASPjt1bJnFwIPedVzB2pDz2qEwSKsilfk=; b=xCKLw6BTATR4gClEjS04/uWKwwBLAoLMuBuPO9KmJrYF69RirI4KG9T99hCcKXp9R+ V52prcQiAxQrGIONdSCMMYuf58cTv6dULGfzW+DAWgnOfL2HKVIoggSUSk7VjnZbKmwu UkDKjmLjNvXm1lwAZjCKOHqcajVMynUZnqzhnBir62r7vxLtPorS9M9B0FNOyhTI6rox ks9OjiZ4T9nVyDsDIsNQ+R/Wg6HcOTe8MK6WeknfXIWsCE2PqBWCU3d6eEXFKewS92eQ yA1Oa2AfG43Z/H07uIdSxR0IE5dFYUzwJi34IffNbRGyiuAe+WLzzJqF7uySrHIGuFx7 LWwQ== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id f64-v6si1750552plf.624.2018.04.11.12.56.28; Wed, 11 Apr 2018 12:57:05 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756473AbeDKS5q (ORCPT + 99 others); Wed, 11 Apr 2018 14:57:46 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:36404 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754153AbeDKS5o (ORCPT ); Wed, 11 Apr 2018 14:57:44 -0400 Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 340AFDAB; Wed, 11 Apr 2018 18:57:43 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Lin Zhang , "David S. Miller" , Sasha Levin Subject: [PATCH 4.9 117/310] net: llc: add lock_sock in llc_ui_bind to avoid a race condition Date: Wed, 11 Apr 2018 20:34:16 +0200 Message-Id: <20180411183627.204637839@linuxfoundation.org> X-Mailer: git-send-email 2.17.0 In-Reply-To: <20180411183622.305902791@linuxfoundation.org> References: <20180411183622.305902791@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: linzhang [ Upstream commit 0908cf4dfef35fc6ac12329007052ebe93ff1081 ] There is a race condition in llc_ui_bind if two or more processes/threads try to bind a same socket. If more processes/threads bind a same socket success that will lead to two problems, one is this action is not what we expected, another is will lead to kernel in unstable status or oops(in my simple test case, cause llc2.ko can't unload). The current code is test SOCK_ZAPPED bit to avoid a process to bind a same socket twice but that is can't avoid more processes/threads try to bind a same socket at the same time. So, add lock_sock in llc_ui_bind like others, such as llc_ui_connect. Signed-off-by: Lin Zhang Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- net/llc/af_llc.c | 3 +++ 1 file changed, 3 insertions(+) --- a/net/llc/af_llc.c +++ b/net/llc/af_llc.c @@ -309,6 +309,8 @@ static int llc_ui_bind(struct socket *so int rc = -EINVAL; dprintk("%s: binding %02X\n", __func__, addr->sllc_sap); + + lock_sock(sk); if (unlikely(!sock_flag(sk, SOCK_ZAPPED) || addrlen != sizeof(*addr))) goto out; rc = -EAFNOSUPPORT; @@ -380,6 +382,7 @@ static int llc_ui_bind(struct socket *so out_put: llc_sap_put(sap); out: + release_sock(sk); return rc; }