Received: by 10.192.165.156 with SMTP id m28csp1126205imm;
        Wed, 11 Apr 2018 12:57:05 -0700 (PDT)
X-Google-Smtp-Source: AIpwx49K1VxhnlssNJN+DeGuJeS+ZgPZHlRX2Ei7fdhac5iwVuCFdciTJ8CWOzBRtdWGG49uzIKJ
X-Received: by 2002:a17:902:ba94:: with SMTP id k20-v6mr6525820pls.193.1523476625129;
        Wed, 11 Apr 2018 12:57:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1523476625; cv=none;
        d=google.com; s=arc-20160816;
        b=vkeqKfw1dmsg5fHsHtTPYTJPvJxVnBGfsQaXrB6eHhglY+MeX/EkcicLNYx4vIB/Ei
         8qmsm9xFUBsrtAIsgMRE6PIenZrihN+ipEymCYbvstyxLjFzdkx4JiJfn32Os0chZ6gO
         R2ZC0E2ujnXG+Ci3rtdKbRHTohW4HnYeZ6xP3KLz3HOYdYH6Xk7bEyvhwTgwc3V6Xyqt
         x8ZJMNpzRhJvkSDXAPz5UeNAWJ6goyiFetAe9/c6FiRMs9ZmPi638BHDZIahBck8ZBQj
         M0uuTLeA7Gmz5HwWwtuyjA9YUdF7CG6YMQfuUmnRZLZMUvwrU3ETXO91pZ2VnbLymJgD
         hUAA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=il4F87FyBnASPjt1bJnFwIPedVzB2pDz2qEwSKsilfk=;
        b=xCKLw6BTATR4gClEjS04/uWKwwBLAoLMuBuPO9KmJrYF69RirI4KG9T99hCcKXp9R+
         V52prcQiAxQrGIONdSCMMYuf58cTv6dULGfzW+DAWgnOfL2HKVIoggSUSk7VjnZbKmwu
         UkDKjmLjNvXm1lwAZjCKOHqcajVMynUZnqzhnBir62r7vxLtPorS9M9B0FNOyhTI6rox
         ks9OjiZ4T9nVyDsDIsNQ+R/Wg6HcOTe8MK6WeknfXIWsCE2PqBWCU3d6eEXFKewS92eQ
         yA1Oa2AfG43Z/H07uIdSxR0IE5dFYUzwJi34IffNbRGyiuAe+WLzzJqF7uySrHIGuFx7
         LWwQ==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f64-v6si1750552plf.624.2018.04.11.12.56.28;
        Wed, 11 Apr 2018 12:57:05 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1756473AbeDKS5q (ORCPT <rfc822;ablacktshirt@gmail.com>
        + 99 others); Wed, 11 Apr 2018 14:57:46 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:36404 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1754153AbeDKS5o (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 11 Apr 2018 14:57:44 -0400
Received: from localhost (LFbn-1-12247-202.w90-92.abo.wanadoo.fr [90.92.61.202])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id 340AFDAB;
        Wed, 11 Apr 2018 18:57:43 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Lin Zhang <xiaolou4617@gmail.com>,
        "David S. Miller" <davem@davemloft.net>,
        Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 4.9 117/310] net: llc: add lock_sock in llc_ui_bind to avoid a race condition
Date:   Wed, 11 Apr 2018 20:34:16 +0200
Message-Id: <20180411183627.204637839@linuxfoundation.org>
X-Mailer: git-send-email 2.17.0
In-Reply-To: <20180411183622.305902791@linuxfoundation.org>
References: <20180411183622.305902791@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.9-stable review patch.  If anyone has any objections, please let me know.

------------------

From: linzhang <xiaolou4617@gmail.com>


[ Upstream commit 0908cf4dfef35fc6ac12329007052ebe93ff1081 ]

There is a race condition in llc_ui_bind if two or more processes/threads
try to bind a same socket.

If more processes/threads bind a same socket success that will lead to
two problems, one is this action is not what we expected, another is
will lead to kernel in unstable status or oops(in my simple test case,
cause llc2.ko can't unload).

The current code is test SOCK_ZAPPED bit to avoid a process to
bind a same socket twice but that is can't avoid more processes/threads
try to bind a same socket at the same time.

So, add lock_sock in llc_ui_bind like others, such as llc_ui_connect.

Signed-off-by: Lin Zhang <xiaolou4617@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/llc/af_llc.c |    3 +++
 1 file changed, 3 insertions(+)

--- a/net/llc/af_llc.c
+++ b/net/llc/af_llc.c
@@ -309,6 +309,8 @@ static int llc_ui_bind(struct socket *so
 	int rc = -EINVAL;
 
 	dprintk("%s: binding %02X\n", __func__, addr->sllc_sap);
+
+	lock_sock(sk);
 	if (unlikely(!sock_flag(sk, SOCK_ZAPPED) || addrlen != sizeof(*addr)))
 		goto out;
 	rc = -EAFNOSUPPORT;
@@ -380,6 +382,7 @@ static int llc_ui_bind(struct socket *so
 out_put:
 	llc_sap_put(sap);
 out:
+	release_sock(sk);
 	return rc;
 }