| From foo@baz Mon Apr 9 17:09:24 CEST 2018 |
| From: linzhang <xiaolou4617@gmail.com> |
| Date: Thu, 25 May 2017 14:07:18 +0800 |
| Subject: net: llc: add lock_sock in llc_ui_bind to avoid a race condition |
| |
| From: linzhang <xiaolou4617@gmail.com> |
| |
| |
| [ Upstream commit 0908cf4dfef35fc6ac12329007052ebe93ff1081 ] |
| |
| There is a race condition in llc_ui_bind if two or more processes/threads |
| try to bind a same socket. |
| |
| If more processes/threads bind a same socket success that will lead to |
| two problems, one is this action is not what we expected, another is |
| will lead to kernel in unstable status or oops(in my simple test case, |
| cause llc2.ko can't unload). |
| |
| The current code is test SOCK_ZAPPED bit to avoid a process to |
| bind a same socket twice but that is can't avoid more processes/threads |
| try to bind a same socket at the same time. |
| |
| So, add lock_sock in llc_ui_bind like others, such as llc_ui_connect. |
| |
| Signed-off-by: Lin Zhang <xiaolou4617@gmail.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Sasha Levin <alexander.levin@microsoft.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/llc/af_llc.c | 3 +++ |
| 1 file changed, 3 insertions(+) |
| |
| --- a/net/llc/af_llc.c |
| +++ b/net/llc/af_llc.c |
| @@ -309,6 +309,8 @@ static int llc_ui_bind(struct socket *so |
| int rc = -EINVAL; |
| |
| dprintk("%s: binding %02X\n", __func__, addr->sllc_sap); |
| + |
| + lock_sock(sk); |
| if (unlikely(!sock_flag(sk, SOCK_ZAPPED) || addrlen != sizeof(*addr))) |
| goto out; |
| rc = -EAFNOSUPPORT; |
| @@ -380,6 +382,7 @@ static int llc_ui_bind(struct socket *so |
| out_put: |
| llc_sap_put(sap); |
| out: |
| + release_sock(sk); |
| return rc; |
| } |
| |