| From foo@baz Thu Sep 14 23:20:08 PDT 2017 |
| From: Eric Dumazet <edumazet@google.com> |
| Date: Wed, 30 Aug 2017 09:29:31 -0700 |
| Subject: kcm: do not attach PF_KCM sockets to avoid deadlock |
| |
| From: Eric Dumazet <edumazet@google.com> |
| |
| |
| [ Upstream commit 351050ecd6523374b370341cc29fe61e2201556b ] |
| |
| syzkaller had no problem to trigger a deadlock, attaching a KCM socket |
| to another one (or itself). (original syzkaller report was a very |
| confusing lockdep splat during a sendmsg()) |
| |
| It seems KCM claims to only support TCP, but no enforcement is done, |
| so we might need to add additional checks. |
| |
| Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module") |
| Signed-off-by: Eric Dumazet <edumazet@google.com> |
| Reported-by: Dmitry Vyukov <dvyukov@google.com> |
| Acked-by: Tom Herbert <tom@quantonium.net> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/kcm/kcmsock.c | 4 ++++ |
| 1 file changed, 4 insertions(+) |
| |
| --- a/net/kcm/kcmsock.c |
| +++ b/net/kcm/kcmsock.c |
| @@ -1381,6 +1381,10 @@ static int kcm_attach(struct socket *soc |
| if (!csk) |
| return -EINVAL; |
| |
| + /* We must prevent loops or risk deadlock ! */ |
| + if (csk->sk_family == PF_KCM) |
| + return -EOPNOTSUPP; |
| + |
| psock = kmem_cache_zalloc(kcm_psockp, GFP_KERNEL); |
| if (!psock) |
| return -ENOMEM; |