releases/4.9.51/kcm-do-not-attach-pf_kcm-sockets-to-avoid-deadlock.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From foo@baz Thu Sep 14 23:20:08 PDT 2017
 From: Eric Dumazet <edumazet@google.com>
 Date: Wed, 30 Aug 2017 09:29:31 -0700
 Subject: kcm: do not attach PF_KCM sockets to avoid deadlock

 From: Eric Dumazet <edumazet@google.com>


 [ Upstream commit 351050ecd6523374b370341cc29fe61e2201556b ]

 syzkaller had no problem to trigger a deadlock, attaching a KCM socket
 to another one (or itself). (original syzkaller report was a very
 confusing lockdep splat during a sendmsg())

 It seems KCM claims to only support TCP, but no enforcement is done,
 so we might need to add additional checks.

 Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
 Signed-off-by: Eric Dumazet <edumazet@google.com>
 Reported-by: Dmitry Vyukov <dvyukov@google.com>
 Acked-by: Tom Herbert <tom@quantonium.net>
 Signed-off-by: David S. Miller <davem@davemloft.net>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  net/kcm/kcmsock.c |    4 ++++
  1 file changed, 4 insertions(+)

 --- a/net/kcm/kcmsock.c
 +++ b/net/kcm/kcmsock.c
 @@ -1381,6 +1381,10 @@ static int kcm_attach(struct socket *soc
  	if (!csk)
  		return -EINVAL;

 +	/* We must prevent loops or risk deadlock ! */
 +	if (csk->sk_family == PF_KCM)
 +		return -EOPNOTSUPP;
 +
  	psock = kmem_cache_zalloc(kcm_psockp, GFP_KERNEL);
  	if (!psock)
  		return -ENOMEM;
	From foo@baz Thu Sep 14 23:20:08 PDT 2017
	From: Eric Dumazet <edumazet@google.com>
	Date: Wed, 30 Aug 2017 09:29:31 -0700
	Subject: kcm: do not attach PF_KCM sockets to avoid deadlock

	From: Eric Dumazet <edumazet@google.com>


	[ Upstream commit 351050ecd6523374b370341cc29fe61e2201556b ]

	syzkaller had no problem to trigger a deadlock, attaching a KCM socket
	to another one (or itself). (original syzkaller report was a very
	confusing lockdep splat during a sendmsg())

	It seems KCM claims to only support TCP, but no enforcement is done,
	so we might need to add additional checks.

	Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
	Signed-off-by: Eric Dumazet <edumazet@google.com>
	Reported-by: Dmitry Vyukov <dvyukov@google.com>
	Acked-by: Tom Herbert <tom@quantonium.net>
	Signed-off-by: David S. Miller <davem@davemloft.net>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	net/kcm/kcmsock.c \| 4 ++++
	1 file changed, 4 insertions(+)

	--- a/net/kcm/kcmsock.c
	+++ b/net/kcm/kcmsock.c
	@@ -1381,6 +1381,10 @@ static int kcm_attach(struct socket *soc
	if (!csk)
	return -EINVAL;

	+ /* We must prevent loops or risk deadlock ! */
	+ if (csk->sk_family == PF_KCM)
	+ return -EOPNOTSUPP;
	+
	psock = kmem_cache_zalloc(kcm_psockp, GFP_KERNEL);
	if (!psock)
	return -ENOMEM;