[net] kcm: do not attach PF_KCM sockets to avoid deadlock

Message ID	1504110571.11498.120.camel@edumazet-glaptop3.roam.corp.google.com
State	Accepted, archived
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> Message-ID: <1504110571.11498.120.camel@edumazet-glaptop3.roam.corp.google.com> Subject: [PATCH net] kcm: do not attach PF_KCM sockets to avoid deadlock From: Eric Dumazet <eric.dumazet@gmail.com> To: David Miller <davem@davemloft.net> Cc: netdev <netdev@vger.kernel.org>, Tom Herbert <tom@quantonium.net> Date: Wed, 30 Aug 2017 09:29:31 -0700 Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Content-Transfer-Encoding: 7bit Sender: netdev-owner@vger.kernel.org Precedence: bulk
Series	[net] kcm: do not attach PF_KCM sockets to avoid deadlock \| expand [net] kcm: do not attach PF_KCM sockets to avoid deadlock

Message ID

1504110571.11498.120.camel@edumazet-glaptop3.roam.corp.google.com

State

Accepted, archived

Delegated to:

David Miller

Headers

Message-ID: <1504110571.11498.120.camel@edumazet-glaptop3.roam.corp.google.com>
Subject: [PATCH net] kcm: do not attach PF_KCM sockets to avoid deadlock
From: Eric Dumazet <eric.dumazet@gmail.com>
To: David Miller <davem@davemloft.net>
Cc: netdev <netdev@vger.kernel.org>, Tom Herbert <tom@quantonium.net>
Date: Wed, 30 Aug 2017 09:29:31 -0700
Content-Type: text/plain; charset="UTF-8"
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Series

[net] kcm: do not attach PF_KCM sockets to avoid deadlock | expand

Commit Message

Eric Dumazet Aug. 30, 2017, 4:29 p.m. UTC

From: Eric Dumazet <edumazet@google.com>

syzkaller had no problem to trigger a deadlock, attaching a KCM socket
to another one (or itself). (original syzkaller report was a very
confusing lockdep splat during a sendmsg())

It seems KCM claims to only support TCP, but no enforcement is done,
so we might need to add additional checks.

Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
---
 net/kcm/kcmsock.c |    4 ++++
 1 file changed, 4 insertions(+)

Comments

Tom Herbert Aug. 30, 2017, 4:42 p.m. UTC | #1

On Wed, Aug 30, 2017 at 9:29 AM, Eric Dumazet <eric.dumazet@gmail.com> wrote:
> From: Eric Dumazet <edumazet@google.com>
>
> syzkaller had no problem to trigger a deadlock, attaching a KCM socket
> to another one (or itself). (original syzkaller report was a very
> confusing lockdep splat during a sendmsg())
>
> It seems KCM claims to only support TCP, but no enforcement is done,
> so we might need to add additional checks.
>
> Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Reported-by: Dmitry Vyukov <dvyukov@google.com>

Acked-by: Tom Herbert <tom@quantonium.net>

> ---
>  net/kcm/kcmsock.c |    4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c
> index 48e993b2dbcf1afae04968ed840e2e98c2cf6772..af4e76ac88ff0817398d1d7460a41f0cd5fe6f30 100644
> --- a/net/kcm/kcmsock.c
> +++ b/net/kcm/kcmsock.c
> @@ -1387,6 +1387,10 @@ static int kcm_attach(struct socket *sock, struct socket *csock,
>         if (!csk)
>                 return -EINVAL;
>
> +       /* We must prevent loops or risk deadlock ! */
> +       if (csk->sk_family == PF_KCM)
> +               return -EOPNOTSUPP;
> +
>         psock = kmem_cache_zalloc(kcm_psockp, GFP_KERNEL);
>         if (!psock)
>                 return -ENOMEM;
>
>

David Miller Aug. 30, 2017, 10:55 p.m. UTC | #2

From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Wed, 30 Aug 2017 09:29:31 -0700

> From: Eric Dumazet <edumazet@google.com>
> 
> syzkaller had no problem to trigger a deadlock, attaching a KCM socket
> to another one (or itself). (original syzkaller report was a very
> confusing lockdep splat during a sendmsg())
> 
> It seems KCM claims to only support TCP, but no enforcement is done,
> so we might need to add additional checks.
> 
> Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
> Signed-off-by: Eric Dumazet <edumazet@google.com>
> Reported-by: Dmitry Vyukov <dvyukov@google.com>

Applied and queued up for -stable, thanks.

diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c
index 48e993b2dbcf1afae04968ed840e2e98c2cf6772..af4e76ac88ff0817398d1d7460a41f0cd5fe6f30 100644
--- a/net/kcm/kcmsock.c
+++ b/net/kcm/kcmsock.c
@@ -1387,6 +1387,10 @@  static int kcm_attach(struct socket *sock, struct socket *csock,
 	if (!csk)
 		return -EINVAL;
 
+	/* We must prevent loops or risk deadlock ! */
+	if (csk->sk_family == PF_KCM)
+		return -EOPNOTSUPP;
+
 	psock = kmem_cache_zalloc(kcm_psockp, GFP_KERNEL);
 	if (!psock)
 		return -ENOMEM;

[net] kcm: do not attach PF_KCM sockets to avoid deadlock

Commit Message

Comments

Patch