From patchwork Wed Jan 24 20:35:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom Herbert X-Patchwork-Id: 865454 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=netdev-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (2048-bit key; unprotected) header.d=quantonium-net.20150623.gappssmtp.com header.i=@quantonium-net.20150623.gappssmtp.com header.b="GfmDCdLW"; dkim-atps=neutral Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 3zRcSm4XK6z9sQm for ; Thu, 25 Jan 2018 07:38:32 +1100 (AEDT) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932273AbeAXUia (ORCPT ); Wed, 24 Jan 2018 15:38:30 -0500 Received: from mail-pg0-f67.google.com ([74.125.83.67]:40537 "EHLO mail-pg0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932072AbeAXUi3 (ORCPT ); Wed, 24 Jan 2018 15:38:29 -0500 Received: by mail-pg0-f67.google.com with SMTP id g16so3523880pgn.7 for ; Wed, 24 Jan 2018 12:38:29 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=quantonium-net.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=KzHVWkA+v9ZHMWp75V1JgDgcOKsMH/jdR+JRRO+DrlQ=; b=GfmDCdLWj2GPGGLXt9AORb376JV3oQM0Wl0Go4vGSDit+29XE9Pl9i45X6VvHXNwHF 8wYNlKQB3jBQeldmBo9o/yXXJxsKX1QrHmBOb+T/ATfkViGTLcT/B1Xpl0FKJOt5Gj4v Y4cVeT/jHln7F8WpIQPuCrt5I40oatP1rkym9edZixgR7ZISqz4UtplCmB7eopec2Zvn LaG3EdhKXB5HTNy3hTnaLvbuOGme/lefVfNu0SCf35fos8GdN622ZxlfAC3MEhUbKthw 0I5CQN1X1048D1BdlCR3SfI57e/9fyl7cLXftL5fxE8lXFKmRN98lgfOPPMb1iFkeGSh lahg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=KzHVWkA+v9ZHMWp75V1JgDgcOKsMH/jdR+JRRO+DrlQ=; b=je+ZI0Jepme0vEa4ptO7YVYp5RLv0wne8G9yJdkhz+oYY4VV/xMUkPuIbCF88uhv5Z iY5ESyZkJo01bsmJgFN0d51+BVU9t31HfI+6mGGt4lL91A+iBH8c4vosu0k/ssmaOx3C 4A/H5c2Cw65BrWJlEh18nQXhLP3fwarM6Zuox4yUROmjfXSEOCJZ59+/CSLYAk4mGM0l elXK7prDRgFKmO2gNSUnKIkQu7SgwYzXlRS8ii+qDVkj1nqKpITJlkjEb4hBAIgIXdJp vx1ug7KZizaEvMKXj4aFC/YxQonkXWWxHp9oJiVo08/Gh2Fd0+zJIE7TXSdSmtdczwOG 2i6g== X-Gm-Message-State: AKwxytf3k45SUSum+fI+iU68VzBgbWFiuoPGfzV5pHdoCAkh7JskuatM iW5zEZMJAzMqOCiRSzISVwzHMw== X-Google-Smtp-Source: AH8x2246552nGBEsbTbcDB65WEwY7qaOs4PnkXcIGDY5WwgVfXLFj0NOj6K7ZPCvkep2hLlCiIOQTw== X-Received: by 2002:a17:902:bcc2:: with SMTP id o2-v6mr5052683pls.89.1516826309076; Wed, 24 Jan 2018 12:38:29 -0800 (PST) Received: from localhost.localdomain (c-73-162-13-107.hsd1.ca.comcast.net. [73.162.13.107]) by smtp.gmail.com with ESMTPSA id l88sm12974724pfb.149.2018.01.24.12.38.27 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 24 Jan 2018 12:38:28 -0800 (PST) From: Tom Herbert To: davem@davemloft.net Cc: netdev@vger.kernel.org, rohit@quantonium.net, jchapman@katalix.com, g.nault@alphalink.fr, Tom Herbert Subject: [PATCH v2 net-next 1/2] kcm: Only allow TCP sockets to be attached to a KCM mux Date: Wed, 24 Jan 2018 12:35:40 -0800 Message-Id: <20180124203541.3172-2-tom@quantonium.net> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180124203541.3172-1-tom@quantonium.net> References: <20180124203541.3172-1-tom@quantonium.net> Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org TCP sockets for IPv4 and IPv6 that are not listeners or in closed stated are allowed to be attached to a KCM mux. Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module") Reported-by: syzbot+8865eaff7f9acd593945@syzkaller.appspotmail.com Signed-off-by: Tom Herbert Reviewed-by: Eric Dumazet --- net/kcm/kcmsock.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c index d4e98f20fc2a..7632797fb68e 100644 --- a/net/kcm/kcmsock.c +++ b/net/kcm/kcmsock.c @@ -1387,8 +1387,13 @@ static int kcm_attach(struct socket *sock, struct socket *csock, if (!csk) return -EINVAL; - /* We must prevent loops or risk deadlock ! */ - if (csk->sk_family == PF_KCM) + /* Only allow TCP sockets to be attached for now */ + if ((csk->sk_family != AF_INET && csk->sk_family != AF_INET6) || + csk->sk_protocol != IPPROTO_TCP) + return -EOPNOTSUPP; + + /* Don't allow listeners or closed sockets */ + if (csk->sk_state == TCP_LISTEN || csk->sk_state == TCP_CLOSE) return -EOPNOTSUPP; psock = kmem_cache_zalloc(kcm_psockp, GFP_KERNEL);