@@ -316,7 +316,10 @@ static int inet_create(struct net *net, struct socket *sock, int protocol,
answer_flags = answer->flags;
rcu_read_unlock();
+#if !IS_ENABLED(CONFIG_KASAN)
+ /* with kasan we use kmalloc */
WARN_ON(!answer_prot->slab);
+#endif
err = -ENOBUFS;
sk = sk_alloc(net, PF_INET, GFP_KERNEL, answer_prot, kern);
@@ -1262,6 +1262,9 @@ static int __mptcp_init_sock(struct sock *sk)
/* re-use the csk retrans timer for MPTCP-level retrans */
timer_setup(&msk->sk.icsk_retransmit_timer, mptcp_retransmit_timer, 0);
+#if IS_ENABLED(CONFIG_KASAN)
+ sock_set_flag(sk, SOCK_RCU_FREE);
+#endif
return 0;
}
@@ -1455,7 +1458,9 @@ struct sock *mptcp_sk_clone(const struct sock *sk,
msk->ack_seq = ack_seq;
}
+#if !IS_ENABLED(CONFIG_KASAN)
sock_reset_flag(nsk, SOCK_RCU_FREE);
+#endif
/* will be fully established after successful MPC subflow creation */
inet_sk_state_store(nsk, TCP_SYN_RECV);
bh_unlock_sock(nsk);
@@ -2076,6 +2081,12 @@ static struct inet_protosw mptcp_protosw = {
.flags = INET_PROTOSW_ICSK,
};
+#if IS_ENABLED(CONFIG_KASAN)
+#define MPTCP_USE_SLAB 0
+#else
+#define MPTCP_USE_SLAB 1
+#endif
+
void __init mptcp_proto_init(void)
{
mptcp_prot.h.hashinfo = tcp_prot.h.hashinfo;
@@ -2087,7 +2098,7 @@ void __init mptcp_proto_init(void)
mptcp_pm_init();
mptcp_token_init();
- if (proto_register(&mptcp_prot, 1) != 0)
+ if (proto_register(&mptcp_prot, MPTCP_USE_SLAB) != 0)
panic("Failed to register MPTCP proto.\n");
inet_register_protosw(&mptcp_protosw);
@@ -2149,7 +2160,7 @@ int __init mptcp_proto_v6_init(void)
mptcp_v6_prot.destroy = mptcp_v6_destroy;
mptcp_v6_prot.obj_size = sizeof(struct mptcp6_sock);
- err = proto_register(&mptcp_v6_prot, 1);
+ err = proto_register(&mptcp_v6_prot, MPTCP_USE_SLAB);
if (err)
return err;
Helps detection UaF, which apparently kasan misses with kmem_cache allocator. We also need to always set the SOCK_RCU_FREE flag, to preserved the current code leveraging SLAB_TYPESAFE_BY_RCU. This latter change will make unreachable some existing errors path, but I don't see other options. Signed-off-by: Paolo Abeni <pabeni@redhat.com> --- net/ipv4/af_inet.c | 3 +++ net/mptcp/protocol.c | 15 +++++++++++++-- 2 files changed, 16 insertions(+), 2 deletions(-)