kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   c5b4604852c852b09d2b5d0753f5c34058b4f1c3
  2.   patches.kernel.org
  3.   6.3.4-020-net-annotate-sk-sk_err-write-from-do_recvmmsg.patch
Blob Blame History Raw 
From: Eric Dumazet <edumazet@google.com>
Date: Tue, 9 May 2023 16:35:53 +0000
Subject: [PATCH] net: annotate sk->sk_err write from do_recvmmsg()
References: bsc#1012628
Patch-mainline: 6.3.4
Git-commit: e05a5f510f26607616fecdd4ac136310c8bea56b

[ Upstream commit e05a5f510f26607616fecdd4ac136310c8bea56b ]

do_recvmmsg() can write to sk->sk_err from multiple threads.

As said before, many other points reading or writing sk_err
need annotations.

Fixes: 34b88a68f26a ("net: Fix use after free in the recvmmsg exit path")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
---
 net/socket.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/socket.c b/net/socket.c
index 9c92c0e6..263fab8e 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -2909,7 +2909,7 @@ static int do_recvmmsg(int fd, struct mmsghdr __user *mmsg,
 		 * error to return on the next call or if the
 		 * app asks about it using getsockopt(SO_ERROR).
 		 */
-		sock->sk->sk_err = -err;
+		WRITE_ONCE(sock->sk->sk_err, -err);
 	}
 out_put:
 	fput_light(sock->file, fput_needed);
-- 
2.35.3
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.