diff options
| author |   Martin KaFai Lau <martin.lau@kernel.org> | 2023-12-13 16:21:53 -0800 |
|---|---|---|
| committer | Martin KaFai Lau <martin.lau@kernel.org> | 2023-12-13 16:33:17 -0800 |
| commit | 2f2fee2bf74a7e31d06fc6cb7ba2bd4dd7753c99 (patch) | |
| tree | fa6dcb7f84468e7631a8be8d1f4eb3b318d9d66f /net/core | |
| parent | octeontx2-af: Fix pause frame configuration (diff) | |
| parent | bpf: sockmap, test for unconnected af_unix sock (diff) | |
| download | linux-rng-2f2fee2bf74a7e31d06fc6cb7ba2bd4dd7753c99.tar.xz linux-rng-2f2fee2bf74a7e31d06fc6cb7ba2bd4dd7753c99.zip | |
Merge branch ' bpf fix for unconnect af_unix socket'
John Fastabend says:
====================
Eric reported a syzbot splat from a null ptr deref from recent fix to
resolve a use-after-free with af-unix stream sockets and BPF sockmap
usage.
The issue is I missed is we allow unconnected af_unix STREAM sockets to
be added to the sockmap. Fix this by blocking unconnected sockets.
v2: change sk_is_unix to sk_is_stream_unix (Eric) and remove duplicate
ASSERTS in selftests the xsocket helper already marks FAIL (Jakub)
====================
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Diffstat (limited to 'net/core')
| -rw-r--r-- | net/core/sock_map.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/net/core/sock_map.c b/net/core/sock_map.c index 4292c2ed1828..27d733c0f65e 100644 --- a/net/core/sock_map.c +++ b/net/core/sock_map.c @@ -536,6 +536,8 @@ static bool sock_map_sk_state_allowed(const struct sock *sk) { if (sk_is_tcp(sk)) return (1 << sk->sk_state) & (TCPF_ESTABLISHED | TCPF_LISTEN); + if (sk_is_stream_unix(sk)) + return (1 << sk->sk_state) & TCPF_ESTABLISHED; return true; } |