diff options
| author |   Martin KaFai Lau <martin.lau@kernel.org> | 2023-12-13 16:21:53 -0800 |
|---|---|---|
| committer | Martin KaFai Lau <martin.lau@kernel.org> | 2023-12-13 16:33:17 -0800 |
| commit | 2f2fee2bf74a7e31d06fc6cb7ba2bd4dd7753c99 (patch) | |
| tree | fa6dcb7f84468e7631a8be8d1f4eb3b318d9d66f /include | |
| parent | octeontx2-af: Fix pause frame configuration (diff) | |
| parent | bpf: sockmap, test for unconnected af_unix sock (diff) | |
| download | wireguard-linux-2f2fee2bf74a7e31d06fc6cb7ba2bd4dd7753c99.tar.xz wireguard-linux-2f2fee2bf74a7e31d06fc6cb7ba2bd4dd7753c99.zip | |
Merge branch ' bpf fix for unconnect af_unix socket'
John Fastabend says:
====================
Eric reported a syzbot splat from a null ptr deref from recent fix to
resolve a use-after-free with af-unix stream sockets and BPF sockmap
usage.
The issue is I missed is we allow unconnected af_unix STREAM sockets to
be added to the sockmap. Fix this by blocking unconnected sockets.
v2: change sk_is_unix to sk_is_stream_unix (Eric) and remove duplicate
ASSERTS in selftests the xsocket helper already marks FAIL (Jakub)
====================
Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
Diffstat (limited to 'include')
| -rw-r--r-- | include/net/sock.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/include/net/sock.h b/include/net/sock.h index 1d6931caf0c3..0201136b0b9c 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -2799,6 +2799,11 @@ static inline bool sk_is_tcp(const struct sock *sk) return sk->sk_type == SOCK_STREAM && sk->sk_protocol == IPPROTO_TCP; } +static inline bool sk_is_stream_unix(const struct sock *sk) +{ + return sk->sk_family == AF_UNIX && sk->sk_type == SOCK_STREAM; +} + /** * sk_eat_skb - Release a skb if it is no longer needed * @sk: socket to eat this skb from |