On Wed, Aug 30, 2017 at 9:29 AM, Eric Dumazet <eric.duma...@gmail.com> wrote:
> From: Eric Dumazet <eduma...@google.com>
>
> syzkaller had no problem to trigger a deadlock, attaching a KCM socket
> to another one (or itself). (original syzkaller report was a very
> confusing lockdep splat during a sendmsg())
>
> It seems KCM claims to only support TCP, but no enforcement is done,
> so we might need to add additional checks.
>
> Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
> Signed-off-by: Eric Dumazet <eduma...@google.com>
> Reported-by: Dmitry Vyukov <dvyu...@google.com>Acked-by: Tom Herbert <t...@quantonium.net> > --- > net/kcm/kcmsock.c | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c > index > 48e993b2dbcf1afae04968ed840e2e98c2cf6772..af4e76ac88ff0817398d1d7460a41f0cd5fe6f30 > 100644 > --- a/net/kcm/kcmsock.c > +++ b/net/kcm/kcmsock.c > @@ -1387,6 +1387,10 @@ static int kcm_attach(struct socket *sock, struct > socket *csock, > if (!csk) > return -EINVAL; > > + /* We must prevent loops or risk deadlock ! */ > + if (csk->sk_family == PF_KCM) > + return -EOPNOTSUPP; > + > psock = kmem_cache_zalloc(kcm_psockp, GFP_KERNEL); > if (!psock) > return -ENOMEM; > >
