On Wed, 2018-01-24 at 12:35 -0800, Tom Herbert wrote:
> TCP sockets for IPv4 and IPv6 that are not listeners or in closed
> stated are allowed to be attached to a KCM mux.
>
> Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
> Reported-by: syzbot+8865eaff7f9acd593...@syzkaller.appspotmail.com
> Signed-off-by: Tom Herbert <t...@quantonium.net>
> ---
> net/kcm/kcmsock.c | 9 +++++++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/net/kcm/kcmsock.c b/net/kcm/kcmsock.c
> index d4e98f20fc2a..7632797fb68e 100644
> --- a/net/kcm/kcmsock.c
> +++ b/net/kcm/kcmsock.c
> @@ -1387,8 +1387,13 @@ static int kcm_attach(struct socket *sock, struct
> socket *csock,
> if (!csk)
> return -EINVAL;
>
> - /* We must prevent loops or risk deadlock ! */
> - if (csk->sk_family == PF_KCM)
> + /* Only allow TCP sockets to be attached for now */
> + if ((csk->sk_family != AF_INET && csk->sk_family != AF_INET6) ||
> + csk->sk_protocol != IPPROTO_TCP)
> + return -EOPNOTSUPP;
> +
> + /* Don't allow listeners or closed sockets */
> + if (csk->sk_state == TCP_LISTEN || csk->sk_state == TCP_CLOSE)
> return -EOPNOTSUPP;
>
> psock = kmem_cache_zalloc(kcm_psockp, GFP_KERNEL);
Reviewed-by: Eric Dumazet <eduma...@google.com>
