android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
011b4de950
android_kernel_xiaomi_sm8450/include
History
Eric Dumazet 3db53827a0 af_unix: fix races in sk_peer_pid and sk_peer_cred accesses 
[ Upstream commit 35306eb23814444bd4021f8a1c3047d3cb0c8b2b ]

Jann Horn reported that SO_PEERCRED and SO_PEERGROUPS implementations
are racy, as af_unix can concurrently change sk_peer_pid and sk_peer_cred.

In order to fix this issue, this patch adds a new spinlock that needs
to be used whenever these fields are read or written.

Jann also pointed out that l2cap_sock_get_peer_pid_cb() is currently
reading sk->sk_peer_pid which makes no sense, as this field
is only possibly set by AF_UNIX sockets.
We will have to clean this in a separate patch.
This could be done by reverting b48596d1dc "Bluetooth: L2CAP: Add get_peer_pid callback"
or implementing what was truly expected.

Fixes: 109f6e39fa ("af_unix: Allow SO_PEERCRED to work across namespaces.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Jann Horn <jannh@google.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Cc: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-10-06 15:55:58 +02:00
..
acpi ACPI: fix NULL pointer dereference 2021-08-08 09:05:23 +02:00
asm-generic vmlinux.lds.h: Handle clang's module.{c,d}tor sections 2021-08-18 08:59:18 +02:00
clocksource clocksource/drivers/timer-ti-dm: Save and restore timer TIOCP_CFG 2021-07-14 16:56:12 +02:00
crypto crypto: public_key: fix overflow during implicit conversion 2021-09-18 13:40:08 +02:00
drm drm: protect drm_master pointers in drm_lease.c 2021-09-18 13:40:19 +02:00
dt-bindings clk: imx8mq: remove SYS PLL 1/2 clock gates 2021-07-14 16:56:20 +02:00
keys certs: Add EFI_CERT_X509_GUID support for dbx entries 2021-06-30 08:47:30 -04:00
kunit kunit: fix display of failed expectations for strings 2020-11-10 13:45:15 -07:00
kvm ARM: 2020-10-23 11:17:56 -07:00
linux bpf: Handle return value of BPF_PROG_TYPE_STRUCT_OPS prog 2021-10-06 15:55:50 +02:00
math-emu
media media: subdev: disallow ioctl for saa6588/davinci 2021-07-19 09:45:02 +02:00
memory
misc
net af_unix: fix races in sk_peer_pid and sk_peer_cred accesses 2021-10-06 15:55:58 +02:00
pcmcia
ras mm,hwpoison: introduce MF_MSG_UNSPLIT_THP 2020-10-16 11:11:17 -07:00
rdma RDMA: Lift ibdev_to_node from rds to common code 2021-02-26 10:12:59 +01:00
scsi scsi: iscsi: Fix conn use after free during resets 2021-07-20 16:05:41 +02:00
soc firmware: raspberrypi: Keep count of all consumers 2021-09-15 09:50:41 +02:00
sound ALSA: hda: intel-nhlt: verify config type 2021-03-09 11:11:14 +01:00
target scsi: target: core: Add cmd length set before cmd complete 2021-03-17 17:06:25 +01:00
trace erofs: fix up erofs_lookup tracepoint 2021-09-30 10:11:00 +02:00
uapi fq_codel: reject silly quantum parameters 2021-09-22 12:28:05 +02:00
vdso
video gpu: ipu-v3: remove unused functions 2020-10-26 10:42:38 +01:00
xen Xen/gntdev: correct error checking in gntdev_map_grant_pages() 2021-02-23 15:53:24 +01:00