]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
projects / thirdparty / kernel / stable-queue.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0243299)
4.4-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 30 Jan 2020 14:44:48 +0000 (15:44 +0100)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 30 Jan 2020 14:44:48 +0000 (15:44 +0100)
added patches:
crypto-af_alg-use-bh_lock_sock-in-sk_destruct.patch

queue-4.4/crypto-af_alg-use-bh_lock_sock-in-sk_destruct.patch [new file with mode: 0644] patch | blob
queue-4.4/series patch | blob | blame | history

diff --git a/queue-4.4/crypto-af_alg-use-bh_lock_sock-in-sk_destruct.patch b/queue-4.4/crypto-af_alg-use-bh_lock_sock-in-sk_destruct.patch
new file mode 100644 (file)
index 0000000..16deba8
--- /dev/null
+++ b/queue-4.4/crypto-af_alg-use-bh_lock_sock-in-sk_destruct.patch
@@ -0,0 +1,43 @@
+From 37f96694cf73ba116993a9d2d99ad6a75fa7fdb0 Mon Sep 17 00:00:00 2001
+From: Herbert Xu <herbert@gondor.apana.org.au>
+Date: Thu, 5 Dec 2019 13:45:05 +0800
+Subject: crypto: af_alg - Use bh_lock_sock in sk_destruct
+
+From: Herbert Xu <herbert@gondor.apana.org.au>
+
+commit 37f96694cf73ba116993a9d2d99ad6a75fa7fdb0 upstream.
+
+As af_alg_release_parent may be called from BH context (most notably
+due to an async request that only completes after socket closure,
+or as reported here because of an RCU-delayed sk_destruct call), we
+must use bh_lock_sock instead of lock_sock.
+
+Reported-by: syzbot+c2f1558d49e25cc36e5e@syzkaller.appspotmail.com
+Reported-by: Eric Dumazet <eric.dumazet@gmail.com>
+Fixes: c840ac6af3f8 ("crypto: af_alg - Disallow bind/setkey/...")
+Cc: <stable@vger.kernel.org>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/af_alg.c |    6 ++++--
+ 1 file changed, 4 insertions(+), 2 deletions(-)
+
+--- a/crypto/af_alg.c
++++ b/crypto/af_alg.c
+@@ -136,11 +136,13 @@ void af_alg_release_parent(struct sock *
+       sk = ask->parent;
+       ask = alg_sk(sk);
+-      lock_sock(sk);
++      local_bh_disable();
++      bh_lock_sock(sk);
+       ask->nokey_refcnt -= nokey;
+       if (!last)
+               last = !--ask->refcnt;
+-      release_sock(sk);
++      bh_unlock_sock(sk);
++      local_bh_enable();
+       if (last)
+               sock_put(sk);
diff --git a/queue-4.4/series b/queue-4.4/series
index 2544dcd8153db35f30f3c983fba9e6858e1b7616..21e5ade497157d86beca55ceb77674fe58cc194a 100644 (file)
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -19,3 +19,4 @@ net-wan-sdla-fix-cast-from-pointer-to-integer-of-dif.patch
 atm-eni-fix-uninitialized-variable-warning.patch
 usb-storage-disable-uas-on-jmicron-sata-enclosure.patch
 net_sched-ematch-reject-invalid-tcf_em_simple.patch
+crypto-af_alg-use-bh_lock_sock-in-sk_destruct.patch
Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git