From: Greg Kroah-Hartman Date: Fri, 18 Feb 2022 10:51:50 +0000 (+0100) Subject: 5.10-stable patches X-Git-Tag: v4.9.303~57 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a82b89a3bbbc596a0d87c7e795fcc27731f5c94d;p=thirdparty%2Fkernel%2Fstable-queue.git 5.10-stable patches added patches: vsock-remove-vsock-from-connected-table-when-connect-is-interrupted-by-a-signal.patch --- diff --git a/queue-5.10/series b/queue-5.10/series index 26ff02588b8..7ad2261b102 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -47,3 +47,4 @@ kbuild-lto-merge-module-sections-if-and-only-if-config_lto_clang-is-enabled.patc iwlwifi-fix-use-after-free.patch drm-radeon-fix-backlight-control-on-imac-12-1.patch drm-i915-opregion-check-port-number-bounds-for-swsci-display-power-state.patch +vsock-remove-vsock-from-connected-table-when-connect-is-interrupted-by-a-signal.patch diff --git a/queue-5.10/vsock-remove-vsock-from-connected-table-when-connect-is-interrupted-by-a-signal.patch b/queue-5.10/vsock-remove-vsock-from-connected-table-when-connect-is-interrupted-by-a-signal.patch new file mode 100644 index 00000000000..fc3a5a6bb0a --- /dev/null +++ b/queue-5.10/vsock-remove-vsock-from-connected-table-when-connect-is-interrupted-by-a-signal.patch @@ -0,0 +1,46 @@ +From b9208492fcaecff8f43915529ae34b3bcb03877c Mon Sep 17 00:00:00 2001 +From: Seth Forshee +Date: Thu, 17 Feb 2022 08:13:12 -0600 +Subject: vsock: remove vsock from connected table when connect is interrupted by a signal + +From: Seth Forshee + +commit b9208492fcaecff8f43915529ae34b3bcb03877c upstream. + +vsock_connect() expects that the socket could already be in the +TCP_ESTABLISHED state when the connecting task wakes up with a signal +pending. If this happens the socket will be in the connected table, and +it is not removed when the socket state is reset. In this situation it's +common for the process to retry connect(), and if the connection is +successful the socket will be added to the connected table a second +time, corrupting the list. + +Prevent this by calling vsock_remove_connected() if a signal is received +while waiting for a connection. This is harmless if the socket is not in +the connected table, and if it is in the table then removing it will +prevent list corruption from a double add. + +Note for backporting: this patch requires d5afa82c977e ("vsock: correct +removal of socket from the list"), which is in all current stable trees +except 4.9.y. + +Fixes: d021c344051a ("VSOCK: Introduce VM Sockets") +Signed-off-by: Seth Forshee +Reviewed-by: Stefano Garzarella +Link: https://lore.kernel.org/r/20220217141312.2297547-1-sforshee@digitalocean.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/vmw_vsock/af_vsock.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/vmw_vsock/af_vsock.c ++++ b/net/vmw_vsock/af_vsock.c +@@ -1357,6 +1357,7 @@ static int vsock_stream_connect(struct s + sk->sk_state = sk->sk_state == TCP_ESTABLISHED ? TCP_CLOSING : TCP_CLOSE; + sock->state = SS_UNCONNECTED; + vsock_transport_cancel_pkt(vsk); ++ vsock_remove_connected(vsk); + goto out_wait; + } else if (timeout == 0) { + err = -ETIMEDOUT;