From: Greg Kroah-Hartman Date: Fri, 18 Feb 2022 10:52:22 +0000 (+0100) Subject: 5.16-stable patches X-Git-Tag: v4.9.303~55 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=cf18cc9e75977226d706f0cfd997741c87e26079;p=thirdparty%2Fkernel%2Fstable-queue.git 5.16-stable patches added patches: vsock-remove-vsock-from-connected-table-when-connect-is-interrupted-by-a-signal.patch --- diff --git a/queue-5.16/series b/queue-5.16/series index 157879a6e2f..b543ca54dbc 100644 --- a/queue-5.16/series +++ b/queue-5.16/series @@ -83,3 +83,4 @@ drm-amdgpu-skipping-sdma-hw_init-and-hw_fini-for-s0ix.patch drm-i915-opregion-check-port-number-bounds-for-swsci-display-power-state.patch drm-i915-fix-dbuf-slice-config-lookup.patch drm-i915-fix-mbus-join-config-lookup.patch +vsock-remove-vsock-from-connected-table-when-connect-is-interrupted-by-a-signal.patch diff --git a/queue-5.16/vsock-remove-vsock-from-connected-table-when-connect-is-interrupted-by-a-signal.patch b/queue-5.16/vsock-remove-vsock-from-connected-table-when-connect-is-interrupted-by-a-signal.patch new file mode 100644 index 00000000000..f9c02e48c16 --- /dev/null +++ b/queue-5.16/vsock-remove-vsock-from-connected-table-when-connect-is-interrupted-by-a-signal.patch @@ -0,0 +1,46 @@ +From b9208492fcaecff8f43915529ae34b3bcb03877c Mon Sep 17 00:00:00 2001 +From: Seth Forshee +Date: Thu, 17 Feb 2022 08:13:12 -0600 +Subject: vsock: remove vsock from connected table when connect is interrupted by a signal + +From: Seth Forshee + +commit b9208492fcaecff8f43915529ae34b3bcb03877c upstream. + +vsock_connect() expects that the socket could already be in the +TCP_ESTABLISHED state when the connecting task wakes up with a signal +pending. If this happens the socket will be in the connected table, and +it is not removed when the socket state is reset. In this situation it's +common for the process to retry connect(), and if the connection is +successful the socket will be added to the connected table a second +time, corrupting the list. + +Prevent this by calling vsock_remove_connected() if a signal is received +while waiting for a connection. This is harmless if the socket is not in +the connected table, and if it is in the table then removing it will +prevent list corruption from a double add. + +Note for backporting: this patch requires d5afa82c977e ("vsock: correct +removal of socket from the list"), which is in all current stable trees +except 4.9.y. + +Fixes: d021c344051a ("VSOCK: Introduce VM Sockets") +Signed-off-by: Seth Forshee +Reviewed-by: Stefano Garzarella +Link: https://lore.kernel.org/r/20220217141312.2297547-1-sforshee@digitalocean.com +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/vmw_vsock/af_vsock.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/vmw_vsock/af_vsock.c ++++ b/net/vmw_vsock/af_vsock.c +@@ -1400,6 +1400,7 @@ static int vsock_connect(struct socket * + sk->sk_state = sk->sk_state == TCP_ESTABLISHED ? TCP_CLOSING : TCP_CLOSE; + sock->state = SS_UNCONNECTED; + vsock_transport_cancel_pkt(vsk); ++ vsock_remove_connected(vsk); + goto out_wait; + } else if (timeout == 0) { + err = -ETIMEDOUT;