lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 27 Apr 2018 15:58:13 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org, Ursula Braun <ubraun@...ux.vnet.ibm.com>, Stephen Hemminger <stephen@...workplumber.org>, "David S. Miller" <davem@...emloft.net> Subject: [PATCH 4.14 20/80] net/smc: fix shutdown in state SMC_LISTEN 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Ursula Braun <ubraun@...ux.vnet.ibm.com> [ Upstream commit 1255fcb2a655f05e02f3a74675a6d6525f187afd ] Calling shutdown with SHUT_RD and SHUT_RDWR for a listening SMC socket crashes, because commit 127f49705823 ("net/smc: release clcsock from tcp_listen_worker") releases the internal clcsock in smc_close_active() and sets smc->clcsock to NULL. For SHUT_RD the smc_close_active() call is removed. For SHUT_RDWR the kernel_sock_shutdown() call is omitted, since the clcsock is already released. Fixes: 127f49705823 ("net/smc: release clcsock from tcp_listen_worker") Signed-off-by: Ursula Braun <ubraun@...ux.vnet.ibm.com> Reported-by: Stephen Hemminger <stephen@...workplumber.org> Signed-off-by: David S. Miller <davem@...emloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> --- net/smc/af_smc.c | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) --- a/net/smc/af_smc.c +++ b/net/smc/af_smc.c @@ -1203,14 +1203,12 @@ static int smc_shutdown(struct socket *s rc = smc_close_shutdown_write(smc); break; case SHUT_RD: - if (sk->sk_state == SMC_LISTEN) - rc = smc_close_active(smc); - else - rc = 0; - /* nothing more to do because peer is not involved */ + rc = 0; + /* nothing more to do because peer is not involved */ break; } - rc1 = kernel_sock_shutdown(smc->clcsock, how); + if (smc->clcsock) + rc1 = kernel_sock_shutdown(smc->clcsock, how); /* map sock_shutdown_cmd constants to sk_shutdown value range */ sk->sk_shutdown |= how + 1;
Powered by blists - more mailing lists