Skip to content

Commit

Permalink
kcm: do not attach PF_KCM sockets to avoid deadlock
Browse files Browse the repository at this point in the history 
syzkaller had no problem to trigger a deadlock, attaching a KCM socket
to another one (or itself). (original syzkaller report was a very
confusing lockdep splat during a sendmsg())

It seems KCM claims to only support TCP, but no enforcement is done,
so we might need to add additional checks.

Fixes: ab7ac4e ("kcm: Kernel Connection Multiplexor module")
Signed-off-by: Eric Dumazet <[email protected]>
Reported-by: Dmitry Vyukov <[email protected]>
Acked-by: Tom Herbert <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
  • Loading branch information
@davem330
Eric Dumazet authored and davem330 committed Aug 30, 2017
1 parent f5c3dd4 commit 351050e
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions net/kcm/kcmsock.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1383,6 +1383,10 @@ static int kcm_attach(struct socket *sock, struct socket *csock,
if (!csk)
return -EINVAL;

/* We must prevent loops or risk deadlock ! */
if (csk->sk_family == PF_KCM)
return -EOPNOTSUPP;

psock = kmem_cache_zalloc(kcm_psockp, GFP_KERNEL);
if (!psock)
return -ENOMEM;
Expand Down

0 comments on commit 351050e

Please sign in to comment.