Google Git
Sign in
chromium / chromiumos / third_party / kernel / refs/heads/release-R62-9901.B-chromeos-3.18
commitf59ef0b48a680962d592d83e2a770753f5b2f1ca[log] [tgz]
authorWillem de Bruijn <willemb@google.com>Thu Aug 10 16:41:58 2017
committerChromeOS Commit Bot <chromeos-commit-bot@chromium.org>Mon Nov 06 20:49:59 2017
tree20818b50e489eed27e81063983d9e9a4db51ee93
parent30f3f9ed6ff1d9e781deef5e39fc5b965cd0c35b [diff]
UPSTREAM: packet: fix tp_reserve race in packet_set_ring

[ Upstream commit c27927e372f0785f3303e8fad94b85945e2c97b7 ]

Updates to tp_reserve can race with reads of the field in
packet_set_ring. Avoid this by holding the socket lock during
updates in setsockopt PACKET_RESERVE.

This bug was discovered by syzkaller.

BUG=chromium:780782
TEST=Run syszcaller reproducer

Change-Id: I1006e6d4716f912aee319ebb0491330bcebd9c23
Fixes: 8913336a7e8d ("packet: add PACKET_RESERVE sockopt")
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Guenter Roeck <groeck@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/751810
Reviewed-by: Kevin Cernekee <cernekee@chromium.org>
(cherry picked from commit 712116d40a530fc68a25f7feec756202c223c325)
Reviewed-on: https://chromium-review.googlesource.com/755735
1 file changed
tree: 20818b50e489eed27e81063983d9e9a4db51ee93
  1. android/
  2. arch/
  3. block/
  4. chromeos/
  5. crypto/
  6. Documentation/
  7. drivers/
  8. firmware/
  9. fs/
  10. include/
  11. init/
  12. ipc/
  13. kernel/
  14. lib/
  15. mm/
  16. net/
  17. samples/
  18. scripts/
  19. security/
  20. sound/
  21. tools/
  22. usr/
  23. virt/
  24. .gitignore
  25. .mailmap
  26. COMMIT-QUEUE.ini
  27. COPYING
  28. CREDITS
  29. Kbuild
  30. Kconfig
  31. MAINTAINERS
  32. Makefile
  33. PRESUBMIT.cfg
  34. README
  35. REPORTING-BUGS