Google Git
Sign in
chromium / chromiumos / third_party / kernel / 957c2ec5c7b906973b8bf5be3dd066524569b1ec
commit957c2ec5c7b906973b8bf5be3dd066524569b1ec[log] [tgz]
authorWillem de Bruijn <[email protected]>Thu Aug 10 16:41:58 2017
committerChromeOS Commit Bot <[email protected]>Wed Nov 08 22:49:53 2017
treeec242289bd0439a2152f5cf32269df04dd0094ef
parent5e02a24a574ecbd1f39fe370475c399e1f93d131 [diff]
UPSTREAM: packet: fix tp_reserve race in packet_set_ring

[ Upstream commit c27927e372f0785f3303e8fad94b85945e2c97b7 ]

Updates to tp_reserve can race with reads of the field in
packet_set_ring. Avoid this by holding the socket lock during
updates in setsockopt PACKET_RESERVE.

This bug was discovered by syzkaller.

BUG=chromium:780782
TEST=trybot

Fixes: 8913336a7e8d ("packet: add PACKET_RESERVE sockopt")
Reported-by: Andrey Konovalov <[email protected]>
Signed-off-by: Willem de Bruijn <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
(cherry picked from commit 63364a508d24944abb0975bd823cb11367c56283)
Signed-off-by: Daniel Wang <[email protected]>

Change-Id: I427f6c69ac1a57859be921bd3914a62de29ed7f4
Reviewed-on: https://chromium-review.googlesource.com/759137
Tested-by: Daniel Wang <[email protected]>
Reviewed-by: Guenter Roeck <[email protected]>
Commit-Queue: Daniel Wang <[email protected]>
1 file changed
tree: ec242289bd0439a2152f5cf32269df04dd0094ef
  1. android/
  2. arch/
  3. block/
  4. certs/
  5. chromeos/
  6. crypto/
  7. Documentation/
  8. drivers/
  9. firmware/
  10. fs/
  11. include/
  12. init/
  13. ipc/
  14. kernel/
  15. lib/
  16. mm/
  17. net/
  18. samples/
  19. scripts/
  20. security/
  21. sound/
  22. tools/
  23. usr/
  24. virt/
  25. .get_maintainer.ignore
  26. .gitignore
  27. .mailmap
  28. COMMIT-QUEUE.ini
  29. COPYING
  30. CREDITS
  31. Kbuild
  32. Kconfig
  33. MAINTAINERS
  34. Makefile
  35. PRESUBMIT.cfg
  36. README
  37. REPORTING-BUGS