linux-stable/net/core
Eric Dumazet 0fcfaa8ed9 af_unix: fix races in sk_peer_pid and sk_peer_cred accesses
[ Upstream commit 35306eb238 ]

Jann Horn reported that SO_PEERCRED and SO_PEERGROUPS implementations
are racy, as af_unix can concurrently change sk_peer_pid and sk_peer_cred.

In order to fix this issue, this patch adds a new spinlock that needs
to be used whenever these fields are read or written.

Jann also pointed out that l2cap_sock_get_peer_pid_cb() is currently
reading sk->sk_peer_pid which makes no sense, as this field
is only possibly set by AF_UNIX sockets.
We will have to clean this in a separate patch.
This could be done by reverting b48596d1dc "Bluetooth: L2CAP: Add get_peer_pid callback"
or implementing what was truly expected.

Fixes: 109f6e39fa ("af_unix: Allow SO_PEERCRED to work across namespaces.")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Jann Horn <jannh@google.com>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Cc: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
Cc: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-10-06 15:42:35 +02:00
..
bpf_sk_storage.c
datagram.c udp: fix skb_copy_and_csum_datagram with odd segment sizes 2021-02-17 10:35:19 +01:00
datagram.h
dev.c net: Treat __napi_schedule_irqoff() as __napi_schedule() on PREEMPT_RT 2021-07-19 08:53:08 +02:00
dev_addr_lists.c
dev_ioctl.c net: fix dev_ifsioc_locked() race condition 2021-03-07 12:20:43 +01:00
devlink.c devlink: Hold rtnl lock while reading netdev attributes 2020-12-08 10:40:23 +01:00
drop_monitor.c
dst.c
dst_cache.c
ethtool.c net: ethtool: clear heap allocations for ethtool function 2021-06-30 08:47:47 -04:00
failover.c
fib_notifier.c
fib_rules.c fib: Return the correct errno code 2021-06-18 09:59:00 +02:00
filter.c bpf: Do not change gso_size during bpf_skb_change_proto() 2021-07-14 16:53:32 +02:00
flow_dissector.c flow_dissector: Fix out-of-bounds warnings 2021-09-22 12:26:29 +02:00
flow_offload.c
gen_estimator.c net_sched: gen_estimator: support large ewma log 2021-02-07 15:35:47 +01:00
gen_stats.c
gro_cells.c
hwbm.c
link_watch.c net: linkwatch: fix failure to restore device state across suspend/resume 2021-08-18 08:57:00 +02:00
lwt_bpf.c lwt: Disable BH too in run_lwt_bpf() 2020-12-30 11:51:30 +01:00
lwtunnel.c
Makefile
neighbour.c neighbour: allow NUD_NOARP entries to be forced GCed 2021-06-10 13:37:16 +02:00
net-procfs.c
net-sysfs.c net-sysfs: take the rtnl lock when accessing xps_rxqs_map and num_tc 2021-01-12 20:16:13 +01:00
net-sysfs.h
net-traces.c
net_namespace.c netns: protect netns ID lookups with RCU 2021-09-15 09:47:31 +02:00
netclassid_cgroup.c
netevent.c
netpoll.c net: Have netpoll bring-up DSA management interface 2020-11-24 13:28:57 +01:00
netprio_cgroup.c
page_pool.c mm: fix struct page layout on 32-bit systems 2021-05-19 10:08:31 +02:00
pktgen.c pktgen: fix misuse of BUG_ON() in pktgen_thread_worker() 2021-03-07 12:20:44 +01:00
ptp_classifier.c
request_sock.c
rtnetlink.c rtnetlink: Return correct error on changing device netns 2021-09-03 10:08:14 +02:00
scm.c
secure_seq.c
skbuff.c net: Fix zero-copy head len calculation. 2021-08-08 09:04:08 +02:00
skmsg.c bpf, sockmap: Avoid returning unneeded EAGAIN when redirecting to self 2020-11-24 13:29:19 +01:00
sock.c af_unix: fix races in sk_peer_pid and sk_peer_cred accesses 2021-10-06 15:42:35 +02:00
sock_diag.c
sock_map.c bpf: sockmap: Require attach_bpf_fd when detaching a program 2020-08-07 09:34:02 +02:00
sock_reuseport.c udp: Prevent reuseport_select_sock from reading uninitialized socks 2021-01-23 15:57:56 +01:00
stream.c
sysctl_net_core.c bpf: Check correct cred for CAP_SYSLOG in bpf_dump_raw_ok() 2020-07-16 08:16:45 +02:00
timestamping.c
tso.c
utils.c
xdp.c