]> www.infradead.org Git - users/jedix/linux-maple.git/commit
projects / users / jedix / linux-maple.git / commit
summary | shortlog | log | commit | commitdiff | tree
(parent: ead31ff) | patch
packet: fix tp_reserve race in packet_set_ring
authorWillem de Bruijn <willemb@google.com>
Thu, 10 Aug 2017 16:41:58 +0000 (12:41 -0400)
committerChuck Anderson <chuck.anderson@oracle.com>
Mon, 28 Aug 2017 04:58:31 +0000 (21:58 -0700)
commit25571edd527ecf080be2e498499fe926ae213f56
treeaa48cfe57b890cb188865726221a6598db76a5a1tree
parentead31ffa566d067e687d5b087d81a03cbbbc8b99commit | diff
packet: fix tp_reserve race in packet_set_ring

Orabug: 26681154
CVE: CVE-2017-1000111

Updates to tp_reserve can race with reads of the field in
packet_set_ring. Avoid this by holding the socket lock during
updates in setsockopt PACKET_RESERVE.

This bug was discovered by syzkaller.

Fixes: 8913336a7e8d ("packet: add PACKET_RESERVE sockopt")
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit c27927e372f0785f3303e8fad94b85945e2c97b7)
Signed-off-by: Brian Maly <brian.maly@oracle.com>
net/packet/af_packet.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.