git.somdevices.com Git - linux.git/commit

author	Alexander Popov <alex.popov@linux.com>
	Mon, 1 Feb 2021 08:47:19 +0000 (11:47 +0300)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Wed, 3 Feb 2021 22:28:52 +0000 (23:28 +0100)
commit	55d900415b81680bcd5f93be51f26ebfc51ac6fb
tree	dafa0e35f85d8031f6da02d5fcb0cd09a1033dd5	tree \| snapshot
parent	a9cd144eb74505420ce73047bed2bd5dca572d50	commit \| diff

vsock: fix the race conditions in multi-transport support

commit c518adafa39f37858697ac9309c6cf1805581446 upstream.

There are multiple similar bugs implicitly introduced by the
commit c0cfa2d8a788fcf4 ("vsock: add multi-transports support") and
commit 6a2c0962105ae8ce ("vsock: prevent transport modules unloading").

The bug pattern:
[1] vsock_sock.transport pointer is copied to a local variable,
[2] lock_sock() is called,
[3] the local variable is used.
VSOCK multi-transport support introduced the race condition:
vsock_sock.transport value may change between [1] and [2].

Let's copy vsock_sock.transport pointer to local variables after
the lock_sock() call.

Fixes: c0cfa2d8a788fcf4 ("vsock: add multi-transports support")
Signed-off-by: Alexander Popov <alex.popov@linux.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Jorgen Hansen <jhansen@vmware.com>
Link: https://lore.kernel.org/r/20210201084719.2257066-1-alex.popov@linux.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>