[PATCH net] calipso: unlock rcu before returning -EAFNOSUPPORT
2 views
Skip to first unread message
Eric Dumazet
Jun 4, 2025, 9:38:40 AM6/4/25
to David S . Miller, Jakub Kicinski, Paolo Abeni, Simon Horman, net...@vger.kernel.org, eric.d...@gmail.com, Eric Dumazet, syzbot, Kuniyuki Iwashima, Paul Moore, linux-secu...@vger.kernel.org
syzbot reported that a recent patch forgot to unlock rcu
in the error path.
Adopt the convention that netlbl_conn_setattr() is already using.
Fixes: 6e9f2df1c550 ("calipso: Don't call calipso functions for AF_INET sk.")
Reported-by: syzbot <syzk...@googlegroups.com>
Signed-off-by: Eric Dumazet <edum...@google.com>
Cc: Kuniyuki Iwashima <kun...@amazon.com>
Acked-by: Paul Moore <pa...@paul-moore.com>
Cc: linux-secu...@vger.kernel.org
---
net/netlabel/netlabel_kapi.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 6ea16138582c0b6ad39608f2c08bdfde7493a13e..33b77084a4e5f34770f960d7c82e481d9889753a 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -1165,8 +1165,10 @@ int netlbl_conn_setattr(struct sock *sk,
break;
#if IS_ENABLED(CONFIG_IPV6)
case AF_INET6:
- if (sk->sk_family != AF_INET6)
- return -EAFNOSUPPORT;
+ if (sk->sk_family != AF_INET6) {
+ ret_val = -EAFNOSUPPORT;
+ goto conn_setattr_return;
+ }
addr6 = (struct sockaddr_in6 *)addr;
entry = netlbl_domhsh_getentry_af6(secattr->domain,
--
2.50.0.rc0.604.gd4ff7b7c86-goog
in the error path.
Adopt the convention that netlbl_conn_setattr() is already using.
Fixes: 6e9f2df1c550 ("calipso: Don't call calipso functions for AF_INET sk.")
Reported-by: syzbot <syzk...@googlegroups.com>
Signed-off-by: Eric Dumazet <edum...@google.com>
Cc: Kuniyuki Iwashima <kun...@amazon.com>
Acked-by: Paul Moore <pa...@paul-moore.com>
Cc: linux-secu...@vger.kernel.org
---
net/netlabel/netlabel_kapi.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index 6ea16138582c0b6ad39608f2c08bdfde7493a13e..33b77084a4e5f34770f960d7c82e481d9889753a 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -1165,8 +1165,10 @@ int netlbl_conn_setattr(struct sock *sk,
break;
#if IS_ENABLED(CONFIG_IPV6)
case AF_INET6:
- if (sk->sk_family != AF_INET6)
- return -EAFNOSUPPORT;
+ if (sk->sk_family != AF_INET6) {
+ ret_val = -EAFNOSUPPORT;
+ goto conn_setattr_return;
+ }
addr6 = (struct sockaddr_in6 *)addr;
entry = netlbl_domhsh_getentry_af6(secattr->domain,
--
2.50.0.rc0.604.gd4ff7b7c86-goog
Kuniyuki Iwashima
Jun 4, 2025, 12:00:04 PM6/4/25
to edum...@google.com, da...@davemloft.net, eric.d...@gmail.com, ho...@kernel.org, ku...@kernel.org, kun...@amazon.com, linux-secu...@vger.kernel.org, net...@vger.kernel.org, pab...@redhat.com, pa...@paul-moore.com, syzk...@googlegroups.com
From: Eric Dumazet <edum...@google.com>
Date: Wed, 4 Jun 2025 13:38:26 +0000
Reviewed-by Kuniyuki Iwashima <kuni...@gmail.com>
Date: Wed, 4 Jun 2025 13:38:26 +0000
> syzbot reported that a recent patch forgot to unlock rcu
> in the error path.
>
> Adopt the convention that netlbl_conn_setattr() is already using.
>
> Fixes: 6e9f2df1c550 ("calipso: Don't call calipso functions for AF_INET sk.")
> Reported-by: syzbot <syzk...@googlegroups.com>
> Signed-off-by: Eric Dumazet <edum...@google.com>
> Cc: Kuniyuki Iwashima <kun...@amazon.com>
> Acked-by: Paul Moore <pa...@paul-moore.com>
> Cc: linux-secu...@vger.kernel.org
Thanks for cathcing this!
> in the error path.
>
> Adopt the convention that netlbl_conn_setattr() is already using.
>
> Fixes: 6e9f2df1c550 ("calipso: Don't call calipso functions for AF_INET sk.")
> Reported-by: syzbot <syzk...@googlegroups.com>
> Signed-off-by: Eric Dumazet <edum...@google.com>
> Cc: Kuniyuki Iwashima <kun...@amazon.com>
> Acked-by: Paul Moore <pa...@paul-moore.com>
> Cc: linux-secu...@vger.kernel.org
Reviewed-by Kuniyuki Iwashima <kuni...@gmail.com>
patchwork-b...@kernel.org
Jun 5, 2025, 11:20:11 AM6/5/25
to Eric Dumazet, da...@davemloft.net, ku...@kernel.org, pab...@redhat.com, ho...@kernel.org, net...@vger.kernel.org, eric.d...@gmail.com, syzk...@googlegroups.com, kun...@amazon.com, pa...@paul-moore.com, linux-secu...@vger.kernel.org
Hello:
This patch was applied to netdev/net.git (main)
by Jakub Kicinski <ku...@kernel.org>:
On Wed, 4 Jun 2025 13:38:26 +0000 you wrote:
> syzbot reported that a recent patch forgot to unlock rcu
> in the error path.
>
> Adopt the convention that netlbl_conn_setattr() is already using.
>
> Fixes: 6e9f2df1c550 ("calipso: Don't call calipso functions for AF_INET sk.")
> Reported-by: syzbot <syzk...@googlegroups.com>
> Signed-off-by: Eric Dumazet <edum...@google.com>
> Cc: Kuniyuki Iwashima <kun...@amazon.com>
> Acked-by: Paul Moore <pa...@paul-moore.com>
> Cc: linux-secu...@vger.kernel.org
>
> [...]
Here is the summary with links:
- [net] calipso: unlock rcu before returning -EAFNOSUPPORT
https://git.kernel.org/netdev/net/c/3cae906e1a61
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
This patch was applied to netdev/net.git (main)
by Jakub Kicinski <ku...@kernel.org>:
On Wed, 4 Jun 2025 13:38:26 +0000 you wrote:
> syzbot reported that a recent patch forgot to unlock rcu
> in the error path.
>
> Adopt the convention that netlbl_conn_setattr() is already using.
>
> Fixes: 6e9f2df1c550 ("calipso: Don't call calipso functions for AF_INET sk.")
> Reported-by: syzbot <syzk...@googlegroups.com>
> Signed-off-by: Eric Dumazet <edum...@google.com>
> Cc: Kuniyuki Iwashima <kun...@amazon.com>
> Acked-by: Paul Moore <pa...@paul-moore.com>
> Cc: linux-secu...@vger.kernel.org
>
Here is the summary with links:
- [net] calipso: unlock rcu before returning -EAFNOSUPPORT
https://git.kernel.org/netdev/net/c/3cae906e1a61
You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html
Reply all
Reply to author
Forward
0 new messages