Git-Mirrors/DivestOS
1
0
Fork 0
mirror of https://github.com/Divested-Mobile/DivestOS-Build.git synced 2025-01-03 03:40:59 -05:00
Code Issues Packages Projects Releases Wiki Activity
92a0187dfb
DivestOS/Patches/Linux_CVEs-New/CVE-2017-6346/3.18/1.patch
Tad 92a0187dfb Overhaul CVE patches
2017-10-29 14:23:02 -04:00

78 lines
6.8 KiB
Diff
Raw Blame History

<!DOCTYPE html><html lang="en"><head><meta charset="utf-8"><title>Diff - be671c7e17454b4f144a8e05268a6071748a8791^! - kernel/common - Git at Google</title><link rel="stylesheet" type="text/css" href="/+static/base.HLL9TqKl0YYybSzmT_wTdw.cache.css"><!-- default customHeadTagPart --></head><body class="Site"><header class="Site-header"><div class="Header"><a class="Header-image" href="/"><img src="//www.gstatic.com/images/branding/lockups/2x/lockup_git_color_108x24dp.png" width="108" height="24" alt="Google Git"></a><div class="Header-menu"> <a class="Header-menuItem" href="https://accounts.google.com/AccountChooser?service=gerritcodereview&amp;continue=https://android.googlesource.com/login/kernel/common/%2B/be671c7e17454b4f144a8e05268a6071748a8791%255E%2521/">Sign in</a> </div></div></header><div class="Site-content"><div class="Container "><div class="Breadcrumbs"><a class="Breadcrumbs-crumb" href="/?format=HTML">android</a> / <a class="Breadcrumbs-crumb" href="/kernel/">kernel</a> / <a class="Breadcrumbs-crumb" href="/kernel/common/">common</a> / <a class="Breadcrumbs-crumb" href="/kernel/common/+/be671c7e17454b4f144a8e05268a6071748a8791%5E%21/">be671c7e17454b4f144a8e05268a6071748a8791^!</a> / <span class="Breadcrumbs-crumb">.</span></div><div class="u-monospace Metadata"><table><tr><th class="Metadata-title">commit</th><td>be671c7e17454b4f144a8e05268a6071748a8791</td><td><span>[<a href="/kernel/common/+log/be671c7e17454b4f144a8e05268a6071748a8791/">log</a>]</span> <span>[<a href="/kernel/common/+archive/be671c7e17454b4f144a8e05268a6071748a8791/.tar.gz">tgz</a>]</span></td></tr><tr><th class="Metadata-title">author</th><td>Eric Dumazet &lt;edumazet@google.com&gt;</td><td>Tue Feb 14 09:03:51 2017 -0800</td></tr><tr><th class="Metadata-title">committer</th><td>Daniel Rosenberg &lt;drosen@google.com&gt;</td><td>Wed Jun 28 16:12:27 2017 -0700</td></tr><tr><th class="Metadata-title">tree</th><td><a href="/kernel/common/+/be671c7e17454b4f144a8e05268a6071748a8791/">7d6651acb88f24380c4371dd42644dc7417c5cf6</a></td></tr><tr><th class="Metadata-title">parent</th><td><a href="/kernel/common/+/be671c7e17454b4f144a8e05268a6071748a8791%5E">bd64c0db093a25b3a58eca9742f8d442fd376d2a</a> <span>[<a href="/kernel/common/+/be671c7e17454b4f144a8e05268a6071748a8791%5E%21/">diff</a>]</span></td></tr></table></div><pre class="u-pre u-monospace MetadataMessage">UPSTREAM: packet: fix races in fanout_add()
commit d199fab63c11998a602205f7ee7ff7c05c97164b upstream.
Multiple threads can call fanout_add() at the same time.
We need to grab fanout_mutex earlier to avoid races that could
lead to one thread freeing po-&gt;rollover that was set by another thread.
Do the same in fanout_release(), for peace of mind, and to help us
finding lockdep issues earlier.
[js] no rollover in 3.12
Fixes: dc99f600698d (&quot;packet: Add fanout support.&quot;)
Fixes: 0648ab70afe6 (&quot;packet: rollover prepare: per-socket state&quot;)
Signed-off-by: Eric Dumazet &lt;edumazet@google.com&gt;
Cc: Willem de Bruijn &lt;willemb@google.com&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
Signed-off-by: Jiri Slaby &lt;jslaby@suse.cz&gt;
Signed-off-by: Willy Tarreau &lt;w@1wt.eu&gt;
(cherry picked from commit 2a272abc4e543f488b3a73292ee75a06f20d077a)
Bug: 37897645
Change-Id: <a href="https://android-review.googlesource.com/#/q/I3b021869ee26b88d10f4d6408ce34d351543ce74">I3b021869ee26b88d10f4d6408ce34d351543ce74</a>
</pre><pre class="u-pre u-monospace Diff"><a name="F0" class="Diff-fileIndex"></a>diff --git <a href="/kernel/common/+/bd64c0db093a25b3a58eca9742f8d442fd376d2a/net/packet/af_packet.c">a/net/packet/af_packet.c</a> <a href="/kernel/common/+/be671c7e17454b4f144a8e05268a6071748a8791/net/packet/af_packet.c">b/net/packet/af_packet.c</a>
index 05cfee7..2ae5ae2 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
</pre><pre class="u-pre u-monospace Diff-unified"><span class="Diff-hunk">@@ -1429,13 +1429,16 @@
</span><span class="Diff-change"> return -EINVAL;</span>
<span class="Diff-change"> }</span>
<span class="Diff-change"> </span>
<span class="Diff-delete">- if (!po-&gt;running)</span>
<span class="Diff-delete">- return -EINVAL;</span>
<span class="Diff-delete">-</span>
<span class="Diff-delete">- if (po-&gt;fanout)</span>
<span class="Diff-delete">- return -EALREADY;</span>
<span class="Diff-delete">-</span>
<span class="Diff-change"> mutex_lock(&amp;fanout_mutex);</span>
<span class="Diff-insert">+</span>
<span class="Diff-insert">+ err = -EINVAL;</span>
<span class="Diff-insert">+ if (!po-&gt;running)</span>
<span class="Diff-insert">+ goto out;</span>
<span class="Diff-insert">+</span>
<span class="Diff-insert">+ err = -EALREADY;</span>
<span class="Diff-insert">+ if (po-&gt;fanout)</span>
<span class="Diff-insert">+ goto out;</span>
<span class="Diff-insert">+</span>
<span class="Diff-change"> match = NULL;</span>
<span class="Diff-change"> list_for_each_entry(f, &amp;fanout_list, list) {</span>
<span class="Diff-change"> if (f-&gt;id == id &amp;&amp;</span>
<span class="Diff-hunk">@@ -1491,17 +1494,16 @@
</span><span class="Diff-change"> struct packet_sock *po = pkt_sk(sk);</span>
<span class="Diff-change"> struct packet_fanout *f;</span>
<span class="Diff-change"> </span>
<span class="Diff-delete">- f = po-&gt;fanout;</span>
<span class="Diff-delete">- if (!f)</span>
<span class="Diff-delete">- return;</span>
<span class="Diff-delete">-</span>
<span class="Diff-change"> mutex_lock(&amp;fanout_mutex);</span>
<span class="Diff-delete">- po-&gt;fanout = NULL;</span>
<span class="Diff-insert">+ f = po-&gt;fanout;</span>
<span class="Diff-insert">+ if (f) {</span>
<span class="Diff-insert">+ po-&gt;fanout = NULL;</span>
<span class="Diff-change"> </span>
<span class="Diff-delete">- if (atomic_dec_and_test(&amp;f-&gt;sk_ref)) {</span>
<span class="Diff-delete">- list_del(&amp;f-&gt;list);</span>
<span class="Diff-delete">- dev_remove_pack(&amp;f-&gt;prot_hook);</span>
<span class="Diff-delete">- kfree(f);</span>
<span class="Diff-insert">+ if (atomic_dec_and_test(&amp;f-&gt;sk_ref)) {</span>
<span class="Diff-insert">+ list_del(&amp;f-&gt;list);</span>
<span class="Diff-insert">+ dev_remove_pack(&amp;f-&gt;prot_hook);</span>
<span class="Diff-insert">+ kfree(f);</span>
<span class="Diff-insert">+ }</span>
<span class="Diff-change"> }</span>
<span class="Diff-change"> mutex_unlock(&amp;fanout_mutex);</span>
<span class="Diff-change"> }</span>
</pre></div> <!-- Container --></div> <!-- Site-content --><!-- default customFooter --><footer class="Site-footer"><div class="Footer"><span class="Footer-poweredBy">Powered by <a href="https://gerrit.googlesource.com/gitiles/">Gitiles</a></span><span class="Footer-formats"><a class="u-monospace Footer-formatsItem" href="?format=TEXT">txt</a> <a class="u-monospace Footer-formatsItem" href="?format=JSON">json</a></span></div></footer></body></html>
Reference in New Issue View Git Blame Copy Permalink