Merge branch ' bpf fix for unconnect af_unix socket'

John Fastabend says: ==================== Eric reported a syzbot splat from a null ptr deref from recent fix to resolve a use-after-free with af-unix stream sockets and BPF sockmap usage. The issue is I missed is we allow unconnected af_unix STREAM sockets to be added to the sockmap. Fix this by blocking unconnected sockets. v2: change sk_is_unix to sk_is_stream_unix (Eric) and remove duplicate ASSERTS in selftests the xsocket helper already marks FAIL (Jakub) ==================== Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
author: Martin KaFai Lau <martin.lau@kernel.org> 2023-12-13 16:21:53 -0800
committer: Martin KaFai Lau <martin.lau@kernel.org> 2023-12-13 16:33:17 -0800
commit: 2f2fee2bf74a7e31d06fc6cb7ba2bd4dd7753c99 (patch)
tree: fa6dcb7f84468e7631a8be8d1f4eb3b318d9d66f /net/core/sock_map.c
parent: e307b5a845c5951dabafc48d00b6424ee64716c4 (diff)
parent: 50d96f05af6787a34b4eca2ee3fc1993289c4c24 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/net/core/sock_map.c b/net/core/sock_map.c
index 4292c2ed1828..27d733c0f65e 100644
--- a/net/core/sock_map.c
+++ b/net/core/sock_map.c
@@ -536,6 +536,8 @@ static bool sock_map_sk_state_allowed(const struct sock *sk)
 {
 	if (sk_is_tcp(sk))
 		return (1 << sk->sk_state) & (TCPF_ESTABLISHED | TCPF_LISTEN);
+	if (sk_is_stream_unix(sk))
+		return (1 << sk->sk_state) & TCPF_ESTABLISHED;
 	return true;
 }
author	Martin KaFai Lau <martin.lau@kernel.org>	2023-12-13 16:21:53 -0800
committer	Martin KaFai Lau <martin.lau@kernel.org>	2023-12-13 16:33:17 -0800
commit	2f2fee2bf74a7e31d06fc6cb7ba2bd4dd7753c99 (patch)
tree	fa6dcb7f84468e7631a8be8d1f4eb3b318d9d66f /net/core/sock_map.c
parent	e307b5a845c5951dabafc48d00b6424ee64716c4 (diff)
parent	50d96f05af6787a34b4eca2ee3fc1993289c4c24 (diff)