diff options
| author | David Howells <[email protected]> | 2023-07-07 10:12:38 +0100 |
|---|---|---|
| committer | Herbert Xu <[email protected]> | 2023-07-08 22:48:42 +1000 |
| commit | 0b7ec177b589842c0abf9e91459c83ba28d32452 (patch) | |
| tree | 31082b1925f8697113c73038e890650f12986a59 /net/unix | |
| parent | 9e9311e04e63ede92be98425efd843f9836336bd (diff) | |
crypto: algif_hash - Fix race between MORE and non-MORE sends
The 'MSG_MORE' state of the previous sendmsg() is fetched without the
socket lock held, so two sendmsg calls can race. This can be seen with a
large sendfile() as that now does a series of sendmsg() calls, and if a
write() comes in on the same socket at an inopportune time, it can flip the
state.
Fix this by moving the fetch of ctx->more inside the socket lock.
Fixes: c662b043cdca ("crypto: af_alg/hash: Support MSG_SPLICE_PAGES")
Reported-by: [email protected]
Link: https://lore.kernel.org/r/[email protected]/
Signed-off-by: David Howells <[email protected]>
Tested-by: [email protected]
cc: Herbert Xu <[email protected]>
cc: Paolo Abeni <[email protected]>
cc: "David S. Miller" <[email protected]>
cc: Eric Dumazet <[email protected]>
cc: Jakub Kicinski <[email protected]>
cc: [email protected]
cc: [email protected]
Signed-off-by: Herbert Xu <[email protected]>
Diffstat (limited to 'net/unix')
0 files changed, 0 insertions, 0 deletions