[PATCH 3.10 091/139] net: ping: do not abuse udp_poll()

Wed, 01 Nov 2017 14:50:16 -0700 

From: Eric Dumazet <eduma...@google.com>

commit 77d4b1d36926a9b8387c6b53eeba42bcaaffcea3 upstream.

Alexander reported various KASAN messages triggered in recent kernels

The problem is that ping sockets should not use udp_poll() in the first
place, and recent changes in UDP stack finally exposed this old bug.

Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind")
Fixes: 6d0bfe226116 ("net: ipv6: Add IPv6 support to the ping socket.")
Signed-off-by: Eric Dumazet <eduma...@google.com>
Reported-by: Sasha Levin <alexander.le...@verizon.com>
Cc: Solar Designer <so...@openwall.com>
Cc: Vasiliy Kulikov <seg...@openwall.com>
Cc: Lorenzo Colitti <lore...@google.com>
Acked-By: Lorenzo Colitti <lore...@google.com>
Tested-By: Lorenzo Colitti <lore...@google.com>
Signed-off-by: David S. Miller <da...@davemloft.net>
[wt: removed the parts related to ping6 as 6d0bfe226116 is not in 3.10]

Signed-off-by: Willy Tarreau <w...@1wt.eu>
---
 include/net/ipv6.h | 1 +
 net/ipv4/af_inet.c | 2 +-
 net/ipv6/raw.c     | 2 +-
 3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 413e23b..1c96547c 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -822,6 +822,7 @@ extern int inet6_hash_connect(struct 
inet_timewait_death_row *death_row,
  */
 extern const struct proto_ops inet6_stream_ops;
 extern const struct proto_ops inet6_dgram_ops;
+extern const struct proto_ops inet6_sockraw_ops;
 
 struct group_source_req;
 struct group_filter;
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 975c369..03610eb 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1053,7 +1053,7 @@ static struct inet_protosw inetsw_array[] =
                .type =       SOCK_DGRAM,
                .protocol =   IPPROTO_ICMP,
                .prot =       &ping_prot,
-               .ops =        &inet_dgram_ops,
+               .ops =        &inet_sockraw_ops,
                .no_check =   UDP_CSUM_DEFAULT,
                .flags =      INET_PROTOSW_REUSE,
        },
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index c7ce2be..a05e1f1 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -1319,7 +1319,7 @@ void raw6_proc_exit(void)
 #endif /* CONFIG_PROC_FS */
 
 /* Same as inet6_dgram_ops, sans udp_poll.  */
-static const struct proto_ops inet6_sockraw_ops = {
+const struct proto_ops inet6_sockraw_ops = {
        .family            = PF_INET6,
        .owner             = THIS_MODULE,
        .release           = inet6_release,
-- 
2.8.0.rc2.1.gbe9624a

Reply via email to