tmakin/ack-tegra
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge 5f7f6abd92 ("net: Fix null-ptr-deref by sock_lock_init_class_and_name() and rmmod.") into android16-6.12-lts

Browse Source 
Steps on the way to 6.12.24

Resolves merge conflicts in:
	include/net/sock.h

Change-Id: Iad709683ab2604d124bedc3902f48588b28253bb
Signed-off-by: Greg Kroah-Hartman <gregkh@google.com>
This commit is contained in:
Greg Kroah-Hartman
2025-05-09 12:03:28 +00:00
parent fbffc72bf0 5f7f6abd92
commit 7e9686596c
2 changed files with 43 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
include/net/sock.h
+38 -2
View File
@@ -339,6 +339,8 @@ struct sk_filter;
* @sk_txtime_unused: unused txtime flags * @sk_txtime_unused: unused txtime flags
* @ns_tracker: tracker for netns reference * @ns_tracker: tracker for netns reference
* @sk_user_frags: xarray of pages the user is holding a reference on. * @sk_user_frags: xarray of pages the user is holding a reference on.
* @sk_owner: reference to the real owner of the socket that calls
* sock_lock_init_class_and_name().
*/ */
struct sock { struct sock {
/* /*
@@ -546,6 +548,10 @@ struct sock {
netns_tracker ns_tracker; netns_tracker ns_tracker;
struct xarray sk_user_frags; struct xarray sk_user_frags;
#if IS_ENABLED(CONFIG_PROVE_LOCKING) && IS_ENABLED(CONFIG_MODULES)
struct module *sk_owner;
#endif
ANDROID_OEM_DATA(1); ANDROID_OEM_DATA(1);
}; };
@@ -1588,6 +1594,35 @@ static inline void sk_mem_uncharge(struct sock *sk, int size)
sk_mem_reclaim(sk); sk_mem_reclaim(sk);
} }
#if IS_ENABLED(CONFIG_PROVE_LOCKING) && IS_ENABLED(CONFIG_MODULES)
static inline void sk_owner_set(struct sock *sk, struct module *owner)
{
__module_get(owner);
sk->sk_owner = owner;
}
static inline void sk_owner_clear(struct sock *sk)
{
sk->sk_owner = NULL;
}
static inline void sk_owner_put(struct sock *sk)
{
module_put(sk->sk_owner);
}
#else
static inline void sk_owner_set(struct sock *sk, struct module *owner)
{
}
static inline void sk_owner_clear(struct sock *sk)
{
}
static inline void sk_owner_put(struct sock *sk)
{
}
#endif
/* /*
* Macro so as to not evaluate some arguments when * Macro so as to not evaluate some arguments when
* lockdep is not enabled. * lockdep is not enabled.
@@ -1597,13 +1632,14 @@ static inline void sk_mem_uncharge(struct sock *sk, int size)
*/ */
#define sock_lock_init_class_and_name(sk, sname, skey, name, key) \ #define sock_lock_init_class_and_name(sk, sname, skey, name, key) \
do { \ do { \
sk_owner_set(sk, THIS_MODULE); \
sk->sk_lock.owned = 0; \ sk->sk_lock.owned = 0; \
init_waitqueue_head(&sk->sk_lock.wq); \ init_waitqueue_head(&sk->sk_lock.wq); \
spin_lock_init(&(sk)->sk_lock.slock); \ spin_lock_init(&(sk)->sk_lock.slock); \
debug_check_no_locks_freed((void *)&(sk)->sk_lock, \ debug_check_no_locks_freed((void *)&(sk)->sk_lock, \
sizeof((sk)->sk_lock)); \ sizeof((sk)->sk_lock)); \
lockdep_set_class_and_name(&(sk)->sk_lock.slock, \ lockdep_set_class_and_name(&(sk)->sk_lock.slock, \
(skey), (sname)); \ (skey), (sname)); \
lockdep_init_map(&(sk)->sk_lock.dep_map, (name), (key), 0); \ lockdep_init_map(&(sk)->sk_lock.dep_map, (name), (key), 0); \
} while (0) } while (0)
net/core/sock.c
+5
View File
@@ -2109,6 +2109,8 @@ lenout:
*/ */
static inline void sock_lock_init(struct sock *sk) static inline void sock_lock_init(struct sock *sk)
{ {
sk_owner_clear(sk);
if (sk->sk_kern_sock) if (sk->sk_kern_sock)
sock_lock_init_class_and_name( sock_lock_init_class_and_name(
sk, sk,
@@ -2206,6 +2208,9 @@ static void sk_prot_free(struct proto *prot, struct sock *sk)
mem_cgroup_sk_free(sk); mem_cgroup_sk_free(sk);
trace_android_vh_sk_free(sk); trace_android_vh_sk_free(sk);
security_sk_free(sk); security_sk_free(sk);
sk_owner_put(sk);
if (slab != NULL) if (slab != NULL)
kmem_cache_free(slab, sk); kmem_cache_free(slab, sk);
else else