Commit e5571240 authored by Tom Herbert's avatar Tom Herbert Committed by David S. Miller

kcm: Check if sk_user_data already set in kcm_attach

This is needed to prevent sk_user_data being overwritten.
The check is done under the callback lock. This should prevent
a socket from being attached twice to a KCM mux. It also prevents
a socket from being attached for other use cases of sk_user_data
as long as the other cases set sk_user_data under the lock.
Followup work is needed to unify all the use cases of sk_user_data
to use the same locking.

Fixes: ab7ac4eb ("kcm: Kernel Connection Multiplexor module")
Signed-off-by: default avatarTom Herbert <>
Reviewed-by: default avatarEric Dumazet <>
Signed-off-by: default avatarDavid S. Miller <>
parent 581e7226
......@@ -1410,9 +1410,18 @@ static int kcm_attach(struct socket *sock, struct socket *csock,
return err;
/* Check if sk_user_data is aready by KCM or someone else.
* Must be done under lock to prevent race conditions.
if (csk->sk_user_data) {
kmem_cache_free(kcm_psockp, psock);
return -EALREADY;
psock->save_data_ready = csk->sk_data_ready;
psock->save_write_space = csk->sk_write_space;
psock->save_state_change = csk->sk_state_change;
......@@ -1420,8 +1429,11 @@ static int kcm_attach(struct socket *sock, struct socket *csock,
csk->sk_data_ready = psock_data_ready;
csk->sk_write_space = psock_write_space;
csk->sk_state_change = psock_state_change;
/* Finished initialization, now add the psock to the MUX. */
head = &mux->psocks;
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment