Commit 6710cc9d authored by Jason Xing's avatar Jason Xing Committed by Hongbo Li
Browse files

netrom: Fix data-races around sysctl_net_busy_read 

stable inclusion
from stable-v5.10.213
commit bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9Q94D
CVE: CVE-2024-27419

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=bbf950a6e96a91cf8cf0c71117b94ed3fafc9dd3



--------------------------------

[ Upstream commit d380ce70058a4ccddc3e5f5c2063165dc07672c6 ]

We need to protect the reader reading the sysctl value because the
value can be changed concurrently.

Fixes: 1da177e4 ("Linux-2.6.12-rc2")
Signed-off-by: default avatarJason Xing <kernelxing@tencent.com>
Signed-off-by: default avatarPaolo Abeni <pabeni@redhat.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
Signed-off-by: default avatarHongbo Li <lihongbo22@huawei.com>
parent 80a0681e

net/netrom/af_netrom.c

+1 −1
Original line number Diff line number Diff line
@@ -954,7 +954,7 @@ int nr_rx_frame(struct sk_buff *skb, struct net_device *dev) 
		 * G8PZT's Xrouter which is sending packets with command type 7

		 * as an extension of the protocol.

		 */

		if (sysctl_netrom_reset_circuit &&

		if (READ_ONCE(sysctl_netrom_reset_circuit) &&

		    (frametype != NR_RESET || flags != 0))

			nr_transmit_reset(skb, 1);

net/netrom/nr_in.c

+3 −3
Original line number Diff line number Diff line
@@ -97,7 +97,7 @@ static int nr_state1_machine(struct sock *sk, struct sk_buff *skb, 
		break;



	case NR_RESET:

		if (sysctl_netrom_reset_circuit)

		if (READ_ONCE(sysctl_netrom_reset_circuit))

			nr_disconnect(sk, ECONNRESET);

		break;
@@ -128,7 +128,7 @@ static int nr_state2_machine(struct sock *sk, struct sk_buff *skb, 
		break;



	case NR_RESET:

		if (sysctl_netrom_reset_circuit)

		if (READ_ONCE(sysctl_netrom_reset_circuit))

			nr_disconnect(sk, ECONNRESET);

		break;
@@ -263,7 +263,7 @@ static int nr_state3_machine(struct sock *sk, struct sk_buff *skb, int frametype 
		break;



	case NR_RESET:

		if (sysctl_netrom_reset_circuit)

		if (READ_ONCE(sysctl_netrom_reset_circuit))

			nr_disconnect(sk, ECONNRESET);

		break;