Unverified Commit b3e51d1b authored by openeuler-ci-bot's avatar openeuler-ci-bot Committed by Gitee
Browse files

!10280 v2 CVE-2022-48816 

Merge Pull Request from: @ci-robot 
 
PR sync from: Liu Jian <liujian56@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/DWBOKD2QYO2ITYO37P4BRTEG2PPYN3SB/ 
CVE-2022-48816

NeilBrown (1):
  SUNRPC: lock against ->sock changing during sysfs read

Trond Myklebust (1):
  SUNRPC: Do not dereference non-socket transports in sysfs


-- 
2.34.1
 
https://gitee.com/src-openeuler/kernel/issues/IADG5L 
 
Link:https://gitee.com/openeuler/kernel/pulls/10280

 

Reviewed-by: default avatarYue Haibing <yuehaibing@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parents ba9f4e20 81495184

include/linux/sunrpc/xprt.h

+3 −0
Original line number Diff line number Diff line
@@ -147,6 +147,9 @@ struct rpc_xprt_ops { 
	void		(*rpcbind)(struct rpc_task *task);

	void		(*set_port)(struct rpc_xprt *xprt, unsigned short port);

	void		(*connect)(struct rpc_xprt *xprt, struct rpc_task *task);

	int		(*get_srcaddr)(struct rpc_xprt *xprt, char *buf,

				       size_t buflen);

	unsigned short	(*get_srcport)(struct rpc_xprt *xprt);

	int		(*buf_alloc)(struct rpc_task *task);

	void		(*buf_free)(struct rpc_task *task);

	void		(*prepare_request)(struct rpc_rqst *req);

include/linux/sunrpc/xprtsock.h

+0 −1
Original line number Diff line number Diff line
@@ -10,7 +10,6 @@ 


int		init_socket_xprt(void);

void		cleanup_socket_xprt(void);

unsigned short	get_srcport(struct rpc_xprt *);



#define RPC_MIN_RESVPORT	(1U)

#define RPC_MAX_RESVPORT	(65535U)

net/sunrpc/xprtsock.c

+30 −3
Original line number Diff line number Diff line
@@ -1673,12 +1673,35 @@ static int xs_get_srcport(struct sock_xprt *transport) 
	return port;

}



unsigned short get_srcport(struct rpc_xprt *xprt)

static unsigned short xs_sock_srcport(struct rpc_xprt *xprt)

{

	struct sock_xprt *sock = container_of(xprt, struct sock_xprt, xprt);

	return xs_sock_getport(sock->sock);

	unsigned short ret = 0;

	mutex_lock(&sock->recv_mutex);

	if (sock->sock)

		ret = xs_sock_getport(sock->sock);

	mutex_unlock(&sock->recv_mutex);

	return ret;

}



static int xs_sock_srcaddr(struct rpc_xprt *xprt, char *buf, size_t buflen)

{

	struct sock_xprt *sock = container_of(xprt, struct sock_xprt, xprt);

	union {

		struct sockaddr sa;

		struct sockaddr_storage st;

	} saddr;

	int ret = -ENOTCONN;



	mutex_lock(&sock->recv_mutex);

	if (sock->sock) {

		ret = kernel_getsockname(sock->sock, &saddr.sa);

		if (ret >= 0)

			ret = snprintf(buf, buflen, "%pISc", &saddr.sa);

	}

	mutex_unlock(&sock->recv_mutex);

	return ret;

}

EXPORT_SYMBOL(get_srcport);



static unsigned short xs_next_srcport(struct sock_xprt *transport, unsigned short port)

{
@@ -2660,6 +2683,8 @@ static const struct rpc_xprt_ops xs_udp_ops = { 
	.rpcbind		= rpcb_getport_async,

	.set_port		= xs_set_port,

	.connect		= xs_connect,

	.get_srcaddr		= xs_sock_srcaddr,

	.get_srcport		= xs_sock_srcport,

	.buf_alloc		= rpc_malloc,

	.buf_free		= rpc_free,

	.send_request		= xs_udp_send_request,
@@ -2682,6 +2707,8 @@ static const struct rpc_xprt_ops xs_tcp_ops = { 
	.rpcbind		= rpcb_getport_async,

	.set_port		= xs_set_port,

	.connect		= xs_connect,

	.get_srcaddr		= xs_sock_srcaddr,

	.get_srcport		= xs_sock_srcport,

	.buf_alloc		= rpc_malloc,

	.buf_free		= rpc_free,

	.prepare_request	= xs_stream_prepare_request,