kcm: Check if sk_user_data already set in kcm_attach
authorTom Herbert <tom@quantonium.net>
Wed, 24 Jan 2018 20:35:41 +0000 (12:35 -0800)
committerDavid S. Miller <davem@davemloft.net>
Wed, 24 Jan 2018 20:54:30 +0000 (15:54 -0500)
commite5571240236c5652f3e079b1d5866716a7ad819c
tree1541ccbaf77a4b034f515865927e175bb7e00bc0
parent581e7226a5d43f629eb6399a121f85f6a15f81be
kcm: Check if sk_user_data already set in kcm_attach

This is needed to prevent sk_user_data being overwritten.
The check is done under the callback lock. This should prevent
a socket from being attached twice to a KCM mux. It also prevents
a socket from being attached for other use cases of sk_user_data
as long as the other cases set sk_user_data under the lock.
Followup work is needed to unify all the use cases of sk_user_data
to use the same locking.

Reported-by: syzbot+114b15f2be420a8886c3@syzkaller.appspotmail.com
Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
Signed-off-by: Tom Herbert <tom@quantonium.net>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/kcm/kcmsock.c