Headline
CVE-2017-6346: packet: fix races in fanout_add() · torvalds/linux@d199fab
Race condition in net/packet/af_packet.c in the Linux kernel before 4.9.13 allows local users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a multithreaded application that makes PACKET_FANOUT setsockopt system calls.
Commit
Permalink
Browse files
Browse the repository at this point in the history
packet: fix races in fanout_add()
Multiple threads can call fanout_add() at the same time.
We need to grab fanout_mutex earlier to avoid races that could lead to one thread freeing po->rollover that was set by another thread.
Do the same in fanout_release(), for peace of mind, and to help us finding lockdep issues earlier.
Fixes: dc99f60 (“packet: Add fanout support.”) Fixes: 0648ab7 (“packet: rollover prepare: per-socket state”) Signed-off-by: Eric Dumazet [email protected] Cc: Willem de Bruijn [email protected] Signed-off-by: David S. Miller [email protected]
- Loading branch information