From patchwork Thu Mar 31 23:29:40 2016
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Hannes Frederic Sowa <hannes@stressinduktion.org>
X-Patchwork-Id: 604542
X-Patchwork-Delegate: davem@davemloft.net
Return-Path: <netdev-owner@vger.kernel.org>
X-Original-To: patchwork-incoming@ozlabs.org
Delivered-To: patchwork-incoming@ozlabs.org
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by ozlabs.org (Postfix) with ESMTP id 3qbgj64MRVz9s9Z
	for <patchwork-incoming@ozlabs.org>;
	Fri,  1 Apr 2016 10:30:02 +1100 (AEDT)
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=stressinduktion.org
	header.i=@stressinduktion.org header.b=NNyIv78Y;
	dkim=pass (1024-bit key;
	unprotected) header.d=messagingengine.com
	header.i=@messagingengine.com header.b=Jvo9ugtf;
	dkim-atps=neutral
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1757502AbcCaX37 (ORCPT <rfc822;patchwork-incoming@ozlabs.org>);
	Thu, 31 Mar 2016 19:29:59 -0400
Received: from out5-smtp.messagingengine.com ([66.111.4.29]:57884 "EHLO
	out5-smtp.messagingengine.com" rhost-flags-OK-OK-OK-OK)
	by vger.kernel.org with ESMTP id S1753103AbcCaX34 (ORCPT
	<rfc822;netdev@vger.kernel.org>); Thu, 31 Mar 2016 19:29:56 -0400
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45])
	by mailout.nyi.internal (Postfix) with ESMTP id F0ACC2194A
	for <netdev@vger.kernel.org>; Thu, 31 Mar 2016 19:29:55 -0400 (EDT)
Received: from frontend2 ([10.202.2.161])
	by compute5.internal (MEProxy); Thu, 31 Mar 2016 19:29:55 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
	stressinduktion.org; h=cc:date:from:in-reply-to:message-id
	:references:subject:to:x-sasl-enc:x-sasl-enc; s=mesmtp; bh=iZwn6
	UdjcNKJMbrwiUYm3Y4HWnI=; b=NNyIv78Yu6Eb+pNfHVKQUeJKuL1jJXYtGoGrj
	9VPWajqjS+y7twoM5oWfMKNkYBNbUN55HdGA9V5ZoJ9Vc1iKgY7h7v16NsxM/1mf
	X9HdWL/24A1iS/OSD8E6fEbxiYOgYsHm7v7JZrutYQ2fZh5eTYMhd2OtvlzAFAWq
	GDXEvg=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=
	messagingengine.com; h=cc:date:from:in-reply-to:message-id
	:references:subject:to:x-sasl-enc:x-sasl-enc; s=smtpout; bh=iZwn
	6UdjcNKJMbrwiUYm3Y4HWnI=; b=Jvo9ugtfFmRxdwV62WWbyaMjAC2nQiYmcZan
	2oGPT5l++fv3DW/T03aIfBfjkXQjS/xY6EATS6x/nfB8UMlJEZQ8/VQCBeS0MCsq
	zT1kQjDFl8iAZ0/lkA0xP7MLf55mBC/cXebBDKp8aGXRz64pV4M94tss+gtmtVpQ
	DPcMCeY=
X-Sasl-enc: txFBrVuhRE64pU7rM+Q6605cMyh4Y8BeFs91I3l8W3xH 1459466995
Received: from z.localhost.localdomain (unknown [213.55.184.142])
	by mail.messagingengine.com (Postfix) with ESMTPA id 42466680120;
	Thu, 31 Mar 2016 19:29:54 -0400 (EDT)
From: Hannes Frederic Sowa <hannes@stressinduktion.org>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, sasha.levin@oracle.com,
	daniel@iogearbox.net, alexei.starovoitov@gmail.com, mkubecek@suse.cz
Subject: [PATCH net 2/4] net: proper check if we hold the socket lock during
	dereference
Date: Fri,  1 Apr 2016 01:29:40 +0200
Message-Id: <1459466982-20432-3-git-send-email-hannes@stressinduktion.org>
X-Mailer: git-send-email 2.5.5
In-Reply-To: <1459466982-20432-1-git-send-email-hannes@stressinduktion.org>
References: <1459466982-20432-1-git-send-email-hannes@stressinduktion.org>
Sender: netdev-owner@vger.kernel.org
Precedence: bulk
List-ID: <netdev.vger.kernel.org>
X-Mailing-List: netdev@vger.kernel.org

lockdep_sock_is_held makes sure that we currently own the
lock. sock_owned_by_user simply checks if a user holds the socket. This
could lead to non deterministic lock checks.

Reported-by: Sasha Levin <sasha.levin@oracle.com>
Cc: Daniel Borkmann <daniel@iogearbox.net>
Cc: Alexei Starovoitov <alexei.starovoitov@gmail.com>
Cc: Michal Kubecek <mkubecek@suse.cz>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
---
 include/net/sock.h | 5 +++++
 net/core/filter.c  | 6 +++---
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/include/net/sock.h b/include/net/sock.h
index 255d3e03727b73..30f9b5ad0a82ef 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -1382,6 +1382,11 @@ static inline void unlock_sock_fast(struct sock *sk, bool slow)
 		spin_unlock_bh(&sk->sk_lock.slock);
 }
 
+static bool lockdep_sock_is_held(struct sock *sk)
+{
+	return lockdep_is_held(&sk->sk_lock) ||
+	       lockdep_is_held(&sk->sk_lock.slock);
+}
 
 struct sock *sk_alloc(struct net *net, int family, gfp_t priority,
 		      struct proto *prot, int kern);
diff --git a/net/core/filter.c b/net/core/filter.c
index 4b81b71171b4ce..e8486ba601eae7 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -1166,7 +1166,7 @@ static int __sk_attach_prog(struct bpf_prog *prog, struct sock *sk)
 	}
 
 	old_fp = rcu_dereference_protected(sk->sk_filter,
-					   sock_owned_by_user(sk));
+					   lockdep_sock_is_held(sk));
 	rcu_assign_pointer(sk->sk_filter, fp);
 
 	if (old_fp)
@@ -2259,7 +2259,7 @@ int sk_detach_filter(struct sock *sk)
 		return -EPERM;
 
 	filter = rcu_dereference_protected(sk->sk_filter,
-					   sock_owned_by_user(sk));
+					   lockdep_sock_is_held(sk));
 	if (filter) {
 		RCU_INIT_POINTER(sk->sk_filter, NULL);
 		sk_filter_uncharge(sk, filter);
@@ -2279,7 +2279,7 @@ int sk_get_filter(struct sock *sk, struct sock_filter __user *ubuf,
 
 	lock_sock(sk);
 	filter = rcu_dereference_protected(sk->sk_filter,
-					   sock_owned_by_user(sk));
+					   lockdep_sock_is_held(sk));
 	if (!filter)
 		goto out;