From patchwork Wed Apr 10 14:57:10 2024
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Bethany Jamison <bethany.jamison@canonical.com>
X-Patchwork-Id: 1922078
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@legolas.ozlabs.org
Authentication-Results: legolas.ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com
 (client-ip=185.125.189.65; helo=lists.ubuntu.com;
 envelope-from=kernel-team-bounces@lists.ubuntu.com;
 receiver=patchwork.ozlabs.org)
Received: from lists.ubuntu.com (lists.ubuntu.com [185.125.189.65])
	(using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by legolas.ozlabs.org (Postfix) with ESMTPS id 4VF5XS4Ycvz1yYB
	for <incoming@patchwork.ozlabs.org>; Thu, 11 Apr 2024 00:57:28 +1000 (AEST)
Received: from localhost ([127.0.0.1] helo=lists.ubuntu.com)
	by lists.ubuntu.com with esmtp (Exim 4.86_2)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1ruZO7-0000xh-1S; Wed, 10 Apr 2024 14:57:23 +0000
Received: from smtp-relay-internal-0.internal ([10.131.114.225]
 helo=smtp-relay-internal-0.canonical.com)
 by lists.ubuntu.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128)
 (Exim 4.86_2) (envelope-from <bethany.jamison@canonical.com>)
 id 1ruZO1-0000uV-D6
 for kernel-team@lists.ubuntu.com; Wed, 10 Apr 2024 14:57:17 +0000
Received: from mail-il1-f198.google.com (mail-il1-f198.google.com
 [209.85.166.198])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
 (No client certificate requested)
 by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id C66C03F19A
 for <kernel-team@lists.ubuntu.com>; Wed, 10 Apr 2024 14:57:16 +0000 (UTC)
Received: by mail-il1-f198.google.com with SMTP id
 e9e14a558f8ab-36a0d9d820cso53505875ab.0
 for <kernel-team@lists.ubuntu.com>; Wed, 10 Apr 2024 07:57:16 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20230601; t=1712761033; x=1713365833;
 h=content-transfer-encoding:mime-version:references:in-reply-to
 :message-id:date:subject:to:from:x-gm-message-state:from:to:cc
 :subject:date:message-id:reply-to;
 bh=aGgwj6nM8INH14HmxniCBh14/aB7gTfelci0lbNcTwQ=;
 b=VWnecC0aGtgBiSFFCb8NaokM1UmtWUR6T5CFkRztG5Qx1mRTqU9DjIi6+0IJrQDkTo
 /t9WeBNYR1kcsw8lbjYg92Q1xUCCcR3LjvGaM21GexGoT/Ah1qJKgyr8rNzBNLJjwqkE
 m/Vz/ql0gjSdtghE6HP5LtuAG1ETc0CdTtdET5QwWXJEHSw7MK9MK7RrpzoKuZ/ewryO
 IB1J5GQ/u7U781PNxrXwNsW8uSqNlylOfmgh2dXtUit+87H38SBdHzRapufQhUDIVY3E
 8Bx729AFNsRSZWknLZqhGpBSNWwiOFJwsYBjsF9/j6/APkijoOijinHNNF3zo6aMBO6V
 VsUw==
X-Gm-Message-State: AOJu0YxLeshVgbwamnmmtlpqUEPVXE9G252PX98qb+6FccEsqI8B6xU5
 Q2sFgUUwc8Xsi+zIG9skLc9bC7hk0N+IvkYxu3WD7wgQc6CIHkwqHYYjl1r1BA2U0/2JIPybsXr
 uEmJ1IAzQVxwM4TcQTXOevcu/2VB3R7PgQCN1v3nU39H1W3cjdchTU6JpmXs0+/Gqbx6BGCl8Hb
 53M9lmwnOQzQ==
X-Received: by 2002:a05:6e02:216e:b0:36a:2ec0:9f74 with SMTP id
 s14-20020a056e02216e00b0036a2ec09f74mr4036946ilv.15.1712761033249;
 Wed, 10 Apr 2024 07:57:13 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IELYlQvnbCP6VXl5c8vAaB45mMgzF6O/MaC+a0m2l2mvcsJlyJgWXr8L/t1804swcM7bcWtNQ==
X-Received: by 2002:a05:6e02:216e:b0:36a:2ec0:9f74 with SMTP id
 s14-20020a056e02216e00b0036a2ec09f74mr4036930ilv.15.1712761032889;
 Wed, 10 Apr 2024 07:57:12 -0700 (PDT)
Received: from smtp.gmail.com (104-218-69-129.dynamic.lnk.ne.allofiber.net.
 [104.218.69.129]) by smtp.gmail.com with ESMTPSA id
 p18-20020a92c112000000b0036a38481ec1sm631576ile.72.2024.04.10.07.57.12
 for <kernel-team@lists.ubuntu.com>
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 10 Apr 2024 07:57:12 -0700 (PDT)
From: Bethany Jamison <bethany.jamison@canonical.com>
To: kernel-team@lists.ubuntu.com
Subject: [SRU][F][PATCH v2 2/2] ipv6: init the accept_queue's spinlocks in
 inet6_create
Date: Wed, 10 Apr 2024 09:57:10 -0500
Message-Id: <20240410145710.11317-3-bethany.jamison@canonical.com>
X-Mailer: git-send-email 2.34.1
In-Reply-To: <20240410145710.11317-1-bethany.jamison@canonical.com>
References: <20240410145710.11317-1-bethany.jamison@canonical.com>
MIME-Version: 1.0
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
 <mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
Errors-To: kernel-team-bounces@lists.ubuntu.com
Sender: "kernel-team" <kernel-team-bounces@lists.ubuntu.com>

From: Zhengchao Shao <shaozhengchao@huawei.com>

In commit 198bc90e0e73("tcp: make sure init the accept_queue's spinlocks
once"), the spinlocks of accept_queue are initialized only when socket is
created in the inet4 scenario. The locks are not initialized when socket
is created in the inet6 scenario. The kernel reports the following error:
INFO: trying to register non-static key.
The code is fine but needs lockdep annotation, or maybe
you didn't initialize this object before use?
turning off the locking correctness validator.
Hardware name: Red Hat KVM, BIOS 0.5.1 01/01/2011
Call Trace:
<TASK>
	dump_stack_lvl (lib/dump_stack.c:107)
	register_lock_class (kernel/locking/lockdep.c:1289)
	__lock_acquire (kernel/locking/lockdep.c:5015)
	lock_acquire.part.0 (kernel/locking/lockdep.c:5756)
	_raw_spin_lock_bh (kernel/locking/spinlock.c:178)
	inet_csk_listen_stop (net/ipv4/inet_connection_sock.c:1386)
	tcp_disconnect (net/ipv4/tcp.c:2981)
	inet_shutdown (net/ipv4/af_inet.c:935)
	__sys_shutdown (./include/linux/file.h:32 net/socket.c:2438)
	__x64_sys_shutdown (net/socket.c:2445)
	do_syscall_64 (arch/x86/entry/common.c:52)
	entry_SYSCALL_64_after_hwframe (arch/x86/entry/entry_64.S:129)
RIP: 0033:0x7f52ecd05a3d
Code: 5b 41 5c c3 66 0f 1f 84 00 00 00 00 00 f3 0f 1e fa 48 89 f8 48 89 f7
48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff
ff 73 01 c3 48 8b 0d ab a3 0e 00 f7 d8 64 89 01 48
RSP: 002b:00007f52ecf5dde8 EFLAGS: 00000293 ORIG_RAX: 0000000000000030
RAX: ffffffffffffffda RBX: 00007f52ecf5e640 RCX: 00007f52ecd05a3d
RDX: 00007f52ecc8b188 RSI: 0000000000000000 RDI: 0000000000000004
RBP: 00007f52ecf5de20 R08: 00007ffdae45c69f R09: 0000000000000000
R10: 0000000000000000 R11: 0000000000000293 R12: 00007f52ecf5e640
R13: 0000000000000000 R14: 00007f52ecc8b060 R15: 00007ffdae45c6e0

Fixes: 198bc90e0e73 ("tcp: make sure init the accept_queue's spinlocks once")
Signed-off-by: Zhengchao Shao <shaozhengchao@huawei.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Link: https://lore.kernel.org/r/20240122102001.2851701-1-shaozhengchao@huawei.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
(cherry picked from commit 435e202d645c197dcfd39d7372eb2a56529b6640)
CVE-2024-26614
Signed-off-by: Bethany Jamison <bethany.jamison@canonical.com>
---
 net/ipv6/af_inet6.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index 7ee0bfea9de1d..49c39f03feee7 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -194,6 +194,9 @@ static int inet6_create(struct net *net, struct socket *sock, int protocol,
 	if (INET_PROTOSW_REUSE & answer_flags)
 		sk->sk_reuse = SK_CAN_REUSE;
 
+	if (INET_PROTOSW_ICSK & answer_flags)
+		inet_init_csk_locks(sk);
+
 	inet = inet_sk(sk);
 	inet->is_icsk = (INET_PROTOSW_ICSK & answer_flags) != 0;