diff options
| author | Michael S. Tsirkin <mst@redhat.com> | 2024-04-22 10:03:13 -0400 |
|---|---|---|
| committer | Michael S. Tsirkin <mst@redhat.com> | 2024-07-04 11:00:31 -0400 |
| commit | 1e1fdcbdde3b7663e5d8faeb2245b9b151417d22 (patch) | |
| tree | ff5978dcad04128bd2032f45d10ae421ae7cf737 /include/linux/virtio_net.h | |
| parent | e9d22f7a6655941fc8b2b942ed354ec780936b3e (diff) | |
vhost/vsock: always initialize seqpacket_allow
There are two issues around seqpacket_allow:
1. seqpacket_allow is not initialized when socket is
created. Thus if features are never set, it will be
read uninitialized.
2. if VIRTIO_VSOCK_F_SEQPACKET is set and then cleared,
then seqpacket_allow will not be cleared appropriately
(existing apps I know about don't usually do this but
it's legal and there's no way to be sure no one relies
on this).
To fix:
- initialize seqpacket_allow after allocation
- set it unconditionally in set_features
Reported-by: syzbot+6c21aeb59d0e82eb2782@syzkaller.appspotmail.com
Reported-by: Jeongjun Park <aha310510@gmail.com>
Fixes: ced7b713711f ("vhost/vsock: support SEQPACKET for transport").
Tested-by: Arseny Krasnov <arseny.krasnov@kaspersky.com>
Cc: David S. Miller <davem@davemloft.net>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20240422100010-mutt-send-email-mst@kernel.org>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Eugenio PĂ©rez <eperezma@redhat.com>
Acked-by: Jakub Kicinski <kuba@kernel.org>
Diffstat (limited to 'include/linux/virtio_net.h')
0 files changed, 0 insertions, 0 deletions