Commit 4e583b89 authored by Oliver Hartkopp's avatar Oliver Hartkopp Committed by Greg Kroah-Hartman

can: bcm: fix warning in bcm_connect/proc_register

commit deb507f9 upstream.

Andrey Konovalov reported an issue with proc_register in bcm.c.
As suggested by Cong Wang this patch adds a lock_sock() protection and
a check for unsuccessful proc_create_data() in bcm_connect().

Reference: http://marc.info/?l=linux-netdev&m=147732648731237Reported-by: default avatarAndrey Konovalov <andreyknvl@google.com>
Suggested-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: default avatarOliver Hartkopp <socketcan@hartkopp.net>
Acked-by: default avatarCong Wang <xiyou.wangcong@gmail.com>
Tested-by: default avatarAndrey Konovalov <andreyknvl@google.com>
Signed-off-by: default avatarMarc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 0c6e0db9
...@@ -1500,24 +1500,31 @@ static int bcm_connect(struct socket *sock, struct sockaddr *uaddr, int len, ...@@ -1500,24 +1500,31 @@ static int bcm_connect(struct socket *sock, struct sockaddr *uaddr, int len,
struct sockaddr_can *addr = (struct sockaddr_can *)uaddr; struct sockaddr_can *addr = (struct sockaddr_can *)uaddr;
struct sock *sk = sock->sk; struct sock *sk = sock->sk;
struct bcm_sock *bo = bcm_sk(sk); struct bcm_sock *bo = bcm_sk(sk);
int ret = 0;
if (len < sizeof(*addr)) if (len < sizeof(*addr))
return -EINVAL; return -EINVAL;
if (bo->bound) lock_sock(sk);
return -EISCONN;
if (bo->bound) {
ret = -EISCONN;
goto fail;
}
/* bind a device to this socket */ /* bind a device to this socket */
if (addr->can_ifindex) { if (addr->can_ifindex) {
struct net_device *dev; struct net_device *dev;
dev = dev_get_by_index(&init_net, addr->can_ifindex); dev = dev_get_by_index(&init_net, addr->can_ifindex);
if (!dev) if (!dev) {
return -ENODEV; ret = -ENODEV;
goto fail;
}
if (dev->type != ARPHRD_CAN) { if (dev->type != ARPHRD_CAN) {
dev_put(dev); dev_put(dev);
return -ENODEV; ret = -ENODEV;
goto fail;
} }
bo->ifindex = dev->ifindex; bo->ifindex = dev->ifindex;
...@@ -1528,17 +1535,24 @@ static int bcm_connect(struct socket *sock, struct sockaddr *uaddr, int len, ...@@ -1528,17 +1535,24 @@ static int bcm_connect(struct socket *sock, struct sockaddr *uaddr, int len,
bo->ifindex = 0; bo->ifindex = 0;
} }
bo->bound = 1;
if (proc_dir) { if (proc_dir) {
/* unique socket address as filename */ /* unique socket address as filename */
sprintf(bo->procname, "%lu", sock_i_ino(sk)); sprintf(bo->procname, "%lu", sock_i_ino(sk));
bo->bcm_proc_read = proc_create_data(bo->procname, 0644, bo->bcm_proc_read = proc_create_data(bo->procname, 0644,
proc_dir, proc_dir,
&bcm_proc_fops, sk); &bcm_proc_fops, sk);
if (!bo->bcm_proc_read) {
ret = -ENOMEM;
goto fail;
}
} }
return 0; bo->bound = 1;
fail:
release_sock(sk);
return ret;
} }
static int bcm_recvmsg(struct socket *sock, struct msghdr *msg, size_t size, static int bcm_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment