Merge branch ' bpf fix for unconnect af_unix socket'

John Fastabend says: ==================== Eric reported a syzbot splat from a null ptr deref from recent fix to resolve a use-after-free with af-unix stream sockets and BPF sockmap usage. The issue is I missed is we allow unconnected af_unix STREAM sockets to be added to the sockmap. Fix this by blocking unconnected sockets. v2: change sk_is_unix to sk_is_stream_unix (Eric) and remove duplicate ASSERTS in selftests the xsocket helper already marks FAIL (Jakub) ==================== Signed-off-by: Martin KaFai Lau <martin.lau@kernel.org>
author: Martin KaFai Lau <martin.lau@kernel.org> 2023-12-13 16:21:53 -0800
committer: Martin KaFai Lau <martin.lau@kernel.org> 2023-12-13 16:33:17 -0800
commit: 2f2fee2bf74a7e31d06fc6cb7ba2bd4dd7753c99 (patch)
tree: fa6dcb7f84468e7631a8be8d1f4eb3b318d9d66f /include/net/sock.h
parent: e307b5a845c5951dabafc48d00b6424ee64716c4 (diff)
parent: 50d96f05af6787a34b4eca2ee3fc1993289c4c24 (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/include/net/sock.h b/include/net/sock.h
index 1d6931caf0c3..0201136b0b9c 100644
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -2799,6 +2799,11 @@ static inline bool sk_is_tcp(const struct sock *sk)
 	return sk->sk_type == SOCK_STREAM && sk->sk_protocol == IPPROTO_TCP;
 }
 
+static inline bool sk_is_stream_unix(const struct sock *sk)
+{
+	return sk->sk_family == AF_UNIX && sk->sk_type == SOCK_STREAM;
+}
+
 /**
  * sk_eat_skb - Release a skb if it is no longer needed
  * @sk: socket to eat this skb from
author	Martin KaFai Lau <martin.lau@kernel.org>	2023-12-13 16:21:53 -0800
committer	Martin KaFai Lau <martin.lau@kernel.org>	2023-12-13 16:33:17 -0800
commit	2f2fee2bf74a7e31d06fc6cb7ba2bd4dd7753c99 (patch)
tree	fa6dcb7f84468e7631a8be8d1f4eb3b318d9d66f /include/net/sock.h
parent	e307b5a845c5951dabafc48d00b6424ee64716c4 (diff)
parent	50d96f05af6787a34b4eca2ee3fc1993289c4c24 (diff)