Re: CVE request: kernel: AF_UNIX: Fix deadlock on connecting to shutdown socket

[Josh Bressers <bressers () redhat com>]

Please use CVE-2009-3621.

Thanks.

-- 
    JB


----- "Eugene Teo" <eugeneteo () kernel sg> wrote:

> Quoting from the patch submitted:
> "...a deadlock bug in UNIX domain socket, which makes able to DoS
> attack against the local machine by non-root users.
>
> ...
> Why this happens:
>   Error checks between unix_socket_connect() and unix_wait_for_peer()
> are
>   inconsistent. The former calls the latter to wait until the backlog
> is
>   processed. Despite the latter returns without doing anything when
> the
>   socket is shutdown, the former doesn't check the shutdown state and
>   just retries calling the latter forever."
>
> How to reproduce:
>   1. Make a listening AF_UNIX/SOCK_STREAM socket with an abstruct
>      namespace(*), and shutdown(2) it.
>   2. Repeat connect(2)ing to the listening socket from the other
> sockets
>      until the connection backlog is full-filled.
>   3. connect(2) takes the CPU forever. If every core is taken, the
>      system hangs.
>
> Reproducer:
> http://patchwork.kernel.org/patch/54678/
>
> You will need to add in the missing header files:
> #include <string.h>
> #include <stdio.h>
> #include <sys/un.h>
> #include <sys/types.h>
> #include <sys/socket.h>
>
> Reference:
> https://bugzilla.redhat.com/show_bug.cgi?id=529626
>
> Thanks, Eugene