July 2024 - Kernel - mailweb.openeuler.org

[PATCH openEuler-1.0-LTS] sctp: fix kernel-infoleak for SCTP sockets
by Liu Jian 22 Jul '24

22 Jul '24

From: Eric Dumazet <edumazet(a)google.com> stable inclusion from stable-v4.19.235 commit 2d8fa3fdf4542a2174a72d92018f488d65d848c5 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IADGSH CVE: CVE-2022-48855 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id… --------------------------- [ Upstream commit 633593a808980f82d251d0ca89730d8bb8b0220c ] syzbot reported a kernel infoleak [1] of 4 bytes. After analysis, it turned out r->idiag_expires is not initialized if inet_sctp_diag_fill() calls inet_diag_msg_common_fill() Make sure to clear idiag_timer/idiag_retrans/idiag_expires and let inet_diag_msg_sctpasoc_fill() fill them again if needed. [1] BUG: KMSAN: kernel-infoleak in instrument_copy_to_user include/linux/instrumented.h:121 [inline] BUG: KMSAN: kernel-infoleak in copyout lib/iov_iter.c:154 [inline] BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668 instrument_copy_to_user include/linux/instrumented.h:121 [inline] copyout lib/iov_iter.c:154 [inline] _copy_to_iter+0x6ef/0x25a0 lib/iov_iter.c:668 copy_to_iter include/linux/uio.h:162 [inline] simple_copy_to_iter+0xf3/0x140 net/core/datagram.c:519 __skb_datagram_iter+0x2d5/0x11b0 net/core/datagram.c:425 skb_copy_datagram_iter+0xdc/0x270 net/core/datagram.c:533 skb_copy_datagram_msg include/linux/skbuff.h:3696 [inline] netlink_recvmsg+0x669/0x1c80 net/netlink/af_netlink.c:1977 sock_recvmsg_nosec net/socket.c:948 [inline] sock_recvmsg net/socket.c:966 [inline] __sys_recvfrom+0x795/0xa10 net/socket.c:2097 __do_sys_recvfrom net/socket.c:2115 [inline] __se_sys_recvfrom net/socket.c:2111 [inline] __x64_sys_recvfrom+0x19d/0x210 net/socket.c:2111 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Uninit was created at: slab_post_alloc_hook mm/slab.h:737 [inline] slab_alloc_node mm/slub.c:3247 [inline] __kmalloc_node_track_caller+0xe0c/0x1510 mm/slub.c:4975 kmalloc_reserve net/core/skbuff.c:354 [inline] __alloc_skb+0x545/0xf90 net/core/skbuff.c:426 alloc_skb include/linux/skbuff.h:1158 [inline] netlink_dump+0x3e5/0x16c0 net/netlink/af_netlink.c:2248 __netlink_dump_start+0xcf8/0xe90 net/netlink/af_netlink.c:2373 netlink_dump_start include/linux/netlink.h:254 [inline] inet_diag_handler_cmd+0x2e7/0x400 net/ipv4/inet_diag.c:1341 sock_diag_rcv_msg+0x24a/0x620 netlink_rcv_skb+0x40c/0x7e0 net/netlink/af_netlink.c:2494 sock_diag_rcv+0x63/0x80 net/core/sock_diag.c:277 netlink_unicast_kernel net/netlink/af_netlink.c:1317 [inline] netlink_unicast+0x1093/0x1360 net/netlink/af_netlink.c:1343 netlink_sendmsg+0x14d9/0x1720 net/netlink/af_netlink.c:1919 sock_sendmsg_nosec net/socket.c:705 [inline] sock_sendmsg net/socket.c:725 [inline] sock_write_iter+0x594/0x690 net/socket.c:1061 do_iter_readv_writev+0xa7f/0xc70 do_iter_write+0x52c/0x1500 fs/read_write.c:851 vfs_writev fs/read_write.c:924 [inline] do_writev+0x645/0xe00 fs/read_write.c:967 __do_sys_writev fs/read_write.c:1040 [inline] __se_sys_writev fs/read_write.c:1037 [inline] __x64_sys_writev+0xe5/0x120 fs/read_write.c:1037 do_syscall_x64 arch/x86/entry/common.c:51 [inline] do_syscall_64+0x54/0xd0 arch/x86/entry/common.c:82 entry_SYSCALL_64_after_hwframe+0x44/0xae Bytes 68-71 of 2508 are uninitialized Memory access of size 2508 starts at ffff888114f9b000 Data copied to user address 00007f7fe09ff2e0 CPU: 1 PID: 3478 Comm: syz-executor306 Not tainted 5.17.0-rc4-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Fixes: 8f840e47f190 ("sctp: add the sctp_diag.c file") Signed-off-by: Eric Dumazet <edumazet(a)google.com> Reported-by: syzbot <syzkaller(a)googlegroups.com> Cc: Vlad Yasevich <vyasevich(a)gmail.com> Cc: Neil Horman <nhorman(a)tuxdriver.com> Cc: Marcelo Ricardo Leitner <marcelo.leitner(a)gmail.com> Reviewed-by: Xin Long <lucien.xin(a)gmail.com> Link: https://lore.kernel.org/r/20220310001145.297371-1-eric.dumazet@gmail.com Signed-off-by: Jakub Kicinski <kuba(a)kernel.org> Signed-off-by: Sasha Levin <sashal(a)kernel.org> Signed-off-by: Liu Jian <liujian56(a)huawei.com> --- net/sctp/diag.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/net/sctp/diag.c b/net/sctp/diag.c index 0a9db0a7f423..5f10984bf0f5 100644 --- a/net/sctp/diag.c +++ b/net/sctp/diag.c @@ -76,10 +76,6 @@ static void inet_diag_msg_sctpasoc_fill(struct inet_diag_msg *r, r->idiag_timer = SCTP_EVENT_TIMEOUT_T3_RTX; r->idiag_retrans = asoc->rtx_data_chunks; r->idiag_expires = jiffies_to_msecs(t3_rtx->expires - jiffies); - } else { - r->idiag_timer = 0; - r->idiag_retrans = 0; - r->idiag_expires = 0; } } @@ -159,13 +155,14 @@ static int inet_sctp_diag_fill(struct sock *sk, struct sctp_association *asoc, r = nlmsg_data(nlh); BUG_ON(!sk_fullsock(sk)); + r->idiag_timer = 0; + r->idiag_retrans = 0; + r->idiag_expires = 0; if (asoc) { inet_diag_msg_sctpasoc_fill(r, sk, asoc); } else { inet_diag_msg_common_fill(r, sk); r->idiag_state = sk->sk_state; - r->idiag_timer = 0; - r->idiag_retrans = 0; } if (inet_diag_msg_attrs_fill(sk, skb, r, ext, user_ns, net_admin)) -- 2.34.1

2 1

[PATCH OLK-6.6] mm: filemap: optimize semantic when thp_exec_enabled is set to 3
by Nanyong Sun 22 Jul '24

22 Jul '24

hulk inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/IAEOV4 CVE: NA -------------------------------- When thp_exec_enabled is set to 3, try PMD mapping THP first, if failed, then try mTHP like cont-64K on ARM64. The previous implementaion use hugepage_madvise() in try_enable_file_exec_thp and it will always set vm_flags |= VM_HUGEPAGE so we lost this semantic. Replace it as thp_vma_allowable_order(,,,PMD_ORDER) to implement the right semantic. And now the khugepaged_enter_vma() step in hugepage_madvise() is missing, this is OK because the process is already entered in khugepaged after this commit 613bec092fe7 ("mm: mmap: register suitable readonly file vmas for khugepaged") Signed-off-by: Nanyong Sun <sunnanyong(a)huawei.com> --- mm/filemap.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/mm/filemap.c b/mm/filemap.c index d3c813429bf2..4dd8fe6ffa05 100644 --- a/mm/filemap.c +++ b/mm/filemap.c @@ -3159,8 +3159,12 @@ static inline void try_enable_file_exec_thp(struct vm_area_struct *vma, if (file->f_op->get_unmapped_area != thp_get_unmapped_area) return; - if (file_exec_thp_enabled()) - hugepage_madvise(vma, vm_flags, MADV_HUGEPAGE); + if (!file_exec_thp_enabled()) + return; + + if (thp_vma_allowable_order(vma, *vm_flags, TVA_ENFORCE_SYSFS, + PMD_ORDER)) + *vm_flags |= VM_HUGEPAGE; } static inline bool file_exec_can_enable_mthp(struct address_space *mapping, -- 2.25.1

2 1

[PATCH openEuler-1.0-LTS] fbdev: savage: Handle err return when savagefb_check_var failed
by heyujie 22 Jul '24

22 Jul '24

From: Cai Xinchen <caixinchen1(a)huawei.com> mainline inclusion from mainline-v6.10-rc1 commit 6ad959b6703e2c4c5d7af03b4cfd5ff608036339 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAB0KC CVE: CVE-2024-39475 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- The commit 04e5eac8f3ab("fbdev: savage: Error out if pixclock equals zero") checks the value of pixclock to avoid divide-by-zero error. However the function savagefb_probe doesn't handle the error return of savagefb_check_var. When pixclock is 0, it will cause divide-by-zero error. Fixes: 04e5eac8f3ab ("fbdev: savage: Error out if pixclock equals zero") Signed-off-by: Cai Xinchen <caixinchen1(a)huawei.com> Cc: stable(a)vger.kernel.org Signed-off-by: Helge Deller <deller(a)gmx.de> Signed-off-by: He Yujie <coka.heyujie(a)huawei.com> --- drivers/video/fbdev/savage/savagefb_driver.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/drivers/video/fbdev/savage/savagefb_driver.c b/drivers/video/fbdev/savage/savagefb_driver.c index d9eafdb89cea..68e15420d26b 100644 --- a/drivers/video/fbdev/savage/savagefb_driver.c +++ b/drivers/video/fbdev/savage/savagefb_driver.c @@ -2271,7 +2271,10 @@ static int savagefb_probe(struct pci_dev *dev, const struct pci_device_id *id) if (info->var.xres_virtual > 0x1000) info->var.xres_virtual = 0x1000; #endif - savagefb_check_var(&info->var, info); + err = savagefb_check_var(&info->var, info); + if (err) + goto failed; + savagefb_set_fix(info); /* -- 2.34.1

2 1

[PATCH OLK-6.6] ssb: Fix potential NULL pointer dereference in ssb_device_uevent()
by Yu Liao 22 Jul '24

22 Jul '24

From: Rand Deeb <rand.sec96(a)gmail.com> mainline inclusion from mainline-v6.10-rc1 commit 789c17185fb0f39560496c2beab9b57ce1d0cbe7 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAD028 CVE: CVE-2024-40982 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- The ssb_device_uevent() function first attempts to convert the 'dev' pointer to 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before performing the NULL check, potentially leading to a NULL pointer dereference if 'dev' is NULL. To fix this issue, move the NULL check before dereferencing the 'dev' pointer, ensuring that the pointer is valid before attempting to use it. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Rand Deeb <rand.sec96(a)gmail.com> Signed-off-by: Kalle Valo <kvalo(a)kernel.org> Link: https://msgid.link/20240306123028.164155-1-rand.sec96@gmail.com --- drivers/ssb/main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/ssb/main.c b/drivers/ssb/main.c index ab080cf26c9f..0c736d51566d 100644 --- a/drivers/ssb/main.c +++ b/drivers/ssb/main.c @@ -341,11 +341,13 @@ static int ssb_bus_match(struct device *dev, struct device_driver *drv) static int ssb_device_uevent(const struct device *dev, struct kobj_uevent_env *env) { - const struct ssb_device *ssb_dev = dev_to_ssb_dev(dev); + const struct ssb_device *ssb_dev; if (!dev) return -ENODEV; + ssb_dev = dev_to_ssb_dev(dev); + return add_uevent_var(env, "MODALIAS=ssb:v%04Xid%04Xrev%02X", ssb_dev->id.vendor, ssb_dev->id.coreid, -- 2.33.0

2 1

[PATCH openEuler-22.03-LTS-SP1] ssb: Fix potential NULL pointer dereference in ssb_device_uevent()
by Yu Liao 22 Jul '24

22 Jul '24

mainline inclusion from mainline-v6.10-rc1 commit 789c17185fb0f39560496c2beab9b57ce1d0cbe7 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAD028 CVE: CVE-2024-40982 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- The ssb_device_uevent() function first attempts to convert the 'dev' pointer to 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before performing the NULL check, potentially leading to a NULL pointer dereference if 'dev' is NULL. To fix this issue, move the NULL check before dereferencing the 'dev' pointer, ensuring that the pointer is valid before attempting to use it. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Rand Deeb <rand.sec96(a)gmail.com> Signed-off-by: Kalle Valo <kvalo(a)kernel.org> Link: https://msgid.link/20240306123028.164155-1-rand.sec96@gmail.com Signed-off-by: Yu Liao <liaoyu15(a)huawei.com> --- drivers/ssb/main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/ssb/main.c b/drivers/ssb/main.c index 0a26984acb2c..1b4ce17998c0 100644 --- a/drivers/ssb/main.c +++ b/drivers/ssb/main.c @@ -340,11 +340,13 @@ static int ssb_bus_match(struct device *dev, struct device_driver *drv) static int ssb_device_uevent(struct device *dev, struct kobj_uevent_env *env) { - struct ssb_device *ssb_dev = dev_to_ssb_dev(dev); + struct ssb_device *ssb_dev; if (!dev) return -ENODEV; + ssb_dev = dev_to_ssb_dev(dev); + return add_uevent_var(env, "MODALIAS=ssb:v%04Xid%04Xrev%02X", ssb_dev->id.vendor, ssb_dev->id.coreid, -- 2.33.0

2 1

[PATCH OLK-5.10] ssb: Fix potential NULL pointer dereference in ssb_device_uevent()
by Yu Liao 22 Jul '24

22 Jul '24

mainline inclusion from mainline-v6.10-rc1 commit 789c17185fb0f39560496c2beab9b57ce1d0cbe7 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IAD028 CVE: CVE-2024-40982 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… -------------------------------- The ssb_device_uevent() function first attempts to convert the 'dev' pointer to 'struct ssb_device *'. However, it mistakenly dereferences 'dev' before performing the NULL check, potentially leading to a NULL pointer dereference if 'dev' is NULL. To fix this issue, move the NULL check before dereferencing the 'dev' pointer, ensuring that the pointer is valid before attempting to use it. Found by Linux Verification Center (linuxtesting.org) with SVACE. Signed-off-by: Rand Deeb <rand.sec96(a)gmail.com> Signed-off-by: Kalle Valo <kvalo(a)kernel.org> Link: https://msgid.link/20240306123028.164155-1-rand.sec96@gmail.com Signed-off-by: Yu Liao <liaoyu15(a)huawei.com> --- drivers/ssb/main.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/drivers/ssb/main.c b/drivers/ssb/main.c index 0a26984acb2c..1b4ce17998c0 100644 --- a/drivers/ssb/main.c +++ b/drivers/ssb/main.c @@ -340,11 +340,13 @@ static int ssb_bus_match(struct device *dev, struct device_driver *drv) static int ssb_device_uevent(struct device *dev, struct kobj_uevent_env *env) { - struct ssb_device *ssb_dev = dev_to_ssb_dev(dev); + struct ssb_device *ssb_dev; if (!dev) return -ENODEV; + ssb_dev = dev_to_ssb_dev(dev); + return add_uevent_var(env, "MODALIAS=ssb:v%04Xid%04Xrev%02X", ssb_dev->id.vendor, ssb_dev->id.coreid, -- 2.33.0

2 1

[PATCH OLK-5.10] Bluetooth: hci_core: Fix leaking sent_cmd skb
by Liu Jian 22 Jul '24

22 Jul '24

From: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> mainline inclusion from mainline-v5.17-rc7 commit dd3b1dc3dd050f1f47cd13e300732852414270f8 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IADGRH CVE: CVE-2022-48844 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… --------------------------- sent_cmd memory is not freed before freeing hci_dev causing it to leak it contents. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Signed-off-by: Marcel Holtmann <marcel(a)holtmann.org> Conflicts: net/bluetooth/hci_core.c [Only backport e04480920d1ee. Did not backport 58ce6d5b271ab, e61fbee7be4b.] Signed-off-by: Liu Jian <liujian56(a)huawei.com> --- net/bluetooth/hci_core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index b9cf5bc9364c..18aae3d8b59d 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c @@ -3902,6 +3902,7 @@ void hci_cleanup_dev(struct hci_dev *hdev) hci_dev_unlock(hdev); ida_simple_remove(&hci_index_ida, hdev->id); + kfree_skb(hdev->sent_cmd); } /* Suspend HCI device */ -- 2.34.1

2 1

[PATCH openEuler-22.03-LTS-SP1] Bluetooth: hci_core: Fix leaking sent_cmd skb
by Liu Jian 22 Jul '24

22 Jul '24

From: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> mainline inclusion from mainline-v5.17-rc7 commit dd3b1dc3dd050f1f47cd13e300732852414270f8 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IADGRH CVE: CVE-2022-48844 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… --------------------------- sent_cmd memory is not freed before freeing hci_dev causing it to leak it contents. Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz(a)intel.com> Signed-off-by: Marcel Holtmann <marcel(a)holtmann.org> Conflicts: net/bluetooth/hci_core.c [Only backport e04480920d1ee. Did not backport 58ce6d5b271ab, e61fbee7be4b.] Signed-off-by: Liu Jian <liujian56(a)huawei.com> --- net/bluetooth/hci_core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/bluetooth/hci_core.c b/net/bluetooth/hci_core.c index 2227b5abc988..3bcb5c760b26 100644 --- a/net/bluetooth/hci_core.c +++ b/net/bluetooth/hci_core.c @@ -3898,6 +3898,7 @@ void hci_cleanup_dev(struct hci_dev *hdev) hci_dev_unlock(hdev); ida_simple_remove(&hci_index_ida, hdev->id); + kfree_skb(hdev->sent_cmd); } /* Suspend HCI device */ -- 2.34.1

2 1

[PATCH openEuler-22.03-LTS-SP1] SUNRPC: lock against ->sock changing during sysfs read
by Liu Jian 22 Jul '24

22 Jul '24

From: NeilBrown <neilb(a)suse.de> mainline inclusion from mainline-v5.17-rc4 commit b49ea673e119f59c71645e2f65b3ccad857c90ee category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IADG5L CVE: CVE-2022-48816 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… --------------------------- ->sock can be set to NULL asynchronously unless ->recv_mutex is held. So it is important to hold that mutex. Otherwise a sysfs read can trigger an oops. Commit 17f09d3f619a ("SUNRPC: Check if the xprt is connected before handling sysfs reads") appears to attempt to fix this problem, but it only narrows the race window. Fixes: 17f09d3f619a ("SUNRPC: Check if the xprt is connected before handling sysfs reads") Fixes: a8482488a7d6 ("SUNRPC query transport's source port") Signed-off-by: NeilBrown <neilb(a)suse.de> Signed-off-by: Anna Schumaker <Anna.Schumaker(a)Netapp.com> Conflicts: net/sunrpc/sysfs.c [Did not backport e44773daf851d.] Signed-off-by: Liu Jian <liujian56(a)huawei.com> --- net/sunrpc/xprtsock.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c index 0666f981618a..8d9a27b25ca5 100644 --- a/net/sunrpc/xprtsock.c +++ b/net/sunrpc/xprtsock.c @@ -1676,7 +1676,12 @@ static int xs_get_srcport(struct sock_xprt *transport) unsigned short get_srcport(struct rpc_xprt *xprt) { struct sock_xprt *sock = container_of(xprt, struct sock_xprt, xprt); - return xs_sock_getport(sock->sock); + unsigned short ret = 0; + mutex_lock(&sock->recv_mutex); + if (sock->sock) + ret = xs_sock_getport(sock->sock); + mutex_unlock(&sock->recv_mutex); + return ret; } EXPORT_SYMBOL(get_srcport); -- 2.34.1

2 1

[PATCH OLK-5.10] SUNRPC: lock against ->sock changing during sysfs read
by Liu Jian 22 Jul '24

22 Jul '24

From: NeilBrown <neilb(a)suse.de> mainline inclusion from mainline-v5.17-rc4 commit b49ea673e119f59c71645e2f65b3ccad857c90ee category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IADG5L CVE: CVE-2022-48816 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?… --------------------------- ->sock can be set to NULL asynchronously unless ->recv_mutex is held. So it is important to hold that mutex. Otherwise a sysfs read can trigger an oops. Commit 17f09d3f619a ("SUNRPC: Check if the xprt is connected before handling sysfs reads") appears to attempt to fix this problem, but it only narrows the race window. Fixes: 17f09d3f619a ("SUNRPC: Check if the xprt is connected before handling sysfs reads") Fixes: a8482488a7d6 ("SUNRPC query transport's source port") Signed-off-by: NeilBrown <neilb(a)suse.de> Signed-off-by: Anna Schumaker <Anna.Schumaker(a)Netapp.com> Conflicts: net/sunrpc/sysfs.c [Did not backport e44773daf851d.] Signed-off-by: Liu Jian <liujian56(a)huawei.com> --- net/sunrpc/xprtsock.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/net/sunrpc/xprtsock.c b/net/sunrpc/xprtsock.c index 0666f981618a..8d9a27b25ca5 100644 --- a/net/sunrpc/xprtsock.c +++ b/net/sunrpc/xprtsock.c @@ -1676,7 +1676,12 @@ static int xs_get_srcport(struct sock_xprt *transport) unsigned short get_srcport(struct rpc_xprt *xprt) { struct sock_xprt *sock = container_of(xprt, struct sock_xprt, xprt); - return xs_sock_getport(sock->sock); + unsigned short ret = 0; + mutex_lock(&sock->recv_mutex); + if (sock->sock) + ret = xs_sock_getport(sock->sock); + mutex_unlock(&sock->recv_mutex); + return ret; } EXPORT_SYMBOL(get_srcport); -- 2.34.1

2 1

2024

2023

2022

2021

2020

2019

Kernel July 2024