Re: [syzbot] [io-uring] general protection fault in tomoyo_socket_bind_permission

From: Hillf Danton
Date: Sat Jul 13 2024 - 05:29:53 EST

Next message: Leon Romanovsky: "Re: [PATCH 2/2] dma: Add IOMMU static calls with clear default ops"
Previous message: Gavin Shan: "Re: [PATCH] mm/huge_memory: Avoid PMD-size page cache if needed"
In reply to: syzbot: "[syzbot] [io-uring] general protection fault in tomoyo_socket_bind_permission"
Next in thread: syzbot: "Re: [syzbot] [io-uring] general protection fault in tomoyo_socket_bind_permission"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, 13 Jul 2024 01:21:23 -0700
> syzbot found the following issue on:
>
> HEAD commit: 3fe121b62282 Add linux-next specific files for 20240712
> git tree: linux-next
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10c2be31980000

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 3fe121b62282

--- x/io_uring/net.c
+++ y/io_uring/net.c
@@ -1742,8 +1742,12 @@ int io_bind(struct io_kiocb *req, unsign
struct io_bind *bind = io_kiocb_to_cmd(req, struct io_bind);
struct io_async_msghdr *io = req->async_data;
int ret;
+ struct socket *sk;

- ret = __sys_bind_socket(sock_from_file(req->file), &io->addr, bind->addr_len);
+ sk = sock_from_file(req->file);
+ if (!sk)
+ return -ENOTSOCK;
+ ret = __sys_bind_socket(sk, &io->addr, bind->addr_len);
if (ret < 0)
req_set_fail(req);
io_req_set_res(req, ret, 0);
--

Next message: Leon Romanovsky: "Re: [PATCH 2/2] dma: Add IOMMU static calls with clear default ops"
Previous message: Gavin Shan: "Re: [PATCH] mm/huge_memory: Avoid PMD-size page cache if needed"
In reply to: syzbot: "[syzbot] [io-uring] general protection fault in tomoyo_socket_bind_permission"
Next in thread: syzbot: "Re: [syzbot] [io-uring] general protection fault in tomoyo_socket_bind_permission"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]