Re: [syzbot] [io-uring] general protection fault in tomoyo_socket_bind_permission

From: Hillf Danton
Date: Sat Jul 13 2024 - 05:29:53 EST


On Sat, 13 Jul 2024 01:21:23 -0700
> syzbot found the following issue on:
>
> HEAD commit: 3fe121b62282 Add linux-next specific files for 20240712
> git tree: linux-next
> C reproducer: https://syzkaller.appspot.com/x/repro.c?x=10c2be31980000

#syz test https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git 3fe121b62282

--- x/io_uring/net.c
+++ y/io_uring/net.c
@@ -1742,8 +1742,12 @@ int io_bind(struct io_kiocb *req, unsign
struct io_bind *bind = io_kiocb_to_cmd(req, struct io_bind);
struct io_async_msghdr *io = req->async_data;
int ret;
+ struct socket *sk;

- ret = __sys_bind_socket(sock_from_file(req->file), &io->addr, bind->addr_len);
+ sk = sock_from_file(req->file);
+ if (!sk)
+ return -ENOTSOCK;
+ ret = __sys_bind_socket(sk, &io->addr, bind->addr_len);
if (ret < 0)
req_set_fail(req);
io_req_set_res(req, ret, 0);
--