net: mctp: hold key reference when looking up a general key
authorPaolo Abeni <pabeni@redhat.com>
Tue, 24 Jan 2023 02:01:05 +0000 (10:01 +0800)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 1 Feb 2023 07:34:48 +0000 (08:34 +0100)
commit6a524787965f6fec33cde3a046da6ef2b500e807
tree92058d8297f3111941441e8bbdec0885643f45b8
parent2f87a60e9b4ea7a7906d122dd5862ab14fd93aa2
net: mctp: hold key reference when looking up a general key

[ Upstream commit 6e54ea37e344f145665c2dc3cc534b92529e8de5 ]

Currently, we have a race where we look up a sock through a "general"
(ie, not directly associated with the (src,dest,tag) tuple) key, then
drop the key reference while still holding the key's sock.

This change expands the key reference until we've finished using the
sock, and hence the sock reference too.

Commit message changes from Jeremy Kerr <jk@codeconstruct.com.au>.

Reported-by: Noam Rathaus <noamr@ssd-disclosure.com>
Fixes: 73c618456dc5 ("mctp: locking, lifetime and validity changes for sk_keys")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
net/mctp/route.c