[ Sasha's backport helper bot ]
Hi,
✅ All tests passed successfully. No issues detected. No action required from the submitter.
The upstream commit SHA1 provided is correct: 7d2a894d7f487dcb894df023e9d3014cf5b93fe5
WARNING: Author mismatch between patch and upstream commit: Backport author: Harshit Mogalapalliharshit.m.mogalapalli@oracle.com Commit author: Rémi Denis-Courmontcourmisch@gmail.com
Status in newer kernel trees: 6.14.y | Present (exact SHA1) 6.13.y | Present (exact SHA1) 6.12.y | Present (exact SHA1) 6.6.y | Present (different SHA1: 0a9f558c72c4) 6.1.y | Present (different SHA1: 9d5523e065b5)
Note: The patch differs from the upstream commit: --- 1: 7d2a894d7f487 ! 1: cf507fe643590 phonet/pep: fix racy skb_queue_empty() use @@ Metadata ## Commit message ## phonet/pep: fix racy skb_queue_empty() use
+ [ Upstream commit 7d2a894d7f487dcb894df023e9d3014cf5b93fe5 ] + The receive queues are protected by their respective spin-lock, not the socket lock. This could lead to skb_peek() unexpectedly returning NULL or a pointer to an already dequeued socket buffer. @@ Commit message Signed-off-by: Rémi Denis-Courmont courmisch@gmail.com Link: https://lore.kernel.org/r/20240218081214.4806-2-remi@remlab.net Signed-off-by: Paolo Abeni pabeni@redhat.com + Signed-off-by: Sasha Levin sashal@kernel.org + [Harshit: backport to 5.15.y, clean cherrypick from 6.1.y commit] + Signed-off-by: Harshit Mogalapalli harshit.m.mogalapalli@oracle.com
## net/phonet/pep.c ## @@ net/phonet/pep.c: static int pep_sock_enable(struct sock *sk, struct sockaddr *addr, int len) @@ net/phonet/pep.c: static int pep_sock_enable(struct sock *sk, struct sockaddr *a + return len; +} + - static int pep_ioctl(struct sock *sk, int cmd, int *karg) + static int pep_ioctl(struct sock *sk, int cmd, unsigned long arg) { struct pep_sock *pn = pep_sk(sk); -@@ net/phonet/pep.c: static int pep_ioctl(struct sock *sk, int cmd, int *karg) +@@ net/phonet/pep.c: static int pep_ioctl(struct sock *sk, int cmd, unsigned long arg) break; }
- lock_sock(sk); - if (sock_flag(sk, SOCK_URGINLINE) && - !skb_queue_empty(&pn->ctrlreq_queue)) -- *karg = skb_peek(&pn->ctrlreq_queue)->len; +- answ = skb_peek(&pn->ctrlreq_queue)->len; - else if (!skb_queue_empty(&sk->sk_receive_queue)) -- *karg = skb_peek(&sk->sk_receive_queue)->len; +- answ = skb_peek(&sk->sk_receive_queue)->len; - else -- *karg = 0; +- answ = 0; - release_sock(sk); -+ *karg = pep_first_packet_length(sk); - ret = 0; ++ answ = pep_first_packet_length(sk); + ret = put_user(answ, (int __user *)arg); break;
---
Results of testing on various branches:
| Branch | Patch Apply | Build Test | |---------------------------|-------------|------------| | stable/linux-6.1.y | Success | Success |