[PATCH 4.9 58/75] usbip: prevent leaking socket pointer address in messages

From: Greg Kroah-Hartman
Date: Mon Jan 01 2018 - 10:14:48 EST

Next message: Greg Kroah-Hartman: "[PATCH 4.9 57/75] usbip: fix usbip bind writing random string after command in match_busid"
Previous message: Greg Kroah-Hartman: "[PATCH 4.9 34/75] tcp md5sig: Use skbs saddr when replying to an incoming segment"
In reply to: Greg Kroah-Hartman: "[PATCH 4.9 34/75] tcp md5sig: Use skbs saddr when replying to an incoming segment"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.9 57/75] usbip: fix usbip bind writing random string after command in match_busid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

4.9-stable review patch. If anyone has any objections, please let me know.

------------------

From: Shuah Khan <shuahkh@xxxxxxxxxxxxxxx>

commit 90120d15f4c397272aaf41077960a157fc4212bf upstream.

usbip driver is leaking socket pointer address in messages. Remove
the messages that aren't useful and print sockfd in the ones that
are useful for debugging.

Signed-off-by: Shuah Khan <shuahkh@xxxxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
drivers/usb/usbip/stub_dev.c | 3 +--
drivers/usb/usbip/usbip_common.c | 14 ++++----------
drivers/usb/usbip/vhci_hcd.c | 2 +-
3 files changed, 6 insertions(+), 13 deletions(-)

--- a/drivers/usb/usbip/stub_dev.c
+++ b/drivers/usb/usbip/stub_dev.c
@@ -163,8 +163,7 @@ static void stub_shutdown_connection(str
* step 1?
*/
if (ud->tcp_socket) {
- dev_dbg(&sdev->udev->dev, "shutdown tcp_socket %p\n",
- ud->tcp_socket);
+ dev_dbg(&sdev->udev->dev, "shutdown sockfd\n");
kernel_sock_shutdown(ud->tcp_socket, SHUT_RDWR);
}

--- a/drivers/usb/usbip/usbip_common.c
+++ b/drivers/usb/usbip/usbip_common.c
@@ -335,13 +335,10 @@ int usbip_recv(struct socket *sock, void
char *bp = buf;
int osize = size;

- usbip_dbg_xmit("enter\n");
-
- if (!sock || !buf || !size) {
- pr_err("invalid arg, sock %p buff %p size %d\n", sock, buf,
- size);
+ if (!sock || !buf || !size)
return -EINVAL;
- }
+
+ usbip_dbg_xmit("enter\n");

do {
sock->sk->sk_allocation = GFP_NOIO;
@@ -354,11 +351,8 @@ int usbip_recv(struct socket *sock, void
msg.msg_flags = MSG_NOSIGNAL;

result = kernel_recvmsg(sock, &msg, &iov, 1, size, MSG_WAITALL);
- if (result <= 0) {
- pr_debug("receive sock %p buf %p size %u ret %d total %d\n",
- sock, buf, size, result, total);
+ if (result <= 0)
goto err;
- }

size -= result;
buf += result;
--- a/drivers/usb/usbip/vhci_hcd.c
+++ b/drivers/usb/usbip/vhci_hcd.c
@@ -823,7 +823,7 @@ static void vhci_shutdown_connection(str

/* need this? see stub_dev.c */
if (ud->tcp_socket) {
- pr_debug("shutdown tcp_socket %p\n", ud->tcp_socket);
+ pr_debug("shutdown tcp_socket\n");
kernel_sock_shutdown(ud->tcp_socket, SHUT_RDWR);
}

Next message: Greg Kroah-Hartman: "[PATCH 4.9 57/75] usbip: fix usbip bind writing random string after command in match_busid"
Previous message: Greg Kroah-Hartman: "[PATCH 4.9 34/75] tcp md5sig: Use skbs saddr when replying to an incoming segment"
In reply to: Greg Kroah-Hartman: "[PATCH 4.9 34/75] tcp md5sig: Use skbs saddr when replying to an incoming segment"
Next in thread: Greg Kroah-Hartman: "[PATCH 4.9 57/75] usbip: fix usbip bind writing random string after command in match_busid"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]