From: Kalesh Singh Date: Mon, 11 Jan 2021 06:26:18 +0000 (-0500) Subject: [RAMEN9610-21968]ANDROID: xt_qtaguid: Remove tag_entry from process list on untag X-Git-Tag: MMI-RSA31.Q1-48-36-11~6 X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=f9ed75a969741f5b31add513917b3422fae69571;p=GitHub%2FMotorolaMobilityLLC%2Fkernel-slsi.git [RAMEN9610-21968]ANDROID: xt_qtaguid: Remove tag_entry from process list on untag A sock_tag_entry can only be part of one process's pqd_entry->sock_tag_list. RetagGing the socket only updates sock_tag_entry->tag, and does not add the tag entry to the current process's pqd_entry list, nor update sock_tag_entry->pid. So the sock_tag_entry is only ever present in the pqd_entry list of the process that initially tagged the socket. A sock_tag_entry can also get created and not be added to any process's pqd_entry list. This happens if the process that initially tags the socket has not opened /dev/xt_qtaguid. ctrl_cmd_untag() supports untagGing from a context other than the process that initially tagged the socket. Currently, the sock_tag_entry is only removed from its containing pqd_entry->sock_tag_list if the process that does the untagGing has opened /dev/xt_qtaguid. However, the tag entry should always be deleted from its pqd entry list (if present). Bug: 176919394 Signed-off-by: Kalesh Singh Change-Id: I5b6f0c36c0ebefd98cc6873a4057104c7d885ccc (cherry picked from commit c2ab93b45b5cdc426868fb8793ada2cac20568ef) --- diff --git a/net/netfilter/xt_qtaguid.c b/net/netfilter/xt_qtaguid.c index d261932ee595..a61f43674519 100644 --- a/net/netfilter/xt_qtaguid.c +++ b/net/netfilter/xt_qtaguid.c @@ -2424,15 +2424,20 @@ int qtaguid_untag(struct socket *el_socket, bool kernel) * At first, we want to catch user-space code that is not * opening the /dev/xt_qtaguid. */ - if (IS_ERR_OR_NULL(pqd_entry) || !sock_tag_entry->list.next) { + if (IS_ERR_OR_NULL(pqd_entry)) pr_warn_once("qtaguid: %s(): " "User space forgot to open /dev/xt_qtaguid? " "pid=%u tgid=%u sk_pid=%u, uid=%u\n", __func__, current->pid, current->tgid, sock_tag_entry->pid, from_kuid(&init_user_ns, current_fsuid())); - } else { + /* + * This check is needed because tagging from a process that + * didn’t open /dev/xt_qtaguid still adds the sock_tag_entry + * to sock_tag_tree. + */ + if (sock_tag_entry->list.next) list_del(&sock_tag_entry->list); - } + spin_unlock_bh(&uid_tag_data_tree_lock); /* * We don't free tag_ref from the utd_entry here,