net/smc: no shutdown in state SMC_LISTEN

Invoking shutdown for a socket in state SMC_LISTEN does not make
sense. Nevertheless programs like syzbot fuzzing the kernel may
try to do this. For SMC this means a socket refcounting problem.
This patch makes sure a shutdown call for an SMC socket in state
SMC_LISTEN simply returns with -ENOTCONN.

Signed-off-by: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Ursula Braun 2018-08-08 14:13:19 +02:00 committed by David S. Miller
parent 11ba961c91
commit caa21e19e0

View File

@ -1397,8 +1397,7 @@ static int smc_shutdown(struct socket *sock, int how)
lock_sock(sk); lock_sock(sk);
rc = -ENOTCONN; rc = -ENOTCONN;
if ((sk->sk_state != SMC_LISTEN) && if ((sk->sk_state != SMC_ACTIVE) &&
(sk->sk_state != SMC_ACTIVE) &&
(sk->sk_state != SMC_PEERCLOSEWAIT1) && (sk->sk_state != SMC_PEERCLOSEWAIT1) &&
(sk->sk_state != SMC_PEERCLOSEWAIT2) && (sk->sk_state != SMC_PEERCLOSEWAIT2) &&
(sk->sk_state != SMC_APPCLOSEWAIT1) && (sk->sk_state != SMC_APPCLOSEWAIT1) &&