From: Jiri Pirko <jpirko@redhat.com>
Date: Tue, 20 Oct 2009 17:10:00 +0200
Subject: [net] AF_UNIX: deadlock on connecting to shutdown socket
Message-id: 20091020151000.GF2901@psychotron.lab.eng.brq.redhat.com
O-Subject: [RHEL5.5 patch] BZ529631 net: AF_UNIX: Fix deadlock on connecting to shutdown socket
Bugzilla: 529631
RH-Acked-by: Ivan Vecera <ivecera@redhat.com>
RH-Acked-by: Danny Feng <dfeng@redhat.com>
RH-Acked-by: Eugene Teo <eugene@redhat.com>
RH-Acked-by: Thomas Graf <tgraf@redhat.com>
CVE: CVE-2009-3621

CVE-2009-3621
BZ529631
https://bugzilla.redhat.com/show_bug.cgi?id=529631

Description:
This patch fixes a deadlock bug in UNIX domain socket, which makes
able to DoS attack against the local machine by non-root users.

Upstream:
http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=commitdiff;h=77238f2b942b38ab4e7f3aced44084493e4a8675

Brew:
https://brewweb.devel.redhat.com/taskinfo?taskID=2036990

Test:
Booted on x86_64, tested by the reproducer.

Jirka

Signed-off-by: Jiri Pirko <jpirko@redhat.com>

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index be0a838..3e2c5c9 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1007,6 +1007,8 @@ restart:
 	err = -ECONNREFUSED;
 	if (other->sk_state != TCP_LISTEN)
 		goto out_unlock;
+	if (other->sk_shutdown & RCV_SHUTDOWN)
+		goto out_unlock;
 
 	if (skb_queue_len(&other->sk_receive_queue) >
 	    other->sk_max_ack_backlog) {