Description: race condition in rose_bind()
References:
 https://bugzilla.redhat.com/show_bug.cgi?id=2120595
Notes:
 carnil> Possible fix is 2df91e397d85 ("net: rose: add netdev ref
 carnil> tracker to 'struct rose_sock'") but as of 2022-08-30 no
 carnil> clarification in RHBZ#2120595.
 bwh> This is not fixed by commit 2df91e397d85.  The problem is that
 bwh> rose_bind() doesn't prevent two concurrent bind calls on the same
 bwh> socket from succeeding.  It checks that the SOCK_ZAPPED flag is set
 bwh> at the top, and clears it at the bottom, leaving a race condition
 bwh> between those bit operations.
 bwh> In bullseye and newer releases this is mitigated because we
 bwh> disabled auto-loading of the rose module.
Bugs:
upstream: needed
6.1-upstream-stable: needed
5.10-upstream-stable: needed
4.19-upstream-stable: needed
sid: needed
6.1-bookworm-security: needed
5.10-bullseye-security: needed
4.19-buster-security: needed