kernel_optimize_test/include
Xin Long fb6df5a623 sctp: kfree_rcu asoc
In sctp_hash_transport/sctp_epaddr_lookup_transport, it dereferences
a transport's asoc under rcu_read_lock while asoc is freed not after
a grace period, which leads to a use-after-free panic.

This patch fixes it by calling kfree_rcu to make asoc be freed after
a grace period.

Note that only the asoc's memory is delayed to free in the patch, it
won't cause sk to linger longer.

Thanks Neil and Marcelo to make this clear.

Fixes: 7fda702f93 ("sctp: use new rhlist interface on sctp transport rhashtable")
Fixes: cd2b708750 ("sctp: check duplicate node before inserting a new transport")
Reported-by: syzbot+0b05d8aa7cb185107483@syzkaller.appspotmail.com
Reported-by: syzbot+aad231d51b1923158444@syzkaller.appspotmail.com
Suggested-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-12-03 15:54:41 -08:00
..
acpi
asm-generic s390 updates for 4.20-rc2 2018-11-09 06:30:44 -06:00
clocksource
crypto
drm drm, i915, amdgpu, bridge + core quirk 2018-11-02 10:58:20 -07:00
dt-bindings This time it looks like a quieter release cycle in the clk tree. I guess that's 2018-10-31 11:08:30 -07:00
keys
kvm
linux net: phy: sfp: correct location of SFP standards 2018-11-29 11:46:34 -08:00
math-emu
media media: Rename vb2_m2m_request_queue -> v4l2_m2m_request_queue 2018-11-06 05:24:22 -05:00
memory
misc
net sctp: kfree_rcu asoc 2018-12-03 15:54:41 -08:00
pcmcia
ras
rdma
scsi
soc
sound
target
trace Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-11-19 09:24:04 -08:00
uapi Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/hid/hid 2018-11-24 12:58:47 -08:00
video
xen CONFIG_XEN_PV breaks xen_create_contiguous_region on ARM 2018-11-02 17:18:34 +01:00