kernel_optimize_test

History

Xin Long fb6df5a623 sctp: kfree_rcu asoc In sctp_hash_transport/sctp_epaddr_lookup_transport, it dereferences a transport's asoc under rcu_read_lock while asoc is freed not after a grace period, which leads to a use-after-free panic. This patch fixes it by calling kfree_rcu to make asoc be freed after a grace period. Note that only the asoc's memory is delayed to free in the patch, it won't cause sk to linger longer. Thanks Neil and Marcelo to make this clear. Fixes: `7fda702f93` ("sctp: use new rhlist interface on sctp transport rhashtable") Fixes: `cd2b708750` ("sctp: check duplicate node before inserting a new transport") Reported-by: syzbot+0b05d8aa7cb185107483@syzkaller.appspotmail.com Reported-by: syzbot+aad231d51b1923158444@syzkaller.appspotmail.com Suggested-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: Xin Long <lucien.xin@gmail.com> Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com> Acked-by: Neil Horman <nhorman@tuxdriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2018-12-03 15:54:41 -08:00
..
associola.c	sctp: kfree_rcu asoc	2018-12-03 15:54:41 -08:00
auth.c	treewide: kzalloc() -> kcalloc()	2018-06-12 16:19:22 -07:00
bind_addr.c	sctp: remove the typedef sctp_scope_t	2017-08-06 21:33:41 -07:00
chunk.c	net/sctp: Make wrappers for accessing in/out streams	2018-08-11 12:25:15 -07:00
debug.c	sctp: add SCTP_CID_I_DATA and SCTP_CID_I_FWD_TSN conversion in sctp_cname	2018-02-12 11:40:01 -05:00
diag.c	sctp: add file comments in diag.c	2018-02-13 13:56:31 -05:00
endpointola.c	treewide: Use struct_size() for kmalloc()-family	2018-06-06 11:15:43 -07:00
input.c	sctp: use the pmtu from the icmp packet to update transport pathmtu	2018-10-15 22:54:20 -07:00
inqueue.c	sctp: fix the issue that the cookie-ack with auth can't get processed	2018-05-02 11:15:33 -04:00
ipv6.c	sctp: check for ipv6_pinfo legal sndflow with flowlabel in sctp_v6_get_dst	2018-07-04 11:36:54 +09:00
Kconfig	sctp: whitespace fixes	2018-07-24 14:10:42 -07:00
Makefile	sctp: rename sctp_diag.c as diag.c	2018-02-13 13:56:31 -05:00
objcnt.c	proc: introduce proc_create_seq{,_data}	2018-05-16 07:23:35 +02:00
offload.c	net: use skb_is_gso_sctp() instead of open-coding	2018-03-09 11:41:47 -05:00
output.c	sctp: increase sk_wmem_alloc when head->truesize is increased	2018-11-27 15:42:31 -08:00
outqueue.c	sctp: define SCTP_SS_DEFAULT for Stream schedulers	2018-11-03 19:40:29 -07:00
primitive.c	sctp: remove the typedef sctp_subtype_t	2017-08-06 21:33:42 -07:00
proc.c	sctp: remove useless start_fail from sctp_ht_iter in proc	2018-08-27 15:13:17 -07:00
protocol.c	mm: remove include/linux/bootmem.h	2018-10-31 08:54:16 -07:00
sm_make_chunk.c	sctp: update frag_point when stream_interleave is set	2018-11-30 13:12:43 -08:00
sm_sideeffect.c	sctp: whitespace fixes	2018-07-24 14:10:42 -07:00
sm_statefuns.c	sctp: delay the authentication for the duplicated cookie-echo chunk	2018-05-07 23:39:10 -04:00
sm_statetable.c	sctp: implement validate_ftsn for sctp_stream_interleave	2017-12-15 13:52:22 -05:00
socket.c	sctp: not allow to set asoc prsctp_enable by sockopt	2018-11-19 12:41:18 -08:00
stream_interleave.c	net/sctp: Make wrappers for accessing in/out streams	2018-08-11 12:25:15 -07:00
stream_sched_prio.c	net/sctp: Make wrappers for accessing in/out streams	2018-08-11 12:25:15 -07:00
stream_sched_rr.c	net/sctp: Make wrappers for accessing in/out streams	2018-08-11 12:25:15 -07:00
stream_sched.c	net/sctp: Make wrappers for accessing in/out streams	2018-08-11 12:25:15 -07:00
stream.c	sctp: not increase stream's incnt before sending addstrm_in request	2018-11-19 14:46:32 -08:00
sysctl.c	sctp: support sysctl to allow users to use stream interleave	2017-12-15 13:52:22 -05:00
transport.c	sctp: update dst pmtu with the correct daddr	2018-09-20 11:29:30 -07:00
tsnmap.c
ulpevent.c	sctp: remove sctp_chunk_put from fail_mark err path in sctp_ulpevent_make_rcvmsg	2018-05-10 17:48:36 -04:00
ulpqueue.c	sctp: Use skb_queue_is_first().	2018-09-10 10:06:53 -07:00