AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
676d23690f
kernel_optimize_test/drivers/scsi
History
David S. Miller 676d23690f net: Fix use after free by removing length arg from sk_data_ready callbacks. 
Several spots in the kernel perform a sequence like:

	skb_queue_tail(&sk->s_receive_queue, skb);
	sk->sk_data_ready(sk, skb->len);

But at the moment we place the SKB onto the socket receive queue it
can be consumed and freed up.  So this skb->len access is potentially
to freed up memory.

Furthermore, the skb->len can be modified by the consumer so it is
possible that the value isn't accurate.

And finally, no actual implementation of this callback actually uses
the length argument.  And since nobody actually cared about it's
value, lots of call sites pass arbitrary values in such as '0' and
even '1'.

So just remove the length argument from the callback, that way there
is no confusion whatsoever and all of these use-after-free cases get
fixed as a side effect.

Based upon a patch by Eric Dumazet and his suggestion to audit this
issue tree-wide.

Signed-off-by: David S. Miller <davem@davemloft.net>
2014-04-11 16:15:36 -04:00
..
aacraid [SCSI] remove deprecated IRQF_DISABLED from SCSI 2014-03-19 15:04:44 -07:00
aic7xxx [SCSI] remove deprecated IRQF_DISABLED from SCSI 2014-03-19 15:04:44 -07:00
aic94xx
arcmsr [SCSI] arcmsr: upper 32 of dma address lost 2014-03-15 10:19:19 -07:00
arm [SCSI] remove deprecated IRQF_DISABLED from SCSI 2014-03-19 15:04:44 -07:00
be2iscsi Merge branch 'for-3.15/core' of git://git.kernel.dk/linux-block 2014-04-01 19:19:15 -07:00
bfa [SCSI] bfa: Replace large udelay() with mdelay() 2014-03-19 15:04:47 -07:00
bnx2fc CPU hotplug notifiers registration fixes for 3.15-rc1 2014-04-07 14:55:46 -07:00
bnx2i CPU hotplug notifiers registration fixes for 3.15-rc1 2014-04-07 14:55:46 -07:00
csiostor Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-11-15 16:47:22 -08:00
cxgbi [SCSI] cxgb4i: Use cxgb4_select_ntuple to correctly calculate ntuple fields 2014-03-15 10:19:18 -07:00
device_handler [SCSI] scsi_dh_alua: ALUA handler attach should succeed while TPG is transitioning 2013-10-25 11:19:33 +01:00
dpt
esas2r [SCSI] remove deprecated IRQF_DISABLED from SCSI 2014-03-19 15:04:44 -07:00
fcoe scsi, fcoe: Fix CPU hotplug callback registration 2014-03-20 13:43:45 +01:00
fnic Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-11-15 16:47:22 -08:00
ibmvscsi [SCSI] remove deprecated IRQF_DISABLED from SCSI 2014-03-19 15:04:44 -07:00
isci [SCSI] isci: update version to 1.2 2014-03-15 10:19:17 -07:00
libfc
libsas SCSI misc on 20140401 2014-04-01 18:49:04 -07:00
lpfc [SCSI] lpfc: use NULL instead of 0 for pointer 2014-03-15 10:18:58 -07:00
megaraid [SCSI] megaraid_sas: Version and Changelog update 2014-03-15 10:19:21 -07:00
mpt2sas Merge branch 'for-3.14/core' of git://git.kernel.dk/linux-block 2014-01-30 11:19:05 -08:00
mpt3sas Merge branch 'for-3.14/core' of git://git.kernel.dk/linux-block 2014-01-30 11:19:05 -08:00
mvsas
osd block: Abstract out bvec iterator 2013-11-23 22:33:47 -08:00
pcmcia
pm8001 [SCSI] remove deprecated IRQF_DISABLED from SCSI 2014-03-19 15:04:44 -07:00
qla2xxx SCSI misc on 20140401 2014-04-01 18:49:04 -07:00
qla4xxx [SCSI] libiscsi: Reduce locking contention in fast path 2014-03-15 10:19:18 -07:00
sym53c8xx_2 PCI: Convert pcibios_resource_to_bus() to take a pci_bus, not a pci_dev 2013-12-21 10:06:10 -07:00
ufs Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-11-15 16:47:22 -08:00
.gitignore
3w-9xxx.c [SCSI] Disable WRITE SAME for RAID and virtual host adapter drivers 2013-11-29 08:48:39 +04:00
3w-9xxx.h
3w-sas.c [SCSI] Disable WRITE SAME for RAID and virtual host adapter drivers 2013-11-29 08:48:39 +04:00
3w-sas.h
3w-xxxx.c [SCSI] Disable WRITE SAME for RAID and virtual host adapter drivers 2013-11-29 08:48:39 +04:00
3w-xxxx.h
53c700_d.h_shipped
53c700.c
53c700.h
53c700.scr
a100u2w.c
a100u2w.h
a2091.c zorro: ZTWO_VADDR() should return "void __iomem *" 2013-11-26 11:09:07 +01:00
a2091.h
a3000.c zorro: ZTWO_VADDR() should return "void __iomem *" 2013-11-26 11:09:07 +01:00
a3000.h
a4000t.c zorro: ZTWO_VADDR() should return "void __iomem *" 2013-11-26 11:09:07 +01:00
advansys.c [SCSI] advansys: Remove 'last_reset' references 2013-10-25 11:44:54 +01:00
aha152x.c [SCSI] remove deprecated IRQF_DISABLED from SCSI 2014-03-19 15:04:44 -07:00
aha152x.h
aha1542.c
aha1542.h
aha1740.c
aha1740.h
atari_NCR5380.c
atari_scsi.c [SCSI] atari_scsi: Fix sleep_on race 2014-03-10 21:15:09 +01:00
atari_scsi.h
atp870u.c
atp870u.h
BusLogic.c [SCSI] buslogic: Added check for DMA mapping errors 2013-10-25 09:57:57 +01:00
BusLogic.h
bvme6000_scsi.c
ch.c
constants.c
dc395x.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-11-15 16:47:22 -08:00
dc395x.h
dmx3191d.c
dpt_i2o.c [SCSI] dpt_i2o: return SCSI_MLQUEUE_HOST_BUSY when in reset 2013-10-25 11:40:42 +01:00
dpti.h [SCSI] dpt_i2o: Remove DPTI_STATE_IOCTL 2013-10-25 11:36:26 +01:00
dtc.c [SCSI] remove deprecated IRQF_DISABLED from SCSI 2014-03-19 15:04:44 -07:00
dtc.h
eata_generic.h
eata_pio.c [SCSI] remove deprecated IRQF_DISABLED from SCSI 2014-03-19 15:04:44 -07:00
eata_pio.h
eata.c [SCSI] remove deprecated IRQF_DISABLED from SCSI 2014-03-19 15:04:44 -07:00
esp_scsi.c
esp_scsi.h
fdomain.c
fdomain.h
FlashPoint.c
g_NCR5380_mmio.c
g_NCR5380.c [SCSI] remove deprecated IRQF_DISABLED from SCSI 2014-03-19 15:04:44 -07:00
g_NCR5380.h
gdth_ioctl.h
gdth_proc.c
gdth_proc.h
gdth.c [SCSI] remove deprecated IRQF_DISABLED from SCSI 2014-03-19 15:04:44 -07:00
gdth.h
gvp11.c zorro: ZTWO_VADDR() should return "void __iomem *" 2013-11-26 11:09:07 +01:00
gvp11.h
hosts.c [SCSI] scsi_error: disable eh_deadline if no host_reset_handler is set 2014-03-15 10:18:59 -07:00
hpsa_cmd.h [SCSI] hpsa: Add hba mode to the hpsa driver 2014-03-15 10:19:23 -07:00
hpsa.c [SCSI] hpsa: update driver version to 3.4.4-1 2014-03-19 15:16:07 -07:00
hpsa.h [SCSI] hpsa: Add hba mode to the hpsa driver 2014-03-15 10:19:23 -07:00
hptiop.c
hptiop.h
imm.c
imm.h
in2000.c [SCSI] remove deprecated IRQF_DISABLED from SCSI 2014-03-19 15:04:44 -07:00
in2000.h
initio.c [SCSI] remove deprecated IRQF_DISABLED from SCSI 2014-03-19 15:04:44 -07:00
initio.h
ipr.c Merge branch 'for-3.15/core' of git://git.kernel.dk/linux-block 2014-04-01 19:19:15 -07:00
ipr.h [SCSI] ipr: Add new CCIN definition for Grand Canyon support 2014-03-19 15:04:42 -07:00
ips.c [SCSI] Disable WRITE SAME for RAID and virtual host adapter drivers 2013-11-29 08:48:39 +04:00
ips.h
iscsi_boot_sysfs.c [SCSI] iscsi_boot_sysfs: Fix a memory leak in iscsi_boot_destroy_kset() 2014-03-15 10:19:19 -07:00
iscsi_tcp.c net: Fix use after free by removing length arg from sk_data_ready callbacks. 2014-04-11 16:15:36 -04:00
iscsi_tcp.h net: Fix use after free by removing length arg from sk_data_ready callbacks. 2014-04-11 16:15:36 -04:00
jazz_esp.c
Kconfig Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2014-01-22 21:21:55 -08:00
lasi700.c
libiscsi_tcp.c [SCSI] libiscsi: Reduce locking contention in fast path 2014-03-15 10:19:18 -07:00
libiscsi.c Main batch of InfiniBand/RDMA changes for 3.15: 2014-04-03 16:57:19 -07:00
libsrp.c
mac53c94.c
mac53c94.h
mac_esp.c
mac_scsi.c [SCSI] mac_scsi: Fix crash on out of memory 2013-12-19 20:56:28 -08:00
mac_scsi.h
Makefile [SCSI] aci7xxx_old: delete decade+ obsolete driver 2013-12-19 07:39:02 -08:00
megaraid.c [SCSI] megaraid: simplify internal command handling 2014-03-27 08:26:31 -07:00
megaraid.h [SCSI] megaraid: simplify internal command handling 2014-03-27 08:26:31 -07:00
mesh.c
mesh.h
mvme16x_scsi.c
mvme147.c
mvme147.h
mvumi.c
mvumi.h
ncr53c8xx.c
ncr53c8xx.h
NCR53c406a.c
NCR5380.c [SCSI] remove deprecated IRQF_DISABLED from SCSI 2014-03-19 15:04:44 -07:00
NCR5380.h
NCR_D700.c
NCR_D700.h
NCR_Q720.c
NCR_Q720.h
nsp32_debug.c
nsp32_io.h
nsp32.c
nsp32.h
osst_detect.h
osst_options.h
osst.c
osst.h
pas16.c [SCSI] remove deprecated IRQF_DISABLED from SCSI 2014-03-19 15:04:44 -07:00
pas16.h
pmcraid.c SCSI fixes on 20131206 2013-12-06 08:30:18 -08:00
pmcraid.h
ppa.c
ppa.h
ps3rom.c
qla1280.c x86, platforms: Remove SGI Visual Workstation 2014-02-27 08:07:39 -08:00
qla1280.h
qlogicfas408.c
qlogicfas408.h
qlogicfas.c
qlogicpti.c
qlogicpti.h
raid_class.c
script_asm.pl
scsi_debug.c [SCSI] scsi_debug: add ability to enable clustering 2014-03-19 15:04:37 -07:00
scsi_devinfo.c
scsi_error.c [SCSI] do not manipulate device reference counts in scsi_get/put_command 2014-03-15 10:19:24 -07:00
scsi_ioctl.c
scsi_lib_dma.c
scsi_lib.c [SCSI] remove a useless get/put_device pair in scsi_requeue_command 2014-03-15 10:19:25 -07:00
scsi_logging.h
scsi_module.c
scsi_netlink.c
scsi_pm.c [SCSI] sr: use block layer runtime PM 2013-12-16 10:57:51 -08:00
scsi_priv.h [SCSI] improved eh timeout handler 2013-12-19 07:39:02 -08:00
scsi_proc.c
scsi_sas_internal.h
scsi_scan.c [SCSI] Add EVPD page 0x83 and 0x80 to sysfs 2014-03-27 08:25:33 -07:00
scsi_sysctl.c
scsi_sysfs.c SCSI misc on 20140401 2014-04-01 18:49:04 -07:00
scsi_tgt_if.c
scsi_tgt_lib.c [SCSI] do not manipulate device reference counts in scsi_get/put_command 2014-03-15 10:19:24 -07:00
scsi_tgt_priv.h
scsi_trace.c
scsi_transport_api.h
scsi_transport_fc_internal.h
scsi_transport_fc.c [SCSI] scsi_transport_fc: Add 32Gbps speed definition. 2014-03-15 10:17:50 -07:00
scsi_transport_iscsi.c Merge branch 'master' into for-next 2014-02-20 14:54:28 +01:00
scsi_transport_sas.c
scsi_transport_spi.c
scsi_transport_srp_internal.h
scsi_transport_srp.c scsi_transport_srp: Fix two kernel-doc warnings 2014-03-24 10:05:30 -07:00
scsi_typedefs.h
scsi.c [SCSI] add support for per-host cmd pools 2014-03-27 08:26:33 -07:00
scsi.h
scsicam.c
sd_dif.c bio-integrity: Convert to bvec_iter 2013-11-23 22:33:50 -08:00
sd.c [SCSI] sd: Quiesce mode sense error messages 2014-03-27 08:26:33 -07:00
sd.h [SCSI] sd: Quiesce mode sense error messages 2014-03-27 08:26:33 -07:00
ses.c [SCSI] ses: Use vpd information from scsi_device 2014-03-27 08:26:31 -07:00
sg.c [SCSI] Revert "sg: use rwsem to solve race during exclusive open" 2013-10-25 10:59:54 +01:00
sgiwd93.c
sim710.c
sni_53c710.c
sr_ioctl.c
sr_vendor.c
sr.c [SCSI] sr: use block layer runtime PM 2013-12-16 10:57:51 -08:00
sr.h
st_options.h
st.c [SCSI] st: fix corruption of the st_modedef structures in st_set_options() 2014-03-15 10:19:22 -07:00
st.h
stex.c
storvsc_drv.c [SCSI] storvsc: NULL pointer dereference fix 2014-03-12 13:16:54 +04:00
sun3_NCR5380.c
sun3_scsi_vme.c
sun3_scsi.c
sun3_scsi.h
sun3x_esp.c
sun_esp.c
sym53c416.c
sym53c416.h
t128.c [SCSI] remove deprecated IRQF_DISABLED from SCSI 2014-03-19 15:04:44 -07:00
t128.h
tmscsim.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2013-11-15 16:47:22 -08:00
tmscsim.h [SCSI] tmscsim: Move 'last_reset' into host structure 2013-10-25 11:51:37 +01:00
u14-34f.c [SCSI] remove deprecated IRQF_DISABLED from SCSI 2014-03-19 15:04:44 -07:00
ultrastor.c
ultrastor.h
virtio_scsi.c virtio-scsi: Fix hotcpu_notifier use-after-free with virtscsi_freeze 2014-01-16 10:22:27 +10:30
vmw_pvscsi.c [SCSI] vmw_pvscsi: Some improvements in pvscsi driver. 2014-03-19 15:04:46 -07:00
vmw_pvscsi.h [SCSI] vmw_pvscsi: Some improvements in pvscsi driver. 2014-03-19 15:04:46 -07:00
wd33c93.c
wd33c93.h
wd7000.c [SCSI] remove deprecated IRQF_DISABLED from SCSI 2014-03-19 15:04:44 -07:00
zalon.c
zorro7xx.c zorro: ZTWO_VADDR() should return "void __iomem *" 2013-11-26 11:09:07 +01:00