AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
9ebeddef58
kernel_optimize_test/net/rxrpc
History
David Howells 9ebeddef58 rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record 
The rxrpc_peer record needs to hold a reference on the rxrpc_local record
it points as the peer is used as a base to access information in the
rxrpc_local record.

This can cause problems in __rxrpc_put_peer(), where we need the network
namespace pointer, and in rxrpc_send_keepalive(), where we need to access
the UDP socket, leading to symptoms like:

    BUG: KASAN: use-after-free in __rxrpc_put_peer net/rxrpc/peer_object.c:411
    [inline]
    BUG: KASAN: use-after-free in rxrpc_put_peer+0x685/0x6a0
    net/rxrpc/peer_object.c:435
    Read of size 8 at addr ffff888097ec0058 by task syz-executor823/24216

Fix this by taking a ref on the local record for the peer record.

Fixes: ace45bec6d ("rxrpc: Fix firewall route keepalive")
Fixes: 2baec2c3f8 ("rxrpc: Support network namespacing")
Reported-by: syzbot+b9be979c55f2bea8ed30@syzkaller.appspotmail.com
Signed-off-by: David Howells <dhowells@redhat.com>
2019-10-07 11:05:05 +01:00
..
af_rxrpc.c rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2] 2019-08-30 15:06:52 -07:00
ar-internal.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-09-02 11:20:17 -07:00
call_accept.c rxrpc: Fix trace-after-put looking at the put call record 2019-10-07 11:05:05 +01:00
call_event.c rxrpc: Use the tx-phase skb flag to simplify tracing 2019-08-27 10:04:18 +01:00
call_object.c rxrpc: Fix trace-after-put looking at the put call record 2019-10-07 11:05:05 +01:00
conn_client.c rxrpc: Fix trace-after-put looking at the put connection record 2019-10-07 11:05:05 +01:00
conn_event.c rxrpc: Use the tx-phase skb flag to simplify tracing 2019-08-27 10:04:18 +01:00
conn_object.c rxrpc: Fix trace-after-put looking at the put connection record 2019-10-07 11:05:05 +01:00
conn_service.c rxrpc: Fix trace-after-put looking at the put connection record 2019-10-07 11:05:05 +01:00
input.c rxrpc: Fix misplaced traceline 2019-09-05 00:24:58 +02:00
insecure.c rxrpc: Fix -Wframe-larger-than= warnings from on-stack crypto 2019-07-30 10:32:35 -07:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
key.c Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs" 2019-07-10 18:43:43 -07:00
local_event.c rxrpc: Use the tx-phase skb flag to simplify tracing 2019-08-27 10:04:18 +01:00
local_object.c rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2] 2019-08-30 15:06:52 -07:00
Makefile
misc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
net_ns.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
output.c rxrpc: Use the tx-phase skb flag to simplify tracing 2019-08-27 10:04:18 +01:00
peer_event.c rxrpc: Use the tx-phase skb flag to simplify tracing 2019-08-27 10:04:18 +01:00
peer_object.c rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record 2019-10-07 11:05:05 +01:00
proc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
protocol.h rxrpc: Improve jumbo packet counting 2019-08-27 09:48:37 +01:00
recvmsg.c rxrpc: Use the tx-phase skb flag to simplify tracing 2019-08-27 10:04:18 +01:00
rxkad.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-09-02 11:20:17 -07:00
security.c Keyrings namespacing 2019-07-08 19:36:47 -07:00
sendmsg.c rxrpc: Fix call ref leak 2019-10-07 10:58:28 +01:00
skbuff.c rxrpc: Use skb_unshare() rather than skb_cow_data() 2019-08-27 10:13:46 +01:00
sysctl.c proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
utils.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00