UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/drivers
History
Honglin Li 26941c0f5e rue/net: avoid wrong memory access to struct net_device 
It assigns the net_device pointer of network interface to
sock->in_dev in cls_tc_rx_hook() in the receiving process.
The use of a sock->in_dev pointer can potentially lead to
wrong memory access if the memory of struct net_device is
freed after network interface is unregistered, which may
cause kernel crash.

The above use after free issue causes a crash as follows:

BUG: unable to handle page fault for address: ffffffed698999c8
CPU: 50 PID: 1290732 Comm: kubelet Kdump: loaded
Tainted: G O K 5.4.119-1-tlinux4-0009.1 #1
RIP: 0010:cls_cgroup_tx_accept+0x5e/0x120
Call Trace:
 <IRQ>
 cls_tc_tx_hook+0x10d/0x1a0
 nf_hook_slow+0x43/0xc0
 __ip_local_out+0xcb/0x130
 ? ip_forward_options+0x190/0x190
 ip_local_out+0x1c/0x40
 __ip_queue_xmit+0x162/0x3d0
 ? rx_cgroup_throttle.isra.4+0x2b0/0x2b0
 ip_queue_xmit+0x10/0x20
 __tcp_transmit_skb+0x57f/0xbe0
 __tcp_retransmit_skb+0x1b0/0x8a0
 tcp_retransmit_skb+0x19/0xd0
 tcp_retransmit_timer+0x367/0xa80
 ? kvm_clock_get_cycles+0x11/0x20
 ? ktime_get+0x34/0x90
 tcp_write_timer_handler+0x93/0x1f0
 tcp_write_timer+0x7c/0x80
 ? tcp_write_timer_handler+0x1f0/0x1f0
 call_timer_fn+0x35/0x130
 run_timer_softirq+0x1a8/0x420
 ? ktime_get+0x34/0x90
 ? clockevents_program_event+0x85/0xe0
 __do_softirq+0x8c/0x2d7
 ? hrtimer_interrupt+0x12a/0x210
 irq_exit+0xa3/0xb0
 smp_apic_timer_interrupt+0x77/0x130
 apic_timer_interrupt+0xf/0x20
 </IRQ>

We introduce indev_ifindex as a new struct filed to record
the ifindex of net_device, and then indev_ifindex can be
used for obtaining an index to avoid direct memory access
to struct members of in_dev pointer.

Fixes: f8829546f3b3 ("rue/net: init netcls traffic controller")
Signed-off-by: Honglin Li <honglinli@tencent.com>
Reviewed-by: Ze Gao <zegao@tencent.com>
 		2024-09-27 11:13:30 +08:00
..
accel kthread: add kthread_stop_put 2024-06-12 11:12:52 +02:00
accessibility speakup: Fix sizeof() vs ARRAY_SIZE() bug 2024-06-12 11:11:18 +02:00
acpi Merge linux 6.6.46 2024-08-24 09:37:59 +08:00
amba
android binder: fix hang of unregistered readers 2024-08-03 08:54:21 +02:00
ata Merge linux 6.6.47 2024-08-24 09:43:23 +08:00
atm
auxdisplay auxdisplay: ht16k33: Drop reference after LED registration 2024-08-03 08:54:39 +02:00
base Merge linux 6.6.46 2024-08-24 09:37:59 +08:00
bcma
block null_blk: Fix return value of nullb_device_power_store() 2024-08-23 11:24:47 +00:00
bluetooth Bluetooth: btnxpuart: Shutdown timer and prevent rearming when driver unloading 2024-08-14 13:58:44 +02:00
bus bus: mhi: host: Add MHI_PM_SYS_ERR_FAIL state 2024-04-13 13:07:38 +02:00
cache
cdrom cdrom: rearrange last_media_change check to avoid unintentional overflow 2024-07-11 12:49:10 +02:00
cdx
char zhaoxin_rng: Remove redundant pr_err log after matching cpu_ids 2024-09-02 17:11:48 +08:00
clk clk: davinci: da8xx-cfgchip: Initialize clk_init_data before use 2024-08-03 08:54:23 +02:00
clocksource clocksource/drivers/sh_cmt: Address race condition for clock events 2024-08-14 13:58:41 +02:00
comedi comedi: vmk80xx: fix incomplete endpoint checking 2024-04-27 17:11:39 +02:00
connector
counter counter: ti-eqep: enable clock at probe 2024-07-05 09:33:56 +02:00
cpufreq Merge linux 6.6.45 2024-08-23 19:54:49 +08:00
cpuidle cpuidle: Avoid potential overflow in integer multiplication 2024-04-13 13:07:29 +02:00
crypto Merge linux 6.6.44 2024-08-05 17:22:57 +08:00
cxl cxl/region: check interleave capability 2024-07-05 09:34:07 +02:00
dax
dca
devfreq
dio
dma Merge linux 6.6.45 2024-08-23 19:54:49 +08:00
dma-buf dma-buf: handle testing kthreads creation failure 2024-06-21 14:38:40 +02:00
edac Merge linux 6.6.44 2024-08-05 17:22:57 +08:00
eisa
extcon extcon: max8997: select IRQ_DOMAIN instead of depending on it 2024-06-12 11:12:27 +02:00
firewire firewire: ohci: fulfill timestamp for some local asynchronous transaction 2024-05-17 12:02:30 +02:00
firmware Merge linux 6.6.45 2024-08-23 19:54:49 +08:00
fpga fpga: region: add owner module and take its refcount 2024-06-12 11:12:23 +02:00
fsi
gnss
gpio Merge linux 6.6.46 2024-08-24 09:37:59 +08:00
gpu Merge linux 6.6.46 2024-08-24 09:37:59 +08:00
greybus greybus: Fix use-after-free bug in gb_interface_release due to race condition. 2024-06-21 14:38:48 +02:00
hid HID: wacom: Modify pen IDs 2024-08-11 12:47:24 +02:00
hsi
hte
hv Drivers: hv: vmbus: Don't free ring buffers that couldn't be re-encrypted 2024-05-17 12:02:17 +02:00
hwmon Merge linux 6.6.46 2024-08-24 09:37:59 +08:00
hwspinlock
hwtracing coresight: Fix ref leak when of_coresight_parse_endpoint() fails 2024-08-03 08:53:57 +02:00
i2c Merge OKC next branch to TK5 master branch 2024-08-27 19:48:02 +08:00
i3c i3c: master: svc: fix invalidate IBI type and miss call client IBI handler 2024-06-16 13:47:46 +02:00
idle
iio iio: frequency: adrf6780: rm clk provider include 2024-08-03 08:53:56 +02:00
infiniband RDMA/iwcm: Fix a use-after-free related to destroying CM IDs 2024-08-03 08:54:30 +02:00
input Revert "Input: bcm5974 - check endpoint type before starting traffic" 2024-08-19 06:04:31 +02:00
interconnect interconnect: qcom: qcm2290: Fix mas_snoc_bimc RPM master ID 2024-08-03 08:53:58 +02:00
iommu Merge OCK next branch to TK5 master branch 2024-08-23 19:52:09 +08:00
ipack
irqchip Merge linux 6.6.46 2024-08-24 09:37:59 +08:00
isdn mISDN: fix MISDN_TIME_STAMP handling 2024-08-19 06:04:28 +02:00
leds leds: triggers: Flush pending brightness before activating trigger 2024-08-11 12:47:14 +02:00
macintosh macintosh/therm_windtunnel: fix module unload. 2024-08-03 08:54:02 +02:00
mailbox
mcb
md Merge linux 6.6.46 2024-08-24 09:37:59 +08:00
media media: Revert "media: dvb-usb: Fix unexpected infinite loop in dvb_usb_read_remote_control()" 2024-08-19 06:04:31 +02:00
memory memory: fsl_ifc: Make FSL_IFC config visible and selectable 2024-08-03 08:53:27 +02:00
memstick
message
mfd mfd: omap-usb-tll: Use struct_size to allocate tll 2024-08-03 08:53:54 +02:00
misc mei: demote client disconnect warning on suspend to debug 2024-07-25 09:50:45 +02:00
mmc mmc: sdhci: Do not lock spinlock around mmc_gpio_get_ro() 2024-07-05 09:33:55 +02:00
most
mtd ubi: eba: properly rollback inside self_check_eba 2024-08-03 08:54:23 +02:00
mux
net rue/net: avoid wrong memory access to struct net_device 2024-09-27 11:13:30 +08:00
nfc nfc/nci: Add the inconsistency check between the input data length and count 2024-07-11 12:49:21 +02:00
ntb NTB: fix possible name leak in ntb_register_device() 2024-03-26 18:19:48 -04:00
nubus
nvdimm
nvme Merge linux 6.6.47 2024-08-24 09:43:23 +08:00
nvmem nvmem: rockchip-otp: set add_legacy_fixed_of_cells config option 2024-08-03 08:54:01 +02:00
of of/irq: Disable "interrupt-map" parsing for PASEMI Nemo 2024-07-25 09:50:57 +02:00
opp OPP: ti: Fix ti_opp_supply_probe wrong return values 2024-08-03 08:53:27 +02:00
parisc
parport dev/parport: fix the array out-of-bounds risk 2024-08-03 08:54:22 +02:00
pci Merge linux 6.6.45 2024-08-23 19:54:49 +08:00
pcmcia
peci
perf Merge linux 6.6.45 2024-08-23 19:54:49 +08:00
phy phy: zynqmp: Enable reference clock correctly 2024-08-03 08:54:35 +02:00
pinctrl Merge linux 6.6.44 2024-08-05 17:22:57 +08:00
platform Merge linux 6.6.46 2024-08-24 09:37:59 +08:00
pmdomain pmdomain: qcom: rpmhpd: Skip retention level for Power Domains 2024-07-18 13:21:22 +02:00
pnp
power power: supply: axp288_charger: Round constant_charge_voltage writes down 2024-08-14 13:58:58 +02:00
powercap powercap: intel_rapl_tpmi: Enable PMU support 2024-06-03 16:11:38 +08:00
pps
ps3
ptp Merge linux 6.6.36 2024-07-01 14:52:20 +08:00
pwm pwm: atmel-tcb: Fix race condition and convert to guards 2024-08-03 08:53:23 +02:00
rapidio
ras
regulator regulator: bd71815: fix ramp values 2024-06-27 13:49:09 +02:00
remoteproc remoteproc: imx_rproc: Fix refcount mistake in imx_rproc_addr_init 2024-08-03 08:54:31 +02:00
reset
rpmsg
rtc Merge linux 6.6.44 2024-08-05 17:22:57 +08:00
s390 s390/sclp: Prevent release of buffer in I/O 2024-08-14 13:58:47 +02:00
sbus
scsi Merge linux 6.6.46 2024-08-24 09:37:59 +08:00
sh
siox
slimbus slimbus: qcom-ngd-ctrl: Add timeout for wait operation 2024-05-17 12:02:33 +02:00
soc drivers: soc: xilinx: check return status of get_api_version() 2024-08-03 08:54:18 +02:00
soundwire soundwire: cadence: fix invalid PDI offset 2024-06-12 11:12:15 +02:00
spi spi: spi-fsl-lpspi: Fix scldiv calculation 2024-08-14 13:58:52 +02:00
spmi spmi: hisi-spmi-controller: Do not override device identifier 2024-06-21 14:38:40 +02:00
ssb ssb: Fix potential NULL pointer dereference in ssb_device_uevent() 2024-06-27 13:49:01 +02:00
staging greybus: arche-ctrl: move device table to its right location 2024-06-12 11:12:17 +02:00
target scsi: target: Fix SELinux error when systemd-modules loads the target module 2024-05-17 12:02:15 +02:00
tc
tee tee: optee: ffa: Fix missing-field-initializers warning 2024-07-25 09:50:53 +02:00
thermal Merge linux 6.6.45 2024-08-23 19:54:49 +08:00
thirdparty drivers,thirdparty: add backup url for mlnx driver 2024-08-29 12:43:18 +08:00
thunderbolt thunderbolt: debugfs: Fix margin debugfs node creation condition 2024-06-21 14:38:25 +02:00
tty Merge linux 6.6.46 2024-08-24 09:37:59 +08:00
ufs scsi: ufs: core: Fix hba->last_dme_cmd_tstamp timestamp updating logic 2024-08-14 13:58:55 +02:00
uio uio_hv_generic: Don't free decrypted memory 2024-05-17 12:02:17 +02:00
usb Merge linux 6.6.46 2024-08-24 09:37:59 +08:00
vdpa vduse: Temporarily fail if control queue feature requested 2024-07-05 09:33:50 +02:00
vfio Revert "vfio/type1: Unpin zero pages" 2024-07-25 02:24:54 +00:00
vhost vhost-vdpa: switch to use vmf_insert_pfn() in the fault handler 2024-08-14 13:58:55 +02:00
video Merge linux 6.6.45 2024-08-23 19:54:49 +08:00
virt Merge Linux 6.6.33 2024-06-12 21:04:13 +08:00
virtio virtio: delete vq in vp_find_vqs_msix() when request_irq() fails 2024-06-12 11:12:49 +02:00
vlynq
w1 nvmem: add explicit config option to read old syntax fixed OF cells 2024-05-17 12:01:55 +02:00
watchdog watchdog: rzg2l_wdt: Check return status of pm_runtime_put() 2024-08-03 08:54:35 +02:00
xen xen: privcmd: Switch from mutex to spinlock for irqfds 2024-08-14 13:58:42 +02:00
zorro
Kconfig drivers/thirdparty: add copy-drivers.sh to using thirdparty drivers 2024-07-19 20:12:06 +08:00
Makefile drivers/thirdparty: clean the dir for using sub git repo 2024-07-18 17:08:04 +08:00