UbiquitousOS
/
OpenCloudOS-Kernel
mirror of https://gitee.com/OpenCloudOS/OpenCloudOS-Kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
OpenCloudOS-Kernel/net
History
David Howells 91fcfbe885 rxrpc: Fix call crypto state cleanup 
Fix the cleanup of the crypto state on a call after the call has been
disconnected.  As the call has been disconnected, its connection ref has
been discarded and so we can't go through that to get to the security ops
table.

Fix this by caching the security ops pointer in the rxrpc_call struct and
using that when freeing the call security state.  Also use this in other
places we're dealing with call-specific security.

The symptoms look like:

    BUG: KASAN: use-after-free in rxrpc_release_call+0xb2d/0xb60
    net/rxrpc/call_object.c:481
    Read of size 8 at addr ffff888062ffeb50 by task syz-executor.5/4764

Fixes: 1db88c5343 ("rxrpc: Fix -Wframe-larger-than= warnings from on-stack crypto")
Reported-by: syzbot+eed305768ece6682bb7f@syzkaller.appspotmail.com
Signed-off-by: David Howells <dhowells@redhat.com>
 		2019-10-07 11:05:05 +01:00
..
6lowpan
9p
802
8021q
appletalk
atm
ax25
batman-adv netfilter: drop bridge nf reset from nf_reset 2019-10-01 18:42:15 +02:00
bluetooth
bpf
bpfilter
bridge
caif
can
ceph
core net: make sock_prot_memory_pressure() return "const char *" 2019-10-04 14:30:23 -07:00
dcb
dccp netfilter: drop bridge nf reset from nf_reset 2019-10-01 18:42:15 +02:00
decnet
dns_resolver
dsa net: dsa: sja1105: Fix sleeping while atomic in .port_hwtstamp_set 2019-10-02 12:19:53 -04:00
ethernet
hsr
ieee802154
ife
ipv4 net: ipv4: avoid mixed n_redirects and rate_tokens usage 2019-10-04 17:27:04 -07:00
ipv6 ipv6: Handle missing host route in __ipv6_ifa_notify 2019-10-04 18:08:58 -07:00
iucv
kcm
key
l2tp netfilter: drop bridge nf reset from nf_reset 2019-10-01 18:42:15 +02:00
l3mdev
lapb
llc
mac80211 mac80211: keep BHs disabled while calling drv_tx_wake_queue() 2019-10-01 17:56:19 +02:00
mac802154
mpls
ncsi
netfilter netfilter: nft_connlimit: disable bh on garbage collection 2019-10-01 18:42:15 +02:00
netlabel
netlink
netrom
nfc nfc: fix memory leak in llcp_sock_bind() 2019-10-04 18:31:36 -07:00
nsh
openvswitch netfilter: drop bridge nf reset from nf_reset 2019-10-01 18:42:15 +02:00
packet netfilter: drop bridge nf reset from nf_reset 2019-10-01 18:42:15 +02:00
phonet
psample
qrtr
rds net/rds: Fix error handling in rds_ib_add_one() 2019-10-02 12:16:57 -04:00
rfkill
rose
rxrpc rxrpc: Fix call crypto state cleanup 2019-10-07 11:05:05 +01:00
sched sch_dsmark: fix potential NULL deref in dsmark_init() 2019-10-04 18:28:30 -07:00
sctp netfilter: drop bridge nf reset from nf_reset 2019-10-01 18:42:15 +02:00
smc
strparser
sunrpc
switchdev
tipc tipc: fix unlimited bundling of small messages 2019-10-02 11:02:05 -04:00
tls
unix
vmw_vsock vsock: Fix a lockdep warning in __vsock_release() 2019-10-01 21:23:35 -04:00
wimax
wireless nl80211: fix null pointer dereference 2019-10-01 17:56:19 +02:00
x25
xdp
xfrm netfilter: drop bridge nf reset from nf_reset 2019-10-01 18:42:15 +02:00
Kconfig
Makefile
compat.c
socket.c
sysctl_net.c