OpenCloudOS-Kernel

History

Michal Luczaj f3b8e9d341 vsock: Orphan socket after transport release commit 78dafe1cf3afa02ed71084b350713b07e72a18fb upstream. During socket release, sock_orphan() is called without considering that it sets sk->sk_wq to NULL. Later, if SO_LINGER is enabled, this leads to a null pointer dereferenced in virtio_transport_wait_close(). Orphan the socket only after transport release. Partially reverts the 'Fixes:' commit. KASAN: null-ptr-deref in range [0x0000000000000018-0x000000000000001f] lock_acquire+0x19e/0x500 _raw_spin_lock_irqsave+0x47/0x70 add_wait_queue+0x46/0x230 virtio_transport_release+0x4e7/0x7f0 __vsock_release+0xfd/0x490 vsock_release+0x90/0x120 __sock_release+0xa3/0x250 sock_close+0x14/0x20 __fput+0x35e/0xa90 __x64_sys_close+0x78/0xd0 do_syscall_64+0x93/0x1b0 entry_SYSCALL_64_after_hwframe+0x76/0x7e Reported-by: syzbot+9d55b199192a4be7d02c@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=9d55b199192a4be7d02c Fixes: fcdd2242c023 ("vsock: Keep the binding until socket destruction") Tested-by: Luigi Leonardi <leonardi@redhat.com> Reviewed-by: Luigi Leonardi <leonardi@redhat.com> Signed-off-by: Michal Luczaj <mhal@rbox.co> Link: https://patch.msgid.link/20250210-vsock-linger-nullderef-v3-1-ef6244d02b54@rbox.co Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2025-02-21 13:57:27 +01:00
..
Kconfig	vsock: add vsock_loopback transport	2019-12-11 15:01:23 -08:00
Makefile	vsock: support sockmap	2023-03-29 08:19:38 +01:00
af_vsock.c	vsock: Orphan socket after transport release	2025-02-21 13:57:27 +01:00
af_vsock_tap.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
diag.c	sock_diag: add module pointer to "struct sock_diag_handler"	2024-12-09 10:32:09 +01:00
hyperv_transport.c	hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer	2024-11-14 13:19:41 +01:00
virtio_transport.c	vsock/virtio: fix packet delivery to tap device	2024-04-10 16:35:50 +02:00
virtio_transport_common.c	vsock/virtio: cancel close work in the destructor	2025-01-23 17:21:16 +01:00
vmci_transport.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2023-04-06 12:01:20 -07:00
vmci_transport.h	vsock: Remove unused function declarations	2023-07-31 14:41:08 -07:00
vmci_transport_notify.c	vmci/vsock: check SO_RCVLOWAT before wake up reader	2022-08-23 10:43:12 +02:00
vmci_transport_notify.h	vsock: remove include/linux/vm_sockets.h file	2019-11-14 18:12:17 -08:00
vmci_transport_notify_qstate.c	vmci/vsock: check SO_RCVLOWAT before wake up reader	2022-08-23 10:43:12 +02:00
vsock_addr.c	vsock_addr: Check for supported flag values	2020-12-14 19:33:39 -08:00
vsock_bpf.c	vsock/bpf: return early if transport is not assigned	2025-01-23 17:21:15 +01:00
vsock_loopback.c	virtio/vsock: send credit update during setting SO_RCVLOWAT	2024-01-25 15:35:26 -08:00