linux-sg2042/net/smc
Cong Wang 26d92e951f smc: move unhash as early as possible in smc_release()
In smc_release() we release smc->clcsock before unhash the smc
sock, but a parallel smc_diag_dump() may be still reading
smc->clcsock, therefore this could cause a use-after-free as
reported by syzbot.

Reported-and-tested-by: syzbot+fbd1e5476e4c94c7b34e@syzkaller.appspotmail.com
Fixes: 51f1de79ad ("net/smc: replace sock_put worker by socket refcounting")
Cc: Ursula Braun <ubraun@linux.ibm.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Reported-by: syzbot+0bf2e01269f1274b4b03@syzkaller.appspotmail.com
Reported-by: syzbot+e3132895630f957306bc@syzkaller.appspotmail.com
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-01-07 14:40:27 -05:00
..
Kconfig net/smc: remove Kconfig warning 2017-07-29 11:22:58 -07:00
Makefile net/smc: add base infrastructure for SMC-D and ISM 2018-06-30 20:42:25 +09:00
af_smc.c smc: move unhash as early as possible in smc_release() 2019-01-07 14:40:27 -05:00
smc.h net/smc: fix TCP fallback socket release 2018-12-18 22:02:51 -08:00
smc_cdc.c net/smc: atomic SMCD cursor handling 2018-11-21 16:14:56 -08:00
smc_cdc.h net/smc: atomic SMCD cursor handling 2018-11-21 16:14:56 -08:00
smc_clc.c net/smc: short wait for late smc_clc_wait_msg 2018-11-23 17:20:32 -08:00
smc_clc.h net/smc: short wait for late smc_clc_wait_msg 2018-11-23 17:20:32 -08:00
smc_close.c net/smc: enable fallback for connection abort in state INIT 2018-09-18 20:11:43 -07:00
smc_close.h net/smc: replace sock_put worker by socket refcounting 2018-01-26 10:41:56 -05:00
smc_core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-11-24 17:01:43 -08:00
smc_core.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-11-24 17:01:43 -08:00
smc_diag.c net/smc: provide fallback reason code 2018-07-25 22:25:53 -07:00
smc_ib.c RDMA/smc: Replace ib_query_gid with rdma_get_gid_attr 2018-08-17 16:45:51 -06:00
smc_ib.h net/smc: use correct vlan gid of RoCE device 2018-07-25 22:25:53 -07:00
smc_ism.c net/smc: add SMC-D shutdown signal 2018-11-21 16:14:56 -08:00
smc_ism.h net/smc: add SMC-D shutdown signal 2018-11-21 16:14:56 -08:00
smc_llc.c net/smc: add infrastructure to send delete rkey messages 2018-11-23 17:20:32 -08:00
smc_llc.h net/smc: add infrastructure to send delete rkey messages 2018-11-23 17:20:32 -08:00
smc_pnet.c smc: generic netlink family should be __ro_after_init 2018-09-20 07:49:55 -07:00
smc_pnet.h net/smc: use correct vlan gid of RoCE device 2018-07-25 22:25:53 -07:00
smc_rx.c net/smc: remove local variable page in smc_rx_splice() 2018-07-23 10:57:14 -07:00
smc_rx.h smc: add support for splice() 2018-05-04 11:45:06 -04:00
smc_tx.c Merge branch 'linus/master' into rdma.git for-next 2018-08-16 14:21:29 -06:00
smc_tx.h net/smc: eliminate cursor read and write calls 2018-07-23 10:57:14 -07:00
smc_wr.c net/smc: use after free fix in smc_wr_tx_put_slot() 2018-11-21 16:14:56 -08:00
smc_wr.h net/smc: Simplify ib_post_(send|recv|srq_recv)() calls 2018-07-24 16:06:37 -06:00