forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/net
History
Hoang Huu Le 7b50ee3dad tipc: fix NULL pointer dereference in tipc_named_rcv 
In the function node_lost_contact(), we call __skb_queue_purge() without
grabbing the list->lock. This can cause to a race-condition why processing
the list 'namedq' in calling path tipc_named_rcv()->tipc_named_dequeue().

    [] BUG: kernel NULL pointer dereference, address: 0000000000000000
    [] #PF: supervisor read access in kernel mode
    [] #PF: error_code(0x0000) - not-present page
    [] PGD 7ca63067 P4D 7ca63067 PUD 6c553067 PMD 0
    [] Oops: 0000 [#1] SMP NOPTI
    [] CPU: 1 PID: 15 Comm: ksoftirqd/1 Tainted: G  O  5.9.0-rc6+ #2
    [] Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS [...]
    [] RIP: 0010:tipc_named_rcv+0x103/0x320 [tipc]
    [] Code: 41 89 44 24 10 49 8b 16 49 8b 46 08 49 c7 06 00 00 00 [...]
    [] RSP: 0018:ffffc900000a7c58 EFLAGS: 00000282
    [] RAX: 00000000000012ec RBX: 0000000000000000 RCX: ffff88807bde1270
    [] RDX: 0000000000002c7c RSI: 0000000000002c7c RDI: ffff88807b38f1a8
    [] RBP: ffff88807b006288 R08: ffff88806a367800 R09: ffff88806a367900
    [] R10: ffff88806a367a00 R11: ffff88806a367b00 R12: ffff88807b006258
    [] R13: ffff88807b00628a R14: ffff888069334d00 R15: ffff88806a434600
    [] FS:  0000000000000000(0000) GS:ffff888079480000(0000) knlGS:0[...]
    [] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    [] CR2: 0000000000000000 CR3: 0000000077320000 CR4: 00000000000006e0
    [] Call Trace:
    []  ? tipc_bcast_rcv+0x9a/0x1a0 [tipc]
    []  tipc_rcv+0x40d/0x670 [tipc]
    []  ? _raw_spin_unlock+0xa/0x20
    []  tipc_l2_rcv_msg+0x55/0x80 [tipc]
    []  __netif_receive_skb_one_core+0x8c/0xa0
    []  process_backlog+0x98/0x140
    []  net_rx_action+0x13a/0x420
    []  __do_softirq+0xdb/0x316
    []  ? smpboot_thread_fn+0x2f/0x1e0
    []  ? smpboot_thread_fn+0x74/0x1e0
    []  ? smpboot_thread_fn+0x14e/0x1e0
    []  run_ksoftirqd+0x1a/0x40
    []  smpboot_thread_fn+0x149/0x1e0
    []  ? sort_range+0x20/0x20
    []  kthread+0x131/0x150
    []  ? kthread_unuse_mm+0xa0/0xa0
    []  ret_from_fork+0x22/0x30
    [] Modules linked in: veth tipc(O) ip6_udp_tunnel udp_tunnel [...]
    [] CR2: 0000000000000000
    [] ---[ end trace 65c276a8e2e2f310 ]---

To fix this, we need to grab the lock of the 'namedq' list on both
path calling.

Fixes: cad2929dc4 ("tipc: update a binding service via broadcast")
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Hoang Huu Le <hoang.h.le@dektech.com.au>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2020-10-09 18:29:06 -07:00
..
6lowpan treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
9p treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
802
8021q treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
appletalk appletalk: Fix atalk_proc_init() return path 2020-08-03 15:48:32 -07:00
atm treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
ax25 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-07-25 17:49:04 -07:00
batman-adv batman-adv: mcast: fix duplicate mcast packets from BLA backbone to mesh 2020-09-15 10:05:24 +02:00
bluetooth mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
bpf treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
bpfilter Merge branch 'exec-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace 2020-08-04 14:27:25 -07:00
bridge bridge: Netlink interface fix. 2020-10-08 12:05:07 -07:00
caif net: caif: fix error code handling 2020-08-25 07:50:25 -07:00
can treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
ceph libceph: use sendpage_ok() in ceph_tcp_sendpage() 2020-10-02 15:27:08 -07:00
core Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 2020-10-08 12:05:37 -07:00
dcb net: DCB: Validate DCB_ATTR_DCB_BUFFER argument 2020-09-10 15:09:08 -07:00
dccp treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
decnet treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
dns_resolver docs: networking: convert dns_resolver.txt to ReST 2020-04-28 14:39:46 -07:00
dsa net: mscc: ocelot: add locking for the port TX timestamp ID 2020-09-18 13:52:33 -07:00
ethernet net: move devres helpers into a separate source file 2020-05-23 16:56:17 -07:00
ethtool ethtool: mark netlink family as __ro_after_init 2020-09-28 18:52:50 -07:00
hsr hsr: avoid newline at end of message in NL_SET_ERR_MSG_MOD 2020-09-09 11:15:26 -07:00
ieee802154 treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
ife
ipv4 tcp: fix receive window update in tcp_add_backlog() 2020-10-06 06:11:58 -07:00
ipv6 net: ipv6: Discard next-hop MTU less than minimum link MTU 2020-10-09 16:22:59 -07:00
iucv treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
kcm net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
key Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-08-02 01:02:12 -07:00
l2tp l2tp: improve API documentation in l2tp_core.h 2020-07-30 16:45:31 -07:00
l3mdev net: Fix some comments 2020-08-27 07:55:59 -07:00
lapb treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
llc net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
mac80211 mac80211: fix 80 MHz association to 160/80+80 AP on 6 GHz 2020-09-18 14:01:24 +02:00
mac802154 Merge tag 'ieee802154-for-davem-2020-09-08' of git://git.kernel.org/pub/scm/linux/kernel/git/sschmidt/wpan 2020-09-08 20:12:58 -07:00
mpls treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
mptcp net: mptcp: make DACK4/DACK8 usage consistent among all subflows 2020-10-09 08:25:48 -07:00
ncsi treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
netfilter netfilter: nft_meta: use socket user_ns to retrieve skuid and skgid 2020-09-08 13:04:56 +02:00
netlabel netlabel: fix problems with mapping removal 2020-08-24 16:08:00 -07:00
netlink netlink: fix policy dump leak 2020-10-02 13:00:38 -07:00
netrom treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
nfc net/nfc/rawsock.c: add CAP_NET_RAW check. 2020-08-11 10:34:30 -07:00
nsh treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
openvswitch openvswitch: handle DNAT tuple collision 2020-10-08 12:20:35 -07:00
packet net/packet: fix overflow in tpacket_rcv 2020-09-04 11:56:02 -07:00
phonet treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
psample net: psample: fix build error when CONFIG_INET is not enabled 2020-05-23 16:36:05 -07:00
qrtr net: qrtr: ns: Fix the incorrect usage of rcu_read_lock() 2020-10-06 06:01:35 -07:00
rds treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
rfkill
rose treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
rxrpc rxrpc: Fix server keyring leak 2020-10-05 17:09:22 +01:00
sched net_sched: check error pointer in tcf_dump_walker() 2020-10-04 14:53:06 -07:00
sctp sctp: fix sctp_auth_init_hmacs() error path 2020-10-08 12:19:51 -07:00
smc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-09-03 18:50:48 -07:00
strparser
sunrpc SUNRPC: Fix svc_flush_dcache() 2020-09-21 10:13:25 -04:00
switchdev net: switchdev: Fixed kerneldoc warning 2020-09-23 17:46:31 -07:00
tipc tipc: fix NULL pointer dereference in tipc_named_rcv 2020-10-09 18:29:06 -07:00
tls net/tls: sendfile fails with ktls offload 2020-10-09 16:42:02 -07:00
unix treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
vmw_vsock vsock: fix potential null pointer dereference in vsock_poll() 2020-08-12 12:56:06 -07:00
wimax
wireless net: wireless: nl80211: fix out-of-bounds access in nl80211_del_key() 2020-10-08 12:37:25 +02:00
x25 treewide: Use fallthrough pseudo-keyword 2020-08-23 17:36:59 -05:00
xdp xsk: Do not discard packet when NETDEV_TX_BUSY 2020-09-16 23:36:58 +02:00
xfrm Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2020-09-28 12:25:42 -07:00
compat.c net/scm: Fix typo in SCM_RIGHTS compat refactoring 2020-08-07 12:43:25 -07:00
devres.c net: devres: rename the release callback of devm_register_netdev() 2020-06-30 15:57:34 -07:00
Kconfig net: ethtool: Remove PHYLIB direct dependency 2020-07-07 15:41:05 -07:00
Makefile net: move devres helpers into a separate source file 2020-05-23 16:56:17 -07:00
socket.c net: add WARN_ONCE in kernel_sendpage() for improper zero-copy send 2020-10-02 15:27:08 -07:00
sysctl_net.c