forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/include/net/sctp
History
Xin Long 5148726f2c sctp: kfree_rcu asoc 
[ Upstream commit fb6df5a623 ]

In sctp_hash_transport/sctp_epaddr_lookup_transport, it dereferences
a transport's asoc under rcu_read_lock while asoc is freed not after
a grace period, which leads to a use-after-free panic.

This patch fixes it by calling kfree_rcu to make asoc be freed after
a grace period.

Note that only the asoc's memory is delayed to free in the patch, it
won't cause sk to linger longer.

Thanks Neil and Marcelo to make this clear.

Fixes: 7fda702f93 ("sctp: use new rhlist interface on sctp transport rhashtable")
Fixes: cd2b708750 ("sctp: check duplicate node before inserting a new transport")
Reported-by: syzbot+0b05d8aa7cb185107483@syzkaller.appspotmail.com
Reported-by: syzbot+aad231d51b1923158444@syzkaller.appspotmail.com
Suggested-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-12-17 09:24:28 +01:00
..
auth.h sctp: add sockopt SCTP_AUTH_DEACTIVATE_KEY 2018-03-14 13:48:27 -04:00
checksum.h sctp: force the params with right types for sctp csum apis 2017-11-28 11:00:13 -05:00
command.h sctp: add SCTP_AUTH_NO_AUTH type for AUTHENTICATION_EVENT 2018-03-14 13:48:27 -04:00
constants.h sctp: remove old and unused SCTP_MIN_PMTU 2018-04-27 14:35:22 -04:00
sctp.h Revert "sctp: remove sctp_transport_pmtu_check" 2018-11-23 08:17:04 +01:00
sm.h sctp: fix the data size calculation in sctp_data_size 2018-10-17 22:32:21 -07:00
stream_interleave.h sctp: implement handle_ftsn for sctp_stream_interleave 2017-12-15 13:52:22 -05:00
stream_sched.h sctp: remove extern from stream sched 2017-11-28 11:00:13 -05:00
structs.h sctp: kfree_rcu asoc 2018-12-17 09:24:28 +01:00
tsnmap.h sctp: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
ulpevent.h sctp: implement abort_pd for sctp_stream_interleave 2017-12-11 11:23:05 -05:00
ulpqueue.h sctp: add support for the process of unordered idata 2017-12-11 11:23:05 -05:00