hamza.kesraoui/sst-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
80fc836f3e
sst-linux/net
History
Stefano Garzarella b52e50dd4f vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] 
commit 91751e248256efc111e52e15115840c35d85abaf upstream.

Recent reports have shown how we sometimes call vsock_*_has_data()
when a vsock socket has been de-assigned from a transport (see attached
links), but we shouldn't.

Previous commits should have solved the real problems, but we may have
more in the future, so to avoid null-ptr-deref, we can return 0
(no space, no data available) but with a warning.

This way the code should continue to run in a nearly consistent state
and have a warning that allows us to debug future problems.

Fixes: c0cfa2d8a7 ("vsock: add multi-transports support")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/netdev/Z2K%2FI4nlHdfMRTZC@v4bel-B760M-AORUS-ELITE-AX/
Link: https://lore.kernel.org/netdev/5ca20d4c-1017-49c2-9516-f6f75fd331e9@rbox.co/
Link: https://lore.kernel.org/netdev/677f84a8.050a0220.25a300.01b3.GAE@google.com/
Co-developed-by: Hyunwoo Kim <v4bel@theori.io>
Signed-off-by: Hyunwoo Kim <v4bel@theori.io>
Co-developed-by: Wongi Lee <qwerty@theori.io>
Signed-off-by: Wongi Lee <qwerty@theori.io>
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Luigi Leonardi <leonardi@redhat.com>
Reviewed-by: Hyunwoo Kim <v4bel@theori.io>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-01-23 17:17:14 +01:00
..
6lowpan
9p 9p/xen: fix release of IRQ 2024-12-14 19:54:08 +01:00
802 net: 802: LLC+SNAP OID:PID lookup on start of skb data 2025-01-17 13:34:38 +01:00
8021q
appletalk
atm
ax25 ax25: Replace kfree() in ax25_dev_free() with ax25_dev_put() 2024-06-21 14:35:32 +02:00
batman-adv batman-adv: Do not let TT changes list grows indefinitely 2024-12-19 18:08:52 +01:00
bluetooth Bluetooth: hci_sync: Fix not setting Random Address when required 2025-01-17 13:34:39 +01:00
bpf bpf: Set run context for rawtp test_run callback 2024-06-21 14:35:33 +02:00
bpfilter
bridge netfilter: br_netfilter: fix panic with metadata_dst skb 2024-10-17 15:22:19 +02:00
caif
can net: af_can: do not leave a dangling sk pointer in can_create() 2024-12-14 19:54:41 +01:00
ceph libceph: fix race between delayed_work() and ceph_monc_stop() 2024-07-18 13:18:41 +02:00
core net: add exit_batch_rtnl() method 2025-01-23 17:17:09 +01:00
dcb
dccp dccp: Fix memory leak in dccp_feat_change_recv 2024-12-14 19:54:22 +01:00
devlink devlink: bump the instance index directly when iterating 2024-10-22 15:56:43 +02:00
dns_resolver
dsa net: mscc: ocelot: use ocelot_xmit_get_vlan_info() also for FDMA and register injection 2024-08-29 17:30:43 +02:00
ethernet ethernet: Add helper for assigning packet type when dest address does not match device address 2024-05-02 16:29:29 +02:00
ethtool ethtool: Fix wrong mod state in case of verbose and no_mask bitset 2024-12-14 19:54:23 +01:00
hsr net: hsr: avoid potential out-of-bound access in fill_frame_info() 2024-12-14 19:54:21 +01:00
ieee802154 net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() 2024-12-14 19:54:41 +01:00
ife
ipv4 tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset 2025-01-17 13:34:39 +01:00
ipv6 ila: serialize calls to nf_register_net_hooks() 2025-01-09 13:30:03 +01:00
iucv s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() 2024-12-14 19:53:50 +01:00
kcm kcm: Serialise kcm_sendmsg() for the same socket. 2024-08-29 17:30:44 +02:00
key
l2tp genetlink: hold RCU in genlmsg_mcast() 2024-11-01 01:56:00 +01:00
l3mdev
lapb
llc net: llc: reset skb->transport_header 2025-01-09 13:30:01 +01:00
mac80211 wifi: mac80211: wake the queues in case of failure in resume 2025-01-09 13:30:03 +01:00
mac802154 mac802154: check local interfaces before deleting sdata list 2025-01-23 17:17:11 +01:00
mctp net: mctp: handle skb cleanup on sock_queue failures 2025-01-09 13:29:57 +01:00
mpls net: mpls: error out if inner headers are not set 2024-04-13 13:05:27 +02:00
mptcp mptcp: be sure to send ack when mptcp-level window re-opens 2025-01-23 17:17:13 +01:00
ncsi net/ncsi: Fix the multi thread manner of NCSI driver 2024-06-21 14:35:33 +02:00
netfilter netfilter: conntrack: clamp maximum hashtable size to INT_MAX 2025-01-17 13:34:39 +01:00
netlabel
netlink sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-14 19:53:32 +01:00
netrom netrom: check buffer length before accessing it 2025-01-09 13:30:01 +01:00
nfc nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies 2024-11-22 15:37:33 +01:00
nsh nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). 2024-05-17 11:55:59 +02:00
openvswitch openvswitch: fix lockup on tx to unregistering netdev with carrier 2025-01-23 17:17:09 +01:00
packet af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK 2025-01-09 13:30:02 +01:00
phonet phonet: fix rtm_phonet_notify() skb allocation 2024-05-17 11:56:12 +02:00
psample
qrtr net: qrtr: Update packets cloning when broadcasting 2024-10-17 15:21:13 +02:00
rds net:rds: Fix possible deadlock in rds_message_put 2024-08-29 17:30:20 +02:00
rfkill net: rfkill: gpio: Add check for clk_enable() 2024-12-14 19:53:33 +01:00
rose
rxrpc rxrpc: Improve setsockopt() handling of malformed user input 2024-12-14 19:53:52 +01:00
sched sched: sch_cake: add bounds checks to host bulk flow fairness counts 2025-01-17 13:34:40 +01:00
sctp sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy 2025-01-17 13:34:42 +01:00
smc net/smc: check return value of sock_recvmsg when draining clc data 2024-12-27 13:52:54 +01:00
strparser
sunrpc sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport 2024-12-14 19:54:09 +01:00
switchdev net: bridge: switchdev: Skip MDB replays of deferred events on offload 2024-03-01 13:26:35 +01:00
tipc tipc: fix NULL deref in cleanup_bearer() 2024-12-19 18:08:52 +01:00
tls tls: Fix tls_sw_sendmsg error handling 2025-01-17 13:34:39 +01:00
unix sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-14 19:53:32 +01:00
vmw_vsock vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] 2025-01-23 17:17:14 +01:00
wireless wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one 2024-12-19 18:08:51 +01:00
x25 net/x25: fix incorrect parameter validation in the x25_getsockopt() function 2024-03-26 18:20:42 -04:00
xdp xsk: fix OOB map writes when deleting elements 2024-12-14 19:54:36 +01:00
xfrm xfrm: validate new SA's prefixlen using SA family when sel.family is unset 2024-11-01 01:56:07 +01:00
compat.c
devres.c
Kconfig Remove DECnet support from kernel 2022-08-22 14:26:30 +01:00
Kconfig.debug
Makefile
socket.c net: explicitly clear the sk pointer, when pf->create fails 2024-10-17 15:22:27 +02:00
sysctl_net.c sysctl: treewide: drop unused argument ctl_table_root::set_ownership(table) 2024-08-11 12:35:51 +02:00