hamza.kesraoui/sst-linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
sst-linux/net
History
Stefano Garzarella b52e50dd4f vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] 
commit 91751e248256efc111e52e15115840c35d85abaf upstream.

Recent reports have shown how we sometimes call vsock_*_has_data()
when a vsock socket has been de-assigned from a transport (see attached
links), but we shouldn't.

Previous commits should have solved the real problems, but we may have
more in the future, so to avoid null-ptr-deref, we can return 0
(no space, no data available) but with a warning.

This way the code should continue to run in a nearly consistent state
and have a warning that allows us to debug future problems.

Fixes: c0cfa2d8a788 ("vsock: add multi-transports support")
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/netdev/Z2K%2FI4nlHdfMRTZC@v4bel-B760M-AORUS-ELITE-AX/
Link: https://lore.kernel.org/netdev/5ca20d4c-1017-49c2-9516-f6f75fd331e9@rbox.co/
Link: https://lore.kernel.org/netdev/677f84a8.050a0220.25a300.01b3.GAE@google.com/
Co-developed-by: Hyunwoo Kim <v4bel@theori.io>
Signed-off-by: Hyunwoo Kim <v4bel@theori.io>
Co-developed-by: Wongi Lee <qwerty@theori.io>
Signed-off-by: Wongi Lee <qwerty@theori.io>
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Luigi Leonardi <leonardi@redhat.com>
Reviewed-by: Hyunwoo Kim <v4bel@theori.io>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-01-23 17:17:14 +01:00
..
6lowpan
9p
9p/xen: fix release of IRQ
2024-12-14 19:54:08 +01:00
802
net: 802: LLC+SNAP OID:PID lookup on start of skb data
2025-01-17 13:34:38 +01:00
8021q
vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING
2024-01-31 16:17:04 -08:00
appletalk
appletalk: Fix Use-After-Free in atalk_ioctl
2023-12-20 17:00:19 +01:00
atm
atm: Fix Use-After-Free in do_vcc_ioctl
2023-12-20 17:00:17 +01:00
ax25
ax25: Replace kfree() in ax25_dev_free() with ax25_dev_put()
2024-06-21 14:35:32 +02:00
batman-adv
batman-adv: Do not let TT changes list grows indefinitely
2024-12-19 18:08:52 +01:00
bluetooth
Bluetooth: hci_sync: Fix not setting Random Address when required
2025-01-17 13:34:39 +01:00
bpf
bpf: Set run context for rawtp test_run callback
2024-06-21 14:35:33 +02:00
bpfilter
bridge
netfilter: br_netfilter: fix panic with metadata_dst skb
2024-10-17 15:22:19 +02:00
caif
net: caif: Fix use-after-free in cfusbl_device_notify()
2023-03-17 08:50:24 +01:00
can
net: af_can: do not leave a dangling sk pointer in can_create()
2024-12-14 19:54:41 +01:00
ceph
libceph: fix race between delayed_work() and ceph_monc_stop()
2024-07-18 13:18:41 +02:00
core
net: add exit_batch_rtnl() method
2025-01-23 17:17:09 +01:00
dcb
net: dcb: choose correct policy to parse DCB_ATTR_BCN
2023-08-11 12:08:17 +02:00
dccp
dccp: Fix memory leak in dccp_feat_change_recv
2024-12-14 19:54:22 +01:00
devlink
devlink: bump the instance index directly when iterating
2024-10-22 15:56:43 +02:00
dns_resolver
keys, dns: Fix size check of V1 server-list header
2024-01-25 15:27:38 -08:00
dsa
net: mscc: ocelot: use ocelot_xmit_get_vlan_info() also for FDMA and register injection
2024-08-29 17:30:43 +02:00
ethernet
ethernet: Add helper for assigning packet type when dest address does not match device address
2024-05-02 16:29:29 +02:00
ethtool
ethtool: Fix wrong mod state in case of verbose and no_mask bitset
2024-12-14 19:54:23 +01:00
hsr
net: hsr: avoid potential out-of-bound access in fill_frame_info()
2024-12-14 19:54:21 +01:00
ieee802154
net: ieee802154: do not leave a dangling sk pointer in ieee802154_create()
2024-12-14 19:54:41 +01:00
ife
net: sched: ife: fix potential use-after-free
2024-01-01 12:38:56 +00:00
ipv4
tcp: Annotate data-race around sk->sk_mark in tcp_v4_send_reset
2025-01-17 13:34:39 +01:00
ipv6
ila: serialize calls to nf_register_net_hooks()
2025-01-09 13:30:03 +01:00
iucv
s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct()
2024-12-14 19:53:50 +01:00
kcm
kcm: Serialise kcm_sendmsg() for the same socket.
2024-08-29 17:30:44 +02:00
key
net: af_key: fix sadb_x_filter validation
2023-08-23 17:52:32 +02:00
l2tp
genetlink: hold RCU in genlmsg_mcast()
2024-11-01 01:56:00 +01:00
l3mdev
lapb
llc
net: llc: reset skb->transport_header
2025-01-09 13:30:01 +01:00
mac80211
wifi: mac80211: wake the queues in case of failure in resume
2025-01-09 13:30:03 +01:00
mac802154
mac802154: check local interfaces before deleting sdata list
2025-01-23 17:17:11 +01:00
mctp
net: mctp: handle skb cleanup on sock_queue failures
2025-01-09 13:29:57 +01:00
mpls
net: mpls: error out if inner headers are not set
2024-04-13 13:05:27 +02:00
mptcp
mptcp: be sure to send ack when mptcp-level window re-opens
2025-01-23 17:17:13 +01:00
ncsi
net/ncsi: Fix the multi thread manner of NCSI driver
2024-06-21 14:35:33 +02:00
netfilter
netfilter: conntrack: clamp maximum hashtable size to INT_MAX
2025-01-17 13:34:39 +01:00
netlabel
calipso: fix memory leak in netlbl_calipso_add_pass()
2024-01-25 15:27:20 -08:00
netlink
sock_diag: add module pointer to "struct sock_diag_handler"
2024-12-14 19:53:32 +01:00
netrom
netrom: check buffer length before accessing it
2025-01-09 13:30:01 +01:00
nfc
nfc: llcp: fix nfc_llcp_setsockopt() unsafe copies
2024-11-22 15:37:33 +01:00
nsh
nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
2024-05-17 11:55:59 +02:00
openvswitch
openvswitch: fix lockup on tx to unregistering netdev with carrier
2025-01-23 17:17:09 +01:00
packet
af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK
2025-01-09 13:30:02 +01:00
phonet
phonet: fix rtm_phonet_notify() skb allocation
2024-05-17 11:56:12 +02:00
psample
psample: Require 'CAP_NET_ADMIN' when joining "packets" group
2023-12-13 18:39:11 +01:00
qrtr
net: qrtr: Update packets cloning when broadcasting
2024-10-17 15:21:13 +02:00
rds
net:rds: Fix possible deadlock in rds_message_put
2024-08-29 17:30:20 +02:00
rfkill
net: rfkill: gpio: Add check for clk_enable()
2024-12-14 19:53:33 +01:00
rose
net/rose: fix races in rose_kill_by_device()
2024-01-01 12:38:57 +00:00
rxrpc
rxrpc: Improve setsockopt() handling of malformed user input
2024-12-14 19:53:52 +01:00
sched
sched: sch_cake: add bounds checks to host bulk flow fairness counts
2025-01-17 13:34:40 +01:00
sctp
sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy
2025-01-17 13:34:42 +01:00
smc
net/smc: check return value of sock_recvmsg when draining clc data
2024-12-27 13:52:54 +01:00
strparser
sunrpc
sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport
2024-12-14 19:54:09 +01:00
switchdev
net: bridge: switchdev: Skip MDB replays of deferred events on offload
2024-03-01 13:26:35 +01:00
tipc
tipc: fix NULL deref in cleanup_bearer()
2024-12-19 18:08:52 +01:00
tls
tls: Fix tls_sw_sendmsg error handling
2025-01-17 13:34:39 +01:00
unix
sock_diag: add module pointer to "struct sock_diag_handler"
2024-12-14 19:53:32 +01:00
vmw_vsock
vsock: prevent null-ptr-deref in vsock_*[has_data|has_space]
2025-01-23 17:17:14 +01:00
wireless
wifi: nl80211: fix NL80211_ATTR_MLO_LINK_ID off-by-one
2024-12-19 18:08:51 +01:00
x25
net/x25: fix incorrect parameter validation in the x25_getsockopt() function
2024-03-26 18:20:42 -04:00
xdp
xsk: fix OOB map writes when deleting elements
2024-12-14 19:54:36 +01:00
xfrm
xfrm: validate new SA's prefixlen using SA family when sel.family is unset
2024-11-01 01:56:07 +01:00
compat.c
use less confusing names for iov_iter direction initializers
2023-02-09 11:28:04 +01:00
devres.c
Kconfig
Kconfig.debug
Makefile
devlink: move code to a dedicated directory
2023-08-30 16:11:00 +02:00
socket.c
net: explicitly clear the sk pointer, when pf->create fails
2024-10-17 15:22:27 +02:00
sysctl_net.c
sysctl: treewide: drop unused argument ctl_table_root::set_ownership(table)
2024-08-11 12:35:51 +02:00