mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-04 16:15:11 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/core
History
Thadeu Lima de Souza Cascardo a26ff37e62 net: fix out-of-bounds access in ops_init 
net_alloc_generic is called by net_alloc, which is called without any
locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It
is read twice, first to allocate an array, then to set s.len, which is
later used to limit the bounds of the array access.

It is possible that the array is allocated and another thread is
registering a new pernet ops, increments max_gen_ptrs, which is then used
to set s.len with a larger than allocated length for the variable array.

Fix it by reading max_gen_ptrs only once in net_alloc_generic. If
max_gen_ptrs is later incremented, it will be caught in net_assign_generic.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Fixes: 073862ba5d ("netns: fix net_alloc_generic()")
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240502132006.3430840-1-cascardo@igalia.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2024-05-06 13:38:14 +02:00
..
bpf_sk_storage.c net: Namespace-ify sysctl_optmem_max 2023-12-15 11:01:27 +00:00
datagram.c net: Fix from address in memcpy_to_iter_csum() 2024-02-02 12:21:02 +00:00
dev.c net/sched: Fix mirred deadlock on device recursion 2024-04-17 18:22:52 -07:00
dev.h net: move netdev_tstamp_prequeue into net_hotdata 2024-03-07 21:12:41 -08:00
dev_addr_lists.c
dev_addr_lists_test.c
dev_ioctl.c
drop_monitor.c genetlink: Use internal flags for multicast groups 2023-12-29 08:43:59 +00:00
dst.c net: dst: Make dst_destroy() static and return void. 2024-02-06 11:45:53 +01:00
dst_cache.c
failover.c
fib_notifier.c
fib_rules.c fib: rules: remove repeated assignment in fib_nl2rule 2024-01-07 15:16:19 +00:00
filter.c xdp: use flags field to disambiguate broadcast redirect 2024-04-22 10:24:41 -07:00
flow_dissector.c
flow_offload.c
gen_estimator.c
gen_stats.c
gro.c net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb 2024-05-02 11:02:48 +02:00
gro_cells.c net: move netdev_max_backlog to net_hotdata 2024-03-07 21:12:42 -08:00
gso.c net: introduce struct net_hotdata 2024-03-07 21:12:41 -08:00
gso_test.c net: test: Fix printf format specifier in skb_segment kunit test 2024-02-27 16:27:17 -07:00
hotdata.c net: move dev_rx_weight to net_hotdata 2024-03-07 21:12:42 -08:00
hwbm.c
link_watch.c net: add netdev_set_operstate() helper 2024-02-14 11:20:13 +00:00
lwt_bpf.c
lwtunnel.c
Makefile net: introduce struct net_hotdata 2024-03-07 21:12:41 -08:00
neighbour.c
net-procfs.c net: move ptype_all into net_hotdata 2024-03-07 21:12:41 -08:00
net-sysfs.c net: dqs: add NIC stall detector based on BQL 2024-03-08 10:23:26 +00:00
net-sysfs.h
net-traces.c
net_namespace.c net: fix out-of-bounds access in ops_init 2024-05-06 13:38:14 +02:00
netclassid_cgroup.c
netdev-genl-gen.c netdev: add per-queue statistics 2024-03-07 21:13:25 -08:00
netdev-genl-gen.h netdev: add per-queue statistics 2024-03-07 21:13:25 -08:00
netdev-genl.c netdev: add queue stat for alloc failures 2024-03-07 21:13:26 -08:00
netevent.c
netpoll.c
netprio_cgroup.c
of_net.c
page_pool.c net: page_pool: factor out page_pool recycle check 2024-03-11 13:01:15 -07:00
page_pool_priv.h
page_pool_user.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-03-07 10:29:36 -08:00
pktgen.c net: pktgen: Use wait_event_freezable_timeout() for freezable kthread 2023-12-27 14:34:52 +00:00
ptp_classifier.c
request_sock.c tcp: make sure init the accept_queue's spinlocks once 2024-01-19 21:13:25 -08:00
rtnetlink.c rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation 2024-05-03 15:57:50 -07:00
scm.c af_unix: Try to run GC async. 2024-01-26 20:34:25 -08:00
secure_seq.c
selftests.c
skbuff.c net: core: reject skb_copy(_expand) for fraglist GSO skbs 2024-05-01 11:44:10 +01:00
skmsg.c bpf, skmsg: Fix NULL pointer dereference in sk_psock_skb_ingress_enqueue 2024-04-08 09:18:22 +02:00
sock.c net: mark racy access on sk->sk_rcvbuf 2024-03-25 14:46:59 +00:00
sock_destructor.h
sock_diag.c sock_diag: remove sock_diag_mutex 2024-01-23 15:13:55 +01:00
sock_map.c bpf, sockmap: Prevent lock inversion deadlock in map delete elem 2024-04-02 16:31:05 +02:00
sock_reuseport.c
stream.c
sysctl_net_core.c net: move rps_sock_flow_table to net_hotdata 2024-03-07 21:12:43 -08:00
timestamping.c
tso.c
utils.c
xdp.c net: move skbuff_cache(s) to net_hotdata 2024-03-07 21:12:42 -08:00