mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-22 02:20:40 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/rxrpc
History
David Howells 91fcfbe885 rxrpc: Fix call crypto state cleanup 
Fix the cleanup of the crypto state on a call after the call has been
disconnected.  As the call has been disconnected, its connection ref has
been discarded and so we can't go through that to get to the security ops
table.

Fix this by caching the security ops pointer in the rxrpc_call struct and
using that when freeing the call security state.  Also use this in other
places we're dealing with call-specific security.

The symptoms look like:

    BUG: KASAN: use-after-free in rxrpc_release_call+0xb2d/0xb60
    net/rxrpc/call_object.c:481
    Read of size 8 at addr ffff888062ffeb50 by task syz-executor.5/4764

Fixes: 1db88c5343 ("rxrpc: Fix -Wframe-larger-than= warnings from on-stack crypto")
Reported-by: syzbot+eed305768ece6682bb7f@syzkaller.appspotmail.com
Signed-off-by: David Howells <dhowells@redhat.com>
2019-10-07 11:05:05 +01:00
..
af_rxrpc.c rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2] 2019-08-30 15:06:52 -07:00
ar-internal.h rxrpc: Fix call crypto state cleanup 2019-10-07 11:05:05 +01:00
call_accept.c rxrpc: Fix call crypto state cleanup 2019-10-07 11:05:05 +01:00
call_event.c rxrpc: Use the tx-phase skb flag to simplify tracing 2019-08-27 10:04:18 +01:00
call_object.c rxrpc: Fix call crypto state cleanup 2019-10-07 11:05:05 +01:00
conn_client.c rxrpc: Fix call crypto state cleanup 2019-10-07 11:05:05 +01:00
conn_event.c rxrpc: Use the tx-phase skb flag to simplify tracing 2019-08-27 10:04:18 +01:00
conn_object.c rxrpc: Fix trace-after-put looking at the put connection record 2019-10-07 11:05:05 +01:00
conn_service.c rxrpc: Fix trace-after-put looking at the put connection record 2019-10-07 11:05:05 +01:00
input.c rxrpc: Fix misplaced traceline 2019-09-05 00:24:58 +02:00
insecure.c rxrpc: Fix -Wframe-larger-than= warnings from on-stack crypto 2019-07-30 10:32:35 -07:00
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
key.c Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs" 2019-07-10 18:43:43 -07:00
local_event.c rxrpc: Use the tx-phase skb flag to simplify tracing 2019-08-27 10:04:18 +01:00
local_object.c rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2] 2019-08-30 15:06:52 -07:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
misc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
net_ns.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00
output.c rxrpc: Use the tx-phase skb flag to simplify tracing 2019-08-27 10:04:18 +01:00
peer_event.c rxrpc: Use the tx-phase skb flag to simplify tracing 2019-08-27 10:04:18 +01:00
peer_object.c rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record 2019-10-07 11:05:05 +01:00
proc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152 2019-05-30 11:26:32 -07:00
protocol.h rxrpc: Improve jumbo packet counting 2019-08-27 09:48:37 +01:00
recvmsg.c rxrpc: Fix call crypto state cleanup 2019-10-07 11:05:05 +01:00
rxkad.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-09-02 11:20:17 -07:00
security.c Keyrings namespacing 2019-07-08 19:36:47 -07:00
sendmsg.c rxrpc: Fix call crypto state cleanup 2019-10-07 11:05:05 +01:00
skbuff.c rxrpc: Use skb_unshare() rather than skb_cow_data() 2019-08-27 10:13:46 +01:00
sysctl.c proc/sysctl: add shared variables for range check 2019-07-18 17:08:07 -07:00
utils.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36 2019-05-24 17:27:11 +02:00