linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-03 07:38:10 +00:00

History

David Howells 6d47174198 rxrpc: Fix local refcounting [ Upstream commit `68553f1a6f` ] Fix rxrpc_unuse_local() to handle a NULL local pointer as it can be called on an unbound socket on which rx->local is not yet set. The following reproduced (includes omitted): int main(void) { socket(AF_RXRPC, SOCK_DGRAM, AF_INET); return 0; } causes the following oops to occur: BUG: kernel NULL pointer dereference, address: 0000000000000010 ... RIP: 0010:rxrpc_unuse_local+0x8/0x1b ... Call Trace: rxrpc_release+0x2b5/0x338 __sock_release+0x37/0xa1 sock_close+0x14/0x17 __fput+0x115/0x1e9 task_work_run+0x72/0x98 do_exit+0x51b/0xa7a ? __context_tracking_exit+0x4e/0x10e do_group_exit+0xab/0xab __x64_sys_exit_group+0x14/0x17 do_syscall_64+0x89/0x1d4 entry_SYSCALL_64_after_hwframe+0x49/0xbe Reported-by: syzbot+20dee719a2e090427b5f@syzkaller.appspotmail.com Fixes: `730c5fd42c` ("rxrpc: Fix local endpoint refcounting") Signed-off-by: David Howells <dhowells@redhat.com> cc: Jeffrey Altman <jaltman@auristor.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org>		2019-08-29 08:28:59 +02:00
..
af_rxrpc.c	rxrpc: Fix local endpoint refcounting	2019-08-29 08:28:59 +02:00
ar-internal.h	rxrpc: Fix local endpoint refcounting	2019-08-29 08:28:59 +02:00
call_accept.c	rxrpc: Fix an uninitialised variable	2018-10-15 22:07:36 -07:00
call_event.c	rxrpc: Fix lockup due to no error backoff after ack transmit error	2018-11-23 08:17:07 +01:00
call_object.c	rxrpc: Fix net namespace cleanup	2019-05-05 14:42:38 +02:00
conn_client.c	rxrpc: Fix client call connect/disconnect race	2019-04-20 09:16:05 +02:00
conn_event.c	rxrpc: Fix connection-level abort handling	2018-10-08 22:42:04 +01:00
conn_object.c	rxrpc: Fix error distribution	2018-09-28 10:33:17 +01:00
conn_service.c	rxrpc: Fix apparent leak of rxrpc_local objects	2018-03-30 21:05:33 +01:00
input.c	rxrpc: Fix local endpoint refcounting	2019-08-29 08:28:59 +02:00
insecure.c	rxrpc: Trace protocol errors in received packets	2017-04-06 11:09:39 +01:00
Kconfig
key.c	rxrpc: Use correct timestamp from Kerberos 5 ticket	2017-08-29 10:55:06 +01:00
local_event.c	rxrpc: Trace packet transmission	2018-08-01 13:28:23 +01:00
local_object.c	rxrpc: Fix local refcounting	2019-08-29 08:28:59 +02:00
Makefile	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
misc.c	rxrpc: Fix call timeouts	2017-11-24 10:18:41 +00:00
net_ns.c	rxrpc: Fix the keepalive generator [ver #2 ]	2018-08-08 19:10:26 -07:00
output.c	rxrpc: Fix lockup due to no error backoff after ack transmit error	2018-11-23 08:17:07 +01:00
peer_event.c	rxrpc: Fix potential deadlock	2019-08-29 08:28:35 +02:00
peer_object.c	rxrpc: Fix potential deadlock	2019-08-29 08:28:35 +02:00
proc.c	rxrpc: Remove set but not used variable 'nowj'	2018-08-02 10:18:20 -07:00
protocol.h	rxrpc: Improve up-front incoming packet checking	2018-09-28 10:32:31 +01:00
recvmsg.c	rxrpc: bad unlock balance in rxrpc_recvmsg	2019-02-12 19:47:22 +01:00
rxkad.c	Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net	2018-08-09 11:52:36 -07:00
security.c	rxrpc: remove unused static variables	2018-03-30 21:04:44 +01:00
sendmsg.c	rxrpc: Fix the lack of notification when sendmsg() fails on a DATA packet	2019-08-29 08:28:35 +02:00
skbuff.c	net: convert sk_buff.users from atomic_t to refcount_t	2017-07-01 07:39:07 -07:00
sysctl.c	rxrpc: remove redundant static int 'zero'	2018-08-11 11:25:18 -07:00
utils.c	rxrpc: Fix IPv6 support	2017-08-29 10:55:20 +01:00