mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-15 23:25:07 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/batman-adv
History
Sven Eckelmann 948e8eba65 batman-adv: Avoid free/alloc race when handling OGM buffer 
commit 40e220b421 upstream.

Each slave interface of an B.A.T.M.A.N. IV virtual interface has an OGM
packet buffer which is initialized using data from netdevice notifier and
other rtnetlink related hooks. It is sent regularly via various slave
interfaces of the batadv virtual interface and in this process also
modified (realloced) to integrate additional state information via TVLV
containers.

It must be avoided that the worker item is executed without a common lock
with the netdevice notifier/rtnetlink helpers. Otherwise it can either
happen that half modified/freed data is sent out or functions modifying the
OGM buffer try to access already freed memory regions.

Reported-by: syzbot+0cc629f19ccb8534935b@syzkaller.appspotmail.com
Fixes: c6c8fea297 ("net: Add batman-adv meshing protocol")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-11-06 13:06:22 +01:00
..
bat_algo.c batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
bat_algo.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
bat_iv_ogm.c batman-adv: Avoid free/alloc race when handling OGM buffer 2019-11-06 13:06:22 +01:00
bat_iv_ogm.h batman-adv: Unify include guards style 2018-07-07 22:02:17 +02:00
bat_v.c batman-adv: Fix bat_v best gw refcnt after netlink dump 2018-06-23 10:29:33 +02:00
bat_v.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
bat_v_elp.c batman-adv: fix warning in function batadv_v_elp_get_throughput 2019-05-08 07:21:46 +02:00
bat_v_elp.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
bat_v_ogm.c batman-adv: Only read OGM2 tvlv_len after buffer len check 2019-09-21 07:16:59 +02:00
bat_v_ogm.h batman-adv: Unify include guards style 2018-07-07 22:02:17 +02:00
bitarray.c batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
bitarray.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
bridge_loop_avoidance.c batman-adv: Reduce claim hash refcnt only for removed entry 2019-05-08 07:21:46 +02:00
bridge_loop_avoidance.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
debugfs.c Merge ra.kernel.org:/pub/scm/linux/kernel/git/torvalds/linux 2018-07-20 21:17:12 -07:00
debugfs.h batman-adv: Fix debugfs path for renamed softif 2018-06-23 10:29:33 +02:00
distributed-arp-table.c batman-adv: allow updating DAT entry timeouts on incoming ARP Replies 2019-05-31 06:46:31 -07:00
distributed-arp-table.h batman-adv: add DAT cache netlink support 2018-03-14 10:15:08 +01:00
fragmentation.c batman-adv: Expand merged fragment buffer for full packet 2018-12-13 09:16:10 +01:00
fragmentation.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
gateway_client.c batman-adv: Prevent duplicated gateway_node entry 2018-09-06 13:55:20 +02:00
gateway_client.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
gateway_common.c batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
gateway_common.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
hard-interface.c batman-adv: Avoid free/alloc race when handling OGM buffer 2019-11-06 13:06:22 +01:00
hard-interface.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
hash.c batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
hash.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
icmp_socket.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-03-23 11:31:58 -04:00
icmp_socket.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
Kconfig batman-adv: Remove "default n" in Kconfig 2018-06-23 10:30:06 +02:00
log.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-03-23 11:31:58 -04:00
log.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
main.c batman-adv: mcast: fix multicast tt/tvlv worker locking 2019-05-31 06:46:05 -07:00
main.h batman-adv: Increase version number to 2018.3 2018-09-14 17:59:20 +02:00
Makefile batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
multicast.c batman-adv: mcast: fix multicast tt/tvlv worker locking 2019-05-31 06:46:05 -07:00
multicast.h batman-adv: add multicast flags netlink support 2018-03-14 10:15:34 +01:00
netlink.c batman-adv: fix uninit-value in batadv_netlink_get_ifindex() 2019-09-16 08:21:41 +02:00
netlink.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
network-coding.c batman-adv: Prevent duplicated nc_node entry 2018-09-06 13:55:58 +02:00
network-coding.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
originator.c batman-adv: Join batadv_purge_orig_ref and _batadv_purge_orig 2018-07-07 22:02:17 +02:00
originator.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-03-06 01:20:46 -05:00
routing.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-03-23 11:31:58 -04:00
routing.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
send.c batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
send.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
soft-interface.c batman-adv: fix uninit-value in batadv_interface_tx() 2019-02-27 10:08:58 +01:00
soft-interface.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
sysfs.c batman-adv: Fix segfault when writing to sysfs elp_interval 2018-09-06 13:54:48 +02:00
sysfs.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
tp_meter.c batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
tp_meter.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
translation-table.c batman-adv: fix for leaked TVLV handler. 2019-07-26 09:13:59 +02:00
translation-table.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
tvlv.c batman-adv: Prevent duplicated tvlv handler 2018-09-06 14:37:13 +02:00
tvlv.h batman-adv: Update copyright years for 2018 2018-02-26 17:57:39 +01:00
types.h batman-adv: Avoid free/alloc race when handling OGM buffer 2019-11-06 13:06:22 +01:00