linux-stable

Go to file

Shigeru Yoshida c1701ea85e tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() [ Upstream commit `3871aa01e1` ] syzbot reported the following general protection fault [1]: general protection fault, probably for non-canonical address 0xdffffc0000000010: 0000 [#1] PREEMPT SMP KASAN KASAN: null-ptr-deref in range [0x0000000000000080-0x0000000000000087] ... RIP: 0010:tipc_udp_is_known_peer+0x9c/0x250 net/tipc/udp_media.c:291 ... Call Trace: <TASK> tipc_udp_nl_bearer_add+0x212/0x2f0 net/tipc/udp_media.c:646 tipc_nl_bearer_add+0x21e/0x360 net/tipc/bearer.c:1089 genl_family_rcv_msg_doit+0x1fc/0x2e0 net/netlink/genetlink.c:972 genl_family_rcv_msg net/netlink/genetlink.c:1052 [inline] genl_rcv_msg+0x561/0x800 net/netlink/genetlink.c:1067 netlink_rcv_skb+0x16b/0x440 net/netlink/af_netlink.c:2544 genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076 netlink_unicast_kernel net/netlink/af_netlink.c:1341 [inline] netlink_unicast+0x53b/0x810 net/netlink/af_netlink.c:1367 netlink_sendmsg+0x8b7/0xd70 net/netlink/af_netlink.c:1909 sock_sendmsg_nosec net/socket.c:730 [inline] __sock_sendmsg+0xd5/0x180 net/socket.c:745 ____sys_sendmsg+0x6ac/0x940 net/socket.c:2584 ___sys_sendmsg+0x135/0x1d0 net/socket.c:2638 __sys_sendmsg+0x117/0x1e0 net/socket.c:2667 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0x40/0x110 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x63/0x6b The cause of this issue is that when tipc_nl_bearer_add() is called with the TIPC_NLA_BEARER_UDP_OPTS attribute, tipc_udp_nl_bearer_add() is called even if the bearer is not UDP. tipc_udp_is_known_peer() called by tipc_udp_nl_bearer_add() assumes that the media_ptr field of the tipc_bearer has an udp_bearer type object, so the function goes crazy for non-UDP bearers. This patch fixes the issue by checking the bearer type before calling tipc_udp_nl_bearer_add() in tipc_nl_bearer_add(). Fixes: `ef20cd4dd1` ("tipc: introduce UDP replicast") Reported-and-tested-by: syzbot+5142b87a9abc510e14fa@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=5142b87a9abc510e14fa [1] Signed-off-by: Shigeru Yoshida <syoshida@redhat.com> Reviewed-by: Tung Nguyen <tung.q.nguyen@dektech.com.au> Link: https://lore.kernel.org/r/20240131152310.4089541-1-syoshida@redhat.com Signed-off-by: Paolo Abeni <pabeni@redhat.com> Signed-off-by: Sasha Levin <sashal@kernel.org>		2024-02-23 08:54:58 +01:00
Documentation	net: sysfs: Fix /sys/class/net/<iface> path	2024-02-23 08:54:55 +01:00
LICENSES	LICENSES/dual/CC-BY-4.0: Git rid of "smart quotes"	2021-07-15 06:31:24 -06:00
arch	arm64: irq: set the correct node for shadow call stack	2024-02-23 08:54:55 +01:00
block	blk-mq: fix IO hang from sbitmap wakeup race	2024-02-23 08:54:52 +01:00
certs	certs/blacklist_hashes.c: fix const confusion in certs blacklist	2022-06-22 14:22:01 +02:00
crypto	crypto: api - Disallow identical driver names	2024-02-23 08:54:23 +01:00
drivers	hwmon: (coretemp) Fix bogus core_id to attr name mapping	2024-02-23 08:54:57 +01:00
fs	ceph: fix deadlock or deadcode of misusing dget()	2024-02-23 08:54:52 +01:00
include	dmaengine: fix is_slave_direction() return false when DMA_DEV_TO_DEV	2024-02-23 08:54:56 +01:00
init	rootfs: Fix support for rootfstype= when root= is given	2024-01-25 14:52:48 -08:00
io_uring	io_uring/rw: ensure io->bytes_done is always initialized	2024-01-25 14:52:48 -08:00
ipc	ipc/sem: Fix dangling sem_array access in semtimedop race	2022-12-08 11:28:45 +01:00
kernel	perf: Fix the nr_addr_filters fix	2024-02-23 08:54:52 +01:00
lib	debugobjects: Stop accessing objects after releasing hash bucket lock	2024-02-23 08:54:37 +01:00
mm	mm/sparsemem: fix race in accessing memory_section->usage	2024-02-23 08:54:34 +01:00
net	tipc: Check the bearer type before calling tipc_udp_nl_bearer_add()	2024-02-23 08:54:58 +01:00
samples	samples/hw_breakpoint: fix building without module unloading	2023-09-23 11:10:01 +02:00
scripts	scripts/get_abi: fix source path leak	2024-02-23 08:54:25 +01:00
security	lsm: new security_file_ioctl_compat() hook	2024-02-23 08:54:25 +01:00
sound	ASoC: codecs: lpass-wsa-macro: fix compander volume hack	2024-02-23 08:54:55 +01:00
tools	selftests: net: avoid just another constant wait	2024-02-23 08:54:57 +01:00
usr	usr/include/Makefile: add linux/nfc.h to the compile-test coverage	2022-02-01 17:27:15 +01:00
virt	KVM: Grab a reference to KVM for VM and vCPU stats file descriptors	2023-08-03 10:22:40 +02:00
.clang-format	clang-format: Update with the latest for_each macro list	2021-05-12 23:32:39 +02:00
.cocciconfig	…
.get_maintainer.ignore	…
.gitattributes	.gitattributes: use 'dts' diff driver for dts files	2019-12-04 19:44:11 -08:00
.gitignore	.gitignore: ignore only top-level modules.builtin	2021-05-02 00:43:35 +09:00
.mailmap	mailmap: add Andrej Shadura	2021-10-18 20:22:03 -10:00
COPYING	COPYING: state that all contributions really are covered by this file	2020-02-10 13:32:20 -08:00
CREDITS	MAINTAINERS: Move Daniel Drake to credits	2021-09-21 08:34:58 +03:00
Kbuild	kbuild: rename hostprogs-y/always to hostprogs/always-y	2020-02-04 01:53:07 +09:00
Kconfig	kbuild: ensure full rebuild when the compiler is updated	2020-05-12 13:28:33 +09:00
MAINTAINERS	iio: stx104: Move to addac subdirectory	2023-08-26 14:23:27 +02:00
Makefile	Linux 5.15.148	2024-01-25 14:52:56 -08:00
README	…

README

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.