mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-11-01 17:08:10 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/rds
History
Tetsuo Handa 3a58f13a88 net: rds: acquire refcount on TCP sockets 
syzbot is reporting use-after-free read in tcp_retransmit_timer() [1],
for TCP socket used by RDS is accessing sock_net() without acquiring a
refcount on net namespace. Since TCP's retransmission can happen after
a process which created net namespace terminated, we need to explicitly
acquire a refcount.

Link: https://syzkaller.appspot.com/bug?extid=694120e1002c117747ed [1]
Reported-by: syzbot <syzbot+694120e1002c117747ed@syzkaller.appspotmail.com>
Fixes: 26abe14379 ("net: Modify sk_alloc to not reference count the netns of kernel sockets.")
Fixes: 8a68173691 ("net: sk_clone_lock() should only do get_net() if the parent is not a kernel socket")
Signed-off-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Tested-by: syzbot <syzbot+694120e1002c117747ed@syzkaller.appspotmail.com>
Link: https://lore.kernel.org/r/a5fb1fc4-2284-3359-f6a0-e4e390239d7b@I-love.SAKURA.ne.jp
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
2022-05-03 13:22:50 +02:00
..
af_rds.c
bind.c
cong.c
connection.c rds: memory leak in __rds_conn_create() 2021-12-14 12:51:52 +00:00
ib.c
ib.h
ib_cm.c
ib_frmr.c
ib_mr.h
ib_rdma.c
ib_recv.c
ib_ring.c
ib_send.c
ib_stats.c
ib_sysctl.c
info.c
info.h
Kconfig
loop.c
loop.h
Makefile
message.c
page.c
rdma.c
rdma_transport.c
rdma_transport.h
rds.h
rds_single_path.h
recv.c
send.c rds: Fix a typo in a comment 2021-11-22 14:28:37 +00:00
stats.c
sysctl.c
tcp.c net: rds: acquire refcount on TCP sockets 2022-05-03 13:22:50 +02:00
tcp.h
tcp_connect.c
tcp_listen.c
tcp_recv.c
tcp_send.c
tcp_stats.c
threads.c
transport.c