linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-02 07:04:24 +00:00

History

Cong Wang ef299cc3fa net_sched: cls_route: remove the right filter from hashtable route4_change() allocates a new filter and copies values from the old one. After the new filter is inserted into the hash table, the old filter should be removed and freed, as the final step of the update. However, the current code mistakenly removes the new one. This looks apparently wrong to me, and it causes double "free" and use-after-free too, as reported by syzbot. Reported-and-tested-by: syzbot+f9b32aaacd60305d9687@syzkaller.appspotmail.com Reported-and-tested-by: syzbot+2f8c233f131943d6056d@syzkaller.appspotmail.com Reported-and-tested-by: syzbot+9c2df9fd5e9445b74e01@syzkaller.appspotmail.com Fixes: `1109c00547` ("net: sched: RCU cls_route") Cc: Jamal Hadi Salim <jhs@mojatatu.com> Cc: Jiri Pirko <jiri@resnulli.us> Cc: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2020-03-16 01:59:32 -07:00
..
6lowpan
9p
802
8021q
appletalk
atm
ax25
batman-adv	batman-adv: Don't schedule OGM for disabled interface	2020-02-18 09:07:55 +01:00
bluetooth
bpf
bpfilter	net/bpfilter: fix dprintf usage for /dev/kmsg	2020-03-14 20:58:10 -07:00
bridge	net: bridge: fix stale eth hdr pointer in br_dev_xmit	2020-02-24 11:11:19 -08:00
caif	net: caif: Add lockdep expression to RCU traversal primitive	2020-03-11 22:55:25 -07:00
can
ceph
core	Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf	2020-03-13 11:13:45 -07:00
dcb
dccp
decnet
dns_resolver
dsa	net: dsa: Don't instantiate phylink for CPU/DSA ports unless needed	2020-03-11 23:46:11 -07:00
ethernet
ethtool	ethtool: limit bitset size	2020-02-26 11:27:31 -08:00
hsr	hsr: set .netnsok flag	2020-03-16 01:46:09 -07:00
ieee802154	nl802154: add missing attribute validation for dev_type	2020-03-03 13:28:48 -08:00
ife
ipv4	net: ip_gre: Separate ERSPAN newlink / changelink callbacks	2020-03-15 00:14:08 -07:00
ipv6	seg6: fix SRv6 L2 tunnels to use IANA-assigned protocol number	2020-03-11 23:49:30 -07:00
iucv
kcm
key
l2tp
l3mdev
lapb
llc
mac80211	mac80211: Do not send mesh HWMP PREQ if HWMP is disabled	2020-03-11 09:04:14 +01:00
mac802154
mpls
mptcp	mptcp: always include dack if possible.	2020-03-05 21:34:42 -08:00
ncsi
netfilter	netfilter: nft_chain_nat: inet family is missing module ownership	2020-03-06 18:00:43 +01:00
netlabel	netlabel_domainhash.c: Use built-in RCU list checking	2020-02-18 12:44:23 -08:00
netlink	netlink: Use netlink header as base to calculate bad attribute offset	2020-02-29 21:21:23 -08:00
netrom
nfc	net: nfc: fix bounds checking bugs on "pipe"	2020-03-05 21:32:42 -08:00
nsh
openvswitch	openvswitch: add missing attribute validation for hash	2020-03-03 13:28:48 -08:00
packet	net/packet: tpacket_rcv: avoid a producer race condition	2020-03-15 00:25:25 -07:00
phonet
psample
qrtr
rds	net/rds: Track user mapped pages through special API	2020-02-16 18:37:09 -08:00
rfkill
rose
rxrpc
sched	net_sched: cls_route: remove the right filter from hashtable	2020-03-16 01:59:32 -07:00
sctp	inet_diag: return classid for all socket types	2020-03-08 21:57:48 -07:00
smc	net/smc: cancel event worker during device removal	2020-03-10 15:40:33 -07:00
strparser
sunrpc
switchdev
tipc	tipc: add missing attribute validation for MTU property	2020-03-03 13:28:49 -08:00
tls	net/tls: Fix to avoid gettig invalid tls record	2020-02-19 16:32:06 -08:00
unix	unix: It's CONFIG_PROC_FS not CONFIG_PROCFS	2020-02-27 11:52:35 -08:00
vmw_vsock	vsock: fix potential deadlock in transport->release()	2020-02-27 12:03:56 -08:00
wimax
wireless	nl80211: add missing attribute validation for channel switch	2020-03-11 08:58:39 +01:00
x25
xdp
xfrm
compat.c
Kconfig	net: disable BRIDGE_NETFILTER by default	2020-02-20 15:02:02 -08:00
Makefile
socket.c
sysctl_net.c