mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-06 00:39:48 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers/net
History
Tom Parkin c1787ffd0d ppp: fix refcount underflow on channel unbridge 
When setting up a channel bridge, ppp_bridge_channels sets the
pch->bridge field before taking the associated reference on the bridge
file instance.

This opens up a refcount underflow bug if ppp_bridge_channels called
via. iotcl runs concurrently with ppp_unbridge_channels executing via.
file release.

The bug is triggered by ppp_bridge_channels taking the error path
through the 'err_unset' label.  In this scenario, pch->bridge is set,
but the reference on the bridged channel will not be taken because
the function errors out.  If ppp_unbridge_channels observes pch->bridge
before it is unset by the error path, it will erroneously drop the
reference on the bridged channel and cause a refcount underflow.

To avoid this, ensure that ppp_bridge_channels holds a reference on
each channel in advance of setting the bridge pointers.

Signed-off-by: Tom Parkin <tparkin@katalix.com>
Fixes: 4cf476ced4 ("ppp: add PPPIOCBRIDGECHAN and PPPIOCUNBRIDGECHAN ioctls")
Acked-by: Guillaume Nault <gnault@redhat.com>
Link: https://lore.kernel.org/r/20210107181315.3128-1-tparkin@katalix.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-01-08 19:21:06 -08:00
..
appletalk
arcnet
bonding Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-12-11 22:29:38 -08:00
caif
can can: rcar: Kconfig: update help description for CAN_RCAR config 2021-01-07 11:02:10 +01:00
dsa net: dsa: lantiq_gswip: Exclude RMII from modes that report 1 GbE 2021-01-07 19:00:11 -08:00
ethernet mlx5-fixes-2021-01-07 2021-01-07 19:13:30 -08:00
fddi
fjes
hamradio
hippi
hyperv Networking fixes for 5.11-rc1. 2020-12-17 13:45:24 -08:00
ieee802154
ipa net: ipa: modem: add missing SET_NETDEV_DEV() for proper sysfs links 2021-01-08 18:45:35 -08:00
ipvlan
mdio
netdevsim Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-12-11 22:29:38 -08:00
pcs
phy net: sfp: relax bitrate-derived mode check 2020-12-09 19:38:10 -08:00
plip
ppp ppp: fix refcount underflow on channel unbridge 2021-01-08 19:21:06 -08:00
slip
team
usb net: cdc_ncm: correct overhead in delayed_ndp_size 2021-01-05 16:49:04 -08:00
vmxnet3
wan wan: ds26522: select CONFIG_BITREVERSE 2021-01-05 15:50:36 -08:00
wireguard selinux/stable-5.11 PR 20201214 2020-12-16 11:01:04 -08:00
wireless wil6210: select CONFIG_CRC32 2021-01-05 15:50:36 -08:00
xen-netback xen/xenbus: Add 'will_handle' callback support in xenbus_watch_path() 2020-12-14 10:04:18 +01:00
bareudp.c net: bareudp: add missing error handling for bareudp_link_config() 2021-01-06 15:56:44 -08:00
dummy.c
eql.c
geneve.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-12-11 22:29:38 -08:00
gtp.c
ifb.c
Kconfig net: fix spelling mistake "wil" -> "will" in Kconfig 2020-12-05 15:17:19 -08:00
LICENSE.SRC
loopback.c
macsec.c
macvlan.c
macvtap.c
Makefile
mdio.c
mhi_net.c net: mhi: Fix unexpected queue wake 2020-12-14 17:25:56 -08:00
mii.c
net_failover.c
netconsole.c
nlmon.c
ntb_netdev.c
rionet.c
sb1000.c
Space.c
sungem_phy.c
tap.c
thunderbolt.c USB / Thunderbolt patches for 5.11-rc1 2020-12-15 13:54:56 -08:00
tun.c tun: fix return value when the number of iovs exceeds MAX_SKB_FRAGS 2020-12-28 13:34:36 -08:00
veth.c Merge https://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-12-04 07:48:12 -08:00
virtio_net.c Networking fixes for 5.11-rc3, including fixes from netfilter, wireless 2021-01-05 12:38:56 -08:00
vrf.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-12-11 22:29:38 -08:00
vsockmon.c
vxlan.c vxlan: avoid double unlikely() notation when using IS_ERR() 2020-12-10 12:43:29 -08:00
xen-netfront.c