github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-05-12 16:18:45 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
3dec153ae4
linux/net
History
Jason Xing 3dec153ae4 xsk: prevent CQ desync when freeing half-built skbs in xsk_build_skb() 
Once xsk_skb_init_misc() has been called on an skb, its destructor is
set to xsk_destruct_skb(), which submits the descriptor address(es) to
the completion queue and advances the CQ producer. If such an skb is
subsequently freed via kfree_skb() along an error path - before the
skb has ever been handed to the driver - the destructor still runs and
submits a bogus, half-initialized address to the CQ.

Postpone the init phase when we believe the allocation of first frag is
successfully completed. Before this init, skb can be safely freed by
kfree_skb().

Closes: https://lore.kernel.org/all/20260419045822.843BFC2BCAF@smtp.kernel.org/
Fixes: c30d084960 ("xsk: avoid overwriting skb fields for multi-buffer traffic")
Acked-by: Stanislav Fomichev <sdf@fomichev.me>
Signed-off-by: Jason Xing <kernelxing@tencent.com>
Reviewed-by: Alexander Lobakin <aleksander.lobakin@intel.com>
Link: https://patch.msgid.link/20260502200722.53960-6-kerneljasonxing@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-05-05 19:27:50 -07:00
..
6lowpan net: replace ND_PRINTK with dynamic debug 2025-07-10 15:27:32 -07:00
9p 9p/trans_xen: replace simple_strto* with kstrtouint 2026-04-16 02:57:01 +00:00
802 Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
8021q 8021q: delete cleared egress QoS mappings 2026-04-23 12:13:57 +02:00
appletalk Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
atm net: remove unused ATM protocols and legacy ATM device drivers 2026-04-23 12:21:14 -07:00
batman-adv Here are two batman-adv bugfixes: 2026-04-08 18:50:27 -07:00
bluetooth net: remove ISDN subsystem and Bluetooth CMTP 2026-04-23 10:24:02 -07:00
bpf bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb 2026-04-12 15:42:57 -07:00
bridge Delete some obsolete networking code 2026-04-24 09:41:58 -07:00
can Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
ceph libceph: Fix slab-out-of-bounds access in auth message processing 2026-04-22 01:40:23 +02:00
core net: prevent possible UAF in rtnl_prop_list_size() 2026-05-04 19:24:27 -07:00
dcb Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
devlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-09 13:20:59 -07:00
dns_resolver net: Add SPDX ids to some source files 2026-03-09 18:32:45 -07:00
dsa net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops 2026-04-16 19:10:48 -07:00
ethernet bonding: prevent potential infinite loop in bond_header_parse() 2026-03-16 19:29:45 -07:00
ethtool ethtool: strset: check nla_len overflow 2026-04-12 11:23:50 -07:00
handshake treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
hsr net: hsr: emit notification for PRP slave2 changed hw addr on port deletion 2026-04-07 17:06:16 +02:00
ieee802154 net: remove addr_len argument of recvmsg() handlers 2026-03-02 18:17:17 -08:00
ife
ipv4 ipv4: igmp: annotate data-races in igmp_heard_query() 2026-05-01 17:11:42 -07:00
ipv6 ipv6: Fix null-ptr-deref in fib6_mtu(). 2026-05-05 17:32:57 -07:00
iucv net/iucv: Add missing kernel-doc return value descriptions 2026-03-31 20:14:56 -07:00
kcm kcm: fix zero-frag skb in frag_list on partial sendmsg error 2026-02-23 17:26:55 -08:00
key vfs-7.1-rc1.kino 2026-04-13 12:19:01 -07:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-09 13:20:59 -07:00
l3mdev
lapb treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
llc llc: Return -EINPROGRESS from llc_ui_connect() 2026-04-23 11:40:39 -07:00
mac80211 Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
mac802154 bonding: prevent potential infinite loop in bond_header_parse() 2026-03-16 19:29:45 -07:00
mctp net: mctp: test: Use dev_direct_xmit for TX to our test device 2026-04-30 13:36:47 -07:00
mpls Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-02 11:03:13 -07:00
mptcp mptcp: sockopt: increase seq in mptcp_setsockopt_all_sf 2026-05-04 19:20:50 -07:00
ncsi net: ncsi: fix skb leak in error paths 2026-03-06 17:34:48 -08:00
netfilter ipvs: Guard access of HK_TYPE_KTHREAD cpumask with RCU 2026-05-05 01:52:55 +02:00
netlabel Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
netlink Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
nfc NFC: digital: Bounds check NFC-A cascade depth in SDD response handler 2026-04-12 11:40:45 -07:00
nsh
openvswitch openvswitch: vport: fix self-deadlock on release of tunnel ports 2026-05-05 15:19:37 +02:00
packet net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() 2026-04-22 20:16:34 -07:00
phonet net: phonet: do not BUG_ON() in pn_socket_autobind() on failed bind 2026-04-27 18:45:17 -07:00
psample treewide: Replace kmalloc with kmalloc_obj for non-scalar types 2026-02-21 01:02:28 -08:00
psp psp: strip variable-length PSP header in psp_dev_rcv() 2026-05-04 19:25:14 -07:00
qrtr Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-14 12:04:00 -07:00
rds net/rds: handle zerocopy send cleanup before the message is queued 2026-05-05 15:32:40 +02:00
rfkill net: rfkill: prevent unlimited numbers of rfkill events from being created 2026-04-07 12:35:04 +02:00
rxrpc rxrpc: Fix error handling in rxgk_extract_token() 2026-04-23 14:29:16 -07:00
sched net/sched: sch_fq_codel: annotate data-races from fq_codel_dump_class_stats() 2026-05-05 18:01:28 -07:00
sctp sctp: discard stale INIT after handshake completion 2026-04-28 17:52:19 -07:00
shaper net: shaper: protect from late creation of hierarchy 2026-03-19 13:47:15 +01:00
smc net/smc: avoid early lgr access in smc_clc_wait_msg 2026-04-23 11:00:57 -07:00
strparser net: strparser: fix skb_head leak in strp_abort_strp() 2026-04-14 12:37:00 +02:00
sunrpc NFS client updates for Linux 7.1 2026-04-24 14:20:03 -07:00
switchdev bridge: No DEV_PATH_BR_VLAN_UNTAG_HW for dsa foreign 2026-03-19 13:14:00 +01:00
tipc Including fixes from Netfilter. 2026-04-23 16:50:42 -07:00
tls net: tls: fix silent data drop under pipe back-pressure 2026-05-02 18:27:14 -07:00
unix af_unix: Set gc_in_progress to true in unix_gc(). 2026-05-04 18:34:45 -07:00
vmw_vsock vsock/virtio: fix potential unbounded skb queue 2026-05-04 19:12:37 -07:00
wireless Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
x25 vfs-7.1-rc1.kino 2026-04-13 12:19:01 -07:00
xdp xsk: prevent CQ desync when freeing half-built skbs in xsk_build_skb() 2026-05-05 19:27:50 -07:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-09 13:20:59 -07:00
compat.c socket: Unify getsockname and getpeername implementation 2025-11-26 13:45:23 -07:00
devres.c
Kconfig net: remove ax25 and amateur radio (hamradio) subsystem 2026-04-23 10:24:02 -07:00
Kconfig.debug
Makefile net: remove ax25 and amateur radio (hamradio) subsystem 2026-04-23 10:24:02 -07:00
socket.c Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
sysctl_net.c