github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-07 14:04:54 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
50aac44273
linux/net
History
Oliver Hartkopp 50aac44273 can: isotp: stop timeout monitoring when no first frame was sent 
commit d734970817 upstream.

The first attempt to fix a the 'impossible' WARN_ON_ONCE(1) in
isotp_tx_timer_handler() focussed on the identical CAN IDs created by
the syzbot reproducer and lead to upstream fix/commit 3ea566422c
("can: isotp: sanitize CAN ID checks in isotp_bind()"). But this did
not catch the root cause of the wrong tx.state in the tx_timer handler.

In the isotp 'first frame' case a timeout monitoring needs to be started
before the 'first frame' is send. But when this sending failed the timeout
monitoring for this specific frame has to be disabled too.

Otherwise the tx_timer is fired with the 'warn me' tx.state of ISOTP_IDLE.

Fixes: e057dd3fc2 ("can: add ISO 15765-2:2016 transport protocol")
Link: https://lore.kernel.org/all/20220405175112.2682-1-socketcan@hartkopp.net
Reported-by: syzbot+2339c27f5c66c652843e@syzkaller.appspotmail.com
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-04-27 13:53:57 +02:00
..
6lowpan 6lowpan: iphc: Fix an off-by-one check of array index 2021-09-15 09:50:34 +02:00
9p xen/9p: use alloc/free_pages_exact() 2022-03-11 12:11:54 +01:00
802 net/802/garp: fix memleak in garp_request_join() 2021-07-31 08:16:11 +02:00
8021q net: vlan: fix underflow for the real_dev refcnt 2021-12-01 09:19:08 +01:00
appletalk appletalk: Fix skb allocation size in loopback case 2021-04-07 15:00:08 +02:00
atm
ax25 ax25: Fix UAF bugs in ax25 timers 2022-04-20 09:23:32 +02:00
batman-adv ipv6: make mc_forwarding atomic 2022-04-13 21:00:56 +02:00
bluetooth Bluetooth: Fix use after free in hci_send_acl 2022-04-13 21:01:00 +02:00
bpf bpf, test, cgroup: Use sk_{alloc,free} for test cases 2021-10-27 09:56:56 +02:00
bpfilter bpfilter: Specify the log level for the kmsg message 2021-07-14 16:56:29 +02:00
bridge net: bridge: vlan: fix memory leak in __allowed_ingress 2022-02-01 17:25:48 +01:00
caif net-caif: avoid user-triggerable WARN_ON(1) 2021-09-22 12:27:56 +02:00
can can: isotp: stop timeout monitoring when no first frame was sent 2022-04-27 13:53:57 +02:00
ceph
core net/sched: flower: fix parsing of ethertype following VLAN header 2022-04-20 09:23:11 +02:00
dcb net: dcb: disable softirqs in dcbnl_flush_dev() 2022-03-08 19:09:37 +01:00
dccp tcp: switch orphan_count to bare per-cpu counters 2021-11-18 14:04:08 +01:00
decnet net: decnet: Fix sleeping inside in af_decnet 2021-07-28 14:35:38 +02:00
dns_resolver
dsa net: dsa: Add missing of_node_put() in dsa_port_parse_of 2022-03-23 09:13:28 +01:00
ethernet
ethtool ethtool: do not perform operations on net devices being unregistered 2021-12-17 10:14:41 +01:00
hsr net: hsr: fix mac_len checks 2021-06-03 09:00:50 +02:00
ieee802154 net: ieee802154: Return meaningful error codes from the netlink helpers 2022-02-08 18:30:37 +01:00
ife
ipv4 esp: limit skb_page_frag_refill use to a single page 2022-04-27 13:53:48 +02:00
ipv6 ipv6: make ip6_rt_gc_expire an atomic_t 2022-04-27 13:53:51 +02:00
iucv net/af_iucv: remove WARN_ONCE on malformed RX packets 2021-03-07 12:34:05 +01:00
kcm
key af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register 2022-04-08 14:39:48 +02:00
l2tp net/l2tp: Fix reference count leak in l2tp_udp_recv_core 2021-09-22 12:27:56 +02:00
l3mdev l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu 2022-04-27 13:53:50 +02:00
lapb
llc llc: only change llc->dev when bind() succeeds 2022-03-28 09:57:10 +02:00
mac80211 mac80211: fix potential double free on mesh join 2022-03-28 09:57:10 +02:00
mac802154 net: mac802154: Fix general protection fault 2021-04-14 08:42:13 +02:00
mpls net: mpls: Fix notifications when deleting a device 2021-12-08 09:03:23 +01:00
mptcp mptcp: clear 'kern' flag from fallback sockets 2021-12-22 09:30:54 +01:00
ncsi net/ncsi: check for error return from call to nla_put_u32 2022-01-05 12:40:32 +01:00
netfilter netfilter: nf_conntrack_tcp: preserve liberal flag in tcp options 2022-04-08 14:40:28 +02:00
netlabel netlabel: fix out-of-bounds memory accesses 2022-04-13 21:01:00 +02:00
netlink netlink: reset network and mac headers in netlink_dump() 2022-04-27 13:53:51 +02:00
netrom netrom: fix api breakage in nr_setsockopt() 2022-01-27 10:54:03 +01:00
nfc nfc: nci: add flush_workqueue to prevent uaf 2022-04-20 09:23:18 +02:00
nsh
openvswitch openvswitch: fix OOB access in reserve_sfa_size() 2022-04-27 13:53:55 +02:00
packet net/packet: fix packet_sock xmit return value checking 2022-04-27 13:53:50 +02:00
phonet phonet: refcount leak in pep_sock_accep 2022-01-11 15:25:01 +01:00
psample net: psample: Fix netlink skb length with tunnel info 2021-03-07 12:34:07 +01:00
qrtr net: qrtr: fix another OOB Read in qrtr_endpoint_post 2021-09-03 10:09:21 +02:00
rds rds: memory leak in __rds_conn_create() 2021-12-22 09:30:54 +01:00
rfkill
rose
rxrpc rxrpc: Restore removed timer deletion 2022-04-27 13:53:49 +02:00
sched net/sched: cls_u32: fix possible leak in u32_init_knode() 2022-04-27 13:53:50 +02:00
sctp sctp: Initialize daddr on peeled off socket 2022-04-20 09:23:17 +02:00
smc net/smc: Fix sock leak when release after smc_shutdown() 2022-04-27 13:53:49 +02:00
strparser bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding 2021-11-18 14:04:27 +01:00
sunrpc SUNRPC: svc_tcp_sendmsg() should handle errors from xdr_alloc_bvec() 2022-04-13 21:01:07 +02:00
switchdev
tipc tipc: fix the timer expires after interval 100ms 2022-04-08 14:40:23 +02:00
tls net/tls: fix slab-out-of-bounds bug in decrypt_internal 2022-04-13 21:01:04 +02:00
unix af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress 2022-01-27 10:54:31 +01:00
vmw_vsock vsock: each transport cycles only on its own sockets 2022-03-23 09:13:27 +01:00
wimax
wireless nl80211: correctly check NL80211_ATTR_REG_ALPHA2 size 2022-04-20 09:23:28 +02:00
x25 net/x25: Fix null-ptr-deref caused by x25_disconnect 2022-04-08 14:40:30 +02:00
xdp Revert "xsk: Do not sleep in poll() when need_wakeup set" 2021-12-22 09:30:59 +01:00
xfrm xfrm: fix tunnel model fragmentation behavior 2022-04-08 14:39:47 +02:00
compat.c net: Return the correct errno code 2021-06-18 10:00:06 +02:00
devres.c
Kconfig
Makefile
socket.c ethtool: improve compat ioctl handling 2021-09-18 13:40:21 +02:00
sysctl_net.c