github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-08 14:42:37 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
948e8eba65
linux/net
History
Sven Eckelmann 948e8eba65 batman-adv: Avoid free/alloc race when handling OGM buffer 
commit 40e220b421 upstream.

Each slave interface of an B.A.T.M.A.N. IV virtual interface has an OGM
packet buffer which is initialized using data from netdevice notifier and
other rtnetlink related hooks. It is sent regularly via various slave
interfaces of the batadv virtual interface and in this process also
modified (realloced) to integrate additional state information via TVLV
containers.

It must be avoided that the worker item is executed without a common lock
with the netdevice notifier/rtnetlink helpers. Otherwise it can either
happen that half modified/freed data is sent out or functions modifying the
OGM buffer try to access already freed memory regions.

Reported-by: syzbot+0cc629f19ccb8534935b@syzkaller.appspotmail.com
Fixes: c6c8fea297 ("net: Add batman-adv meshing protocol")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-11-06 13:06:22 +01:00
..
6lowpan
9p 9p: Transport error uninitialized 2019-10-11 18:21:12 +02:00
802
8021q vlan: disable SIOCSHWTSTAMP in container 2019-05-16 19:41:30 +02:00
appletalk appletalk: enforce CAP_NET_RAW for raw sockets 2019-10-05 13:09:31 +02:00
atm net: atm: Fix potential Spectre v1 vulnerabilities 2019-04-27 09:36:30 +02:00
ax25 ax25: enforce CAP_NET_RAW for raw sockets 2019-10-05 13:09:32 +02:00
batman-adv batman-adv: Avoid free/alloc race when handling OGM buffer 2019-11-06 13:06:22 +01:00
bluetooth Revert "Bluetooth: validate BLE connection interval updates" 2019-10-01 08:25:59 +02:00
bpf
bpfilter net: bpfilter: use get_pid_task instead of pid_task 2018-10-17 22:03:40 -07:00
bridge netfilter: ebtables: Fix argument order to ADD_COUNTER 2019-09-21 07:16:54 +02:00
caif Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
can can: gw: Fix error path of cgw_module_init 2019-08-29 08:28:30 +02:00
ceph libceph: fix PG split vs OSD (re)connect race 2019-08-29 08:28:50 +02:00
core net: Unpublish sk from sk_reuseport_cb before call_rcu 2019-10-07 18:57:22 +02:00
dcb
dccp dccp: do not use ipv6 header for ipv4 flow 2019-04-03 06:26:15 +02:00
decnet
dns_resolver
dsa net: dsa: Check existence of .port_mdb_add callback before calling it 2019-08-25 10:48:03 +02:00
ethernet
hsr net/hsr: fix possible crash in add_timer() 2019-03-19 13:12:38 +01:00
ieee802154 ieee802154: enforce CAP_NET_RAW for raw sockets 2019-10-05 13:09:32 +02:00
ife
ipv4 ipv4: Return -ENETUNREACH if we can't create route but saddr is valid 2019-10-29 09:19:39 +01:00
ipv6 net: ipv6: fix listify ip6_rcv_finish in case of forwarding 2019-10-29 09:19:42 +01:00
iucv Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
kcm kcm: switch order of device registration to fix a crash 2019-04-17 08:38:40 +02:00
key af_key: fix leaks in key_pol_get_resp and dump_sp. 2019-07-26 09:14:01 +02:00
l2tp compat_ioctl: pppoe: fix PPPOEIOCSFWD handling 2019-08-09 17:52:34 +02:00
l3mdev
lapb lapb: fixed leak of control-blocks. 2019-06-22 08:15:13 +02:00
llc llc: fix skb leak in llc_build_and_send_ui_pkt() 2019-06-04 08:02:31 +02:00
mac80211 mac80211: Reject malformed SSID elements 2019-10-29 09:19:53 +01:00
mac802154
mpls mpls: Return error for RTA_GATEWAY attribute 2019-03-10 07:17:19 +01:00
ncsi
netfilter netfilter: ipset: Make invalid MAC address checks consistent 2019-11-06 13:05:23 +01:00
netlabel netlabel: fix out-of-bounds memory accesses 2019-03-10 07:17:18 +01:00
netlink genetlink: Fix a memory leak on error path 2019-04-03 06:26:15 +02:00
netrom netrom: hold sock when setting skb->destructor 2019-07-28 08:29:27 +02:00
nfc NFC: fix attrs checks in netlink interface 2019-10-07 18:57:28 +02:00
nsh
openvswitch openvswitch: change type of UPCALL_PID attribute to NLA_UNSPEC 2019-10-05 13:09:29 +02:00
packet net/packet: fix race in tpacket_snd() 2019-08-25 10:48:04 +02:00
phonet phonet: fix building with clang 2019-03-23 20:09:51 +01:00
psample net: sched: act_sample: fix psample group handling on overwrite 2019-09-10 10:33:38 +01:00
qrtr net: qrtr: Stop rx_worker before freeing node 2019-10-05 13:09:27 +02:00
rds net/rds: Fix error handling in rds_ib_add_one() 2019-10-07 18:57:24 +02:00
rfkill Here are quite a large number of fixes, notably: 2018-09-03 22:12:02 -07:00
rose net/rose: fix unbound loop in rose_loopback_timer() 2019-05-02 09:59:00 +02:00
rxrpc rxrpc: Fix local refcounting 2019-08-29 08:28:59 +02:00
sched net: avoid potential infinite loop in tc_ctl_action() 2019-10-29 09:19:39 +01:00
sctp sctp: change sctp_prot .no_autobind with true 2019-10-29 09:19:42 +01:00
smc net/smc: make sure EPOLLOUT is raised 2019-09-06 10:22:06 +02:00
strparser net: strparser: partially revert "strparser: Call skb_unclone conditionally" 2019-05-16 19:41:27 +02:00
sunrpc net :sunrpc :clnt :Fix xps refcount imbalance on the error path 2019-07-14 08:11:15 +02:00
switchdev
tipc tipc: fix unlimited bundling of small messages 2019-10-07 18:57:25 +02:00
tls net: tls, fix sk_write_space NULL write when tx disabled 2019-09-06 10:22:04 +02:00
unix missing barriers in some of unix_sock ->addr and ->path accesses 2019-03-19 13:12:41 +01:00
vmw_vsock vsock: Fix a lockdep warning in __vsock_release() 2019-10-07 18:57:23 +02:00
wimax
wireless nl80211: fix validation of mesh path nexthop 2019-11-06 13:06:19 +01:00
x25 net/x25: fix a race in x25_bind() 2019-03-19 13:12:40 +01:00
xdp xdp: unpin xdp umem pages in error path 2019-09-21 07:16:57 +02:00
xfrm ipsec: select crypto ciphers for xfrm_algo 2019-07-26 09:14:10 +02:00
compat.c sock: Make sock->sk_stamp thread-safe 2019-01-09 17:38:33 +01:00
Kconfig
Makefile
socket.c net: socket: set sock->sk to NULL after calling proto_ops::release() 2019-03-10 07:17:18 +01:00
sysctl_net.c