github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-03 12:03:54 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
d535ca1367
linux/net/smc
History
Karsten Graul d535ca1367 net/smc: fix use-after-free of delayed events 
When a delayed event is enqueued then the event worker will send this
event the next time it is running and no other flow is currently
active. The event handler is called for the delayed event, and the
pointer to the event keeps set in lgr->delayed_event. This pointer is
cleared later in the processing by smc_llc_flow_start().
This can lead to a use-after-free condition when the processing does not
reach smc_llc_flow_start(), but frees the event because of an error
situation. Then the delayed_event pointer is still set but the event is
freed.
Fix this by always clearing the delayed event pointer when the event is
provided to the event handler for processing, and remove the code to
clear it in smc_llc_flow_start().

Fixes: 555da9af82 ("net/smc: add event-based llc_flow framework")
Signed-off-by: Karsten Graul <kgraul@linux.ibm.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2020-10-15 09:54:43 -07:00
..
af_smc.c net/smc: unique reason code for exceeded max dmb count 2020-07-27 10:30:01 -07:00
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Makefile
smc_cdc.c net/smc: put slot when connection is killed 2020-07-20 17:52:25 -07:00
smc_cdc.h net/smc: pre-fetch send buffer outside of send_lock 2020-05-30 18:12:25 -07:00
smc_clc.c net/smc: tolerate future SMCD versions 2020-07-08 12:35:15 -07:00
smc_clc.h net/smc: unique reason code for exceeded max dmb count 2020-07-27 10:30:01 -07:00
smc_close.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-09-03 18:50:48 -07:00
smc_close.h net/smc: remove close abort worker 2019-10-22 11:23:44 -07:00
smc_core.c net/smc: reset sndbuf_desc if freed 2020-09-03 16:52:33 -07:00
smc_core.h net/smc: do not call dma sync for unmapped memory 2020-07-19 15:30:22 -07:00
smc_diag.c net/smc: Prevent kernel-infoleak in __smc_diag_dump() 2020-08-20 12:07:31 -07:00
smc_ib.c net/smc: protect smc ib device initialization 2020-07-19 15:30:22 -07:00
smc_ib.h net/smc: protect smc ib device initialization 2020-07-19 15:30:22 -07:00
smc_ism.c net/smc: switch smcd_dev_list spinlock to mutex 2020-07-08 12:35:15 -07:00
smc_ism.h net/smc: switch smcd_dev_list spinlock to mutex 2020-07-08 12:35:15 -07:00
smc_llc.c net/smc: fix use-after-free of delayed events 2020-10-15 09:54:43 -07:00
smc_llc.h net/smc: move add link processing for new device into llc layer 2020-07-19 15:30:22 -07:00
smc_netns.h
smc_pnet.c net/smc: switch smcd_dev_list spinlock to mutex 2020-07-08 12:35:15 -07:00
smc_pnet.h net/smc: introduce smc_pnet_find_alt_roce() 2020-05-01 16:20:05 -07:00
smc_rx.c fs: make the pipe_buf_operations ->confirm operation optional 2020-05-20 12:11:26 -04:00
smc_rx.h
smc_tx.c net/smc: switch connections to alternate link 2020-05-04 10:54:39 -07:00
smc_tx.h
smc_wr.c net/smc: fix work request handling 2020-07-08 12:35:15 -07:00
smc_wr.h net/smc: wait for departure of an IB message 2020-05-04 10:54:39 -07:00
smc.h net/smc: handle incoming CDC validation message 2020-05-04 10:54:39 -07:00