github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-02 03:24:19 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
v5.8-rc7
linux/net/qrtr
History
Cong Wang af9f691f0f qrtr: orphan socket in qrtr_release() 
We have to detach sock from socket in qrtr_release(),
otherwise skb->sk may still reference to this socket
when the skb is released in tun->queue, particularly
sk->sk_wq still points to &sock->wq, which leads to
a UAF.

Reported-and-tested-by: syzbot+6720d64f31c081c2f708@syzkaller.appspotmail.com
Fixes: 28fb4e59a4 ("net: qrtr: Expose tunneling endpoint to user space")
Cc: Bjorn Andersson <bjorn.andersson@linaro.org>
Cc: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-07-24 17:29:52 -07:00
..
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Makefile net: qrtr: Add MHI transport layer 2020-05-07 13:21:12 -07:00
mhi.c net: qrtr: Add MHI transport layer 2020-05-07 13:21:12 -07:00
ns.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-31 17:48:46 -07:00
qrtr.c qrtr: orphan socket in qrtr_release() 2020-07-24 17:29:52 -07:00
qrtr.h net: qrtr: Fix FIXME related to qrtr_ns_init() 2020-03-03 17:52:21 -08:00
smd.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284 2019-06-05 17:36:37 +02:00
tun.c net: qrtr: Simplify 'qrtr_tun_release()' 2019-10-30 17:58:23 -07:00