MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2026-01-27 12:47:24 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
10206302af
linux-yocto/net
History
Eric Dumazet 10206302af sctp: add mutual exclusion in proc_sctp_do_udp_port() 
We must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start()
or risk a crash as syzbot reported:

Oops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
CPU: 1 UID: 0 PID: 6551 Comm: syz.1.44 Not tainted 6.14.0-syzkaller-g7f2ff7b62617 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
 RIP: 0010:kernel_sock_shutdown+0x47/0x70 net/socket.c:3653
Call Trace:
 <TASK>
  udp_tunnel_sock_release+0x68/0x80 net/ipv4/udp_tunnel_core.c:181
  sctp_udp_sock_stop+0x71/0x160 net/sctp/protocol.c:930
  proc_sctp_do_udp_port+0x264/0x450 net/sctp/sysctl.c:553
  proc_sys_call_handler+0x3d0/0x5b0 fs/proc/proc_sysctl.c:601
  iter_file_splice_write+0x91c/0x1150 fs/splice.c:738
  do_splice_from fs/splice.c:935 [inline]
  direct_splice_actor+0x18f/0x6c0 fs/splice.c:1158
  splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102
  do_splice_direct_actor fs/splice.c:1201 [inline]
  do_splice_direct+0x174/0x240 fs/splice.c:1227
  do_sendfile+0xafd/0xe50 fs/read_write.c:1368
  __do_sys_sendfile64 fs/read_write.c:1429 [inline]
  __se_sys_sendfile64 fs/read_write.c:1415 [inline]
  __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1415
  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]

Fixes: 046c052b47 ("sctp: enable udp tunneling socks")
Reported-by: syzbot+fae49d997eb56fa7c74d@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/67ea5c01.050a0220.1547ec.012b.GAE@google.com/T/#u
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Xin Long <lucien.xin@gmail.com>
Link: https://patch.msgid.link/20250331091532.224982-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2025-04-02 16:04:19 -07:00
..
6lowpan
9p net/9p/usbg: allow building as standalone module 2024-11-22 23:48:14 +09:00
802 net: 802: LLC+SNAP OID:PID lookup on start of skb data 2025-01-04 08:06:24 -08:00
8021q net: vlan: don't propagate flags on open 2025-03-20 09:57:37 +01:00
appletalk net: appletalk: Drop aarp_send_probe_phase1() 2025-01-20 10:08:19 +00:00
atm atm: Fix NULL pointer dereference 2025-03-25 13:54:36 -07:00
ax25 ax25: Remove broken autobind 2025-03-24 10:26:53 +00:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-03-20 21:38:01 +01:00
bluetooth Bluetooth: MGMT: Add LL Privacy Setting 2025-03-25 15:22:49 -04:00
bpf bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() 2025-01-29 08:51:51 -08:00
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-03-26 09:32:10 -07:00
caif rtnetlink: Pack newlink() params into struct 2025-02-21 15:28:02 -08:00
can Networking changes for 6.15. 2025-03-26 21:48:21 -07:00
ceph ceph: allocate sparse_ext map only for sparse reads 2024-12-16 23:25:44 +01:00
core Rather tiny PR, mostly so that we can get into our trees your fix 2025-04-01 20:00:51 -07:00
dcb dcb: Use rtnl_register_many(). 2024-10-15 18:52:26 -07:00
dccp tcp/dccp: remove icsk->icsk_ack.timeout 2025-03-25 10:34:33 -07:00
devlink devlink: fix xa_alloc_cyclic() error handling 2025-03-19 09:57:36 +00:00
dns_resolver
dsa net: move misc netdev_lock flavors to a separate header 2025-03-08 09:06:50 -08:00
ethernet
ethtool net-timestamp: COMPLETION timestamp on packet tx completion 2025-03-25 12:48:05 -04:00
handshake module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
hsr net: hsr: Add KUnit test for PRP 2025-03-13 10:04:22 +01:00
ieee802154 inet: frags: save a pair of atomic operations in reassembly 2025-03-18 13:18:36 +01:00
ife
ipv4 Revert "tcp: avoid atomic operations on sk->sk_rmem_alloc" 2025-03-31 16:53:54 -07:00
ipv6 netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets 2025-04-02 16:01:04 -07:00
iucv s390: Convert MACHINE_IS_[LPAR|VM|KVM], etc, machine_is_[lpar|vm|kvm]() 2025-03-04 17:18:07 +01:00
kcm kcm: replace call_rcu by kfree_rcu for simple kmem_cache_free callback 2024-10-15 10:50:21 -07:00
key xfrm: Add support for per cpu xfrm state handling. 2024-10-29 11:56:00 +01:00
l2tp net: move misc netdev_lock flavors to a separate header 2025-03-08 09:06:50 -08:00
l3mdev
lapb
llc llc: do not use skb_get() before dev_queue_xmit() 2025-03-03 14:00:04 +00:00
mac80211 More features for 6.15, major changes: 2025-03-25 08:04:13 -07:00
mac802154 mac802154: Switch to use hrtimer_setup() 2025-02-18 10:35:44 +01:00
mctp net: mctp: unshare packets when reassembling 2025-03-11 13:12:19 +01:00
mpls percpu: use TYPEOF_UNQUAL() in variable declarations 2025-03-16 22:05:53 -07:00
mptcp mptcp: fix NULL pointer in can_accept_new_subflow 2025-03-31 16:52:39 -07:00
ncsi net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling 2025-01-27 09:20:07 +00:00
netfilter netfilter pull request 25-03-23 2025-03-25 08:29:13 -07:00
netlabel net: corrections for security_secid_to_secctx returns 2025-01-04 22:11:22 -05:00
netlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-02-27 10:20:58 -08:00
netrom netrom: check buffer length before accessing it 2024-12-23 10:04:55 -08:00
nfc nfc: hci: Remove unused nfc_llc_unregister 2025-02-19 19:04:26 -08:00
nsh
openvswitch net: openvswitch: fix kernel-doc warnings in internal headers 2025-03-24 09:30:21 -07:00
packet net: initialize mark in sockcm_init 2025-02-18 18:27:19 -08:00
phonet phonet: do not call synchronize_rcu() from phonet_route_del() 2024-11-07 20:34:16 -08:00
psample psample: adjust size if rate_as_probability is set 2024-12-18 19:23:04 -08:00
qrtr
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-02-27 10:20:58 -08:00
rfkill net: rfkill: gpio: allow booting in blocked state 2025-02-11 11:55:55 +01:00
rose net: rose: lock the socket in rose_bind() 2025-02-04 14:03:58 -08:00
rxrpc afs: Use the per-peer app data provided by rxrpc 2025-03-10 09:47:15 +00:00
sched net_sched: skbprio: Remove overly strict queue assertions 2025-04-02 16:03:32 -07:00
sctp sctp: add mutual exclusion in proc_sctp_do_udp_port() 2025-04-02 16:04:19 -07:00
shaper net: add netdev_lock() / netdev_unlock() helpers 2025-01-15 19:13:33 -08:00
smc net/smc: use the correct ndev to find pnetid by pnetid table 2025-03-14 12:54:40 +00:00
strparser strparser: Add read_sock callback 2025-01-29 13:32:08 -08:00
sunrpc NFSD 6.15 Release Notes 2025-03-31 17:28:17 -07:00
switchdev net: switchdev: Convert blocking notification chain to a raw one 2025-03-11 11:30:28 +01:00
tipc tipc: Reduce scope for the variable “fdefq” in tipc_link_tnl_prepare() 2025-03-04 17:19:49 -08:00
tls This update includes the following changes: 2025-03-29 10:01:55 -07:00
unix unix: fix up for "apparmor: add fine grained af_unix mediation" 2025-03-26 09:31:18 -07:00
vmw_vsock vsock/bpf: Warn on socket without transport 2025-02-18 12:00:01 +01:00
wireless wifi: nl80211: re-enable multi-link reconfiguration 2025-03-18 14:52:11 +01:00
x25
xdp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-03-20 21:38:01 +01:00
xfrm This update includes the following changes: 2025-03-29 10:01:55 -07:00
compat.c
devres.c
Kconfig
Kconfig.debug
Makefile
socket.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-03-26 09:32:10 -07:00
sysctl_net.c