MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-07-05 05:15:23 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
e0e2f78243
linux-yocto/net
History
Pengtao He a11b8c0be6 net/tls: fix kernel panic when alloc_page failed 
[ Upstream commit 491deb9b8c4ad12fe51d554a69b8165b9ef9429f ]

We cannot set frag_list to NULL pointer when alloc_page failed.
It will be used in tls_strp_check_queue_ok when the next time
tls_strp_read_sock is called.

This is because we don't reset full_len in tls_strp_flush_anchor_copy()
so the recv path will try to continue handling the partial record
on the next call but we dettached the rcvq from the frag list.
Alternative fix would be to reset full_len.

Unable to handle kernel NULL pointer dereference
at virtual address 0000000000000028
 Call trace:
 tls_strp_check_rcv+0x128/0x27c
 tls_strp_data_ready+0x34/0x44
 tls_data_ready+0x3c/0x1f0
 tcp_data_ready+0x9c/0xe4
 tcp_data_queue+0xf6c/0x12d0
 tcp_rcv_established+0x52c/0x798

Fixes: 84c61fe1a7 ("tls: rx: do not use the standard strparser")
Signed-off-by: Pengtao He <hept.hept.hept@gmail.com>
Link: https://patch.msgid.link/20250514132013.17274-1-hept.hept.hept@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2025-05-22 14:29:43 +02:00
..
6lowpan ipv6: eliminate ndisc_ops_is_useropt() 2024-08-12 17:23:57 -07:00
9p 9p/trans_fd: mark concurrent read and writes to p9_conn->err 2025-05-02 07:59:20 +02:00
802 net: 802: LLC+SNAP OID:PID lookup on start of skb data 2025-01-17 13:40:37 +01:00
8021q net: vlan: don't propagate flags on open 2025-04-20 10:15:21 +02:00
appletalk
atm atm: Fix NULL pointer dereference 2025-04-07 10:08:35 +02:00
ax25 ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt 2025-02-21 14:01:16 +01:00
batman-adv batman-adv: Ignore own maximum aggregation size during RX 2025-03-28 22:03:31 +01:00
bluetooth Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags 2025-05-22 14:29:39 +02:00
bpf bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() 2025-02-27 04:30:18 -08:00
bridge net: bridge: switchdev: do not notify new brentries as changed 2025-04-25 10:47:45 +02:00
caif move asm/unaligned.h to linux/unaligned.h 2024-10-02 17:23:23 -04:00
can can: gw: fix RCU/BH usage in cgw_create_job() 2025-05-18 08:24:48 +02:00
ceph ceph: allocate sparse_ext map only for sparse reads 2025-01-02 10:34:09 +01:00
core net: export a helper for adding up queue stats 2025-05-18 08:24:50 +02:00
dcb
dccp dccp: Fix memory leak in dccp_feat_change_recv 2024-12-14 20:03:05 +01:00
devlink devlink: fix xa_alloc_cyclic() error handling 2025-03-28 22:03:27 +01:00
dns_resolver
dsa net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails 2025-04-25 10:47:46 +02:00
ethernet
ethtool ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() 2025-04-25 10:47:43 +02:00
handshake net/handshake: use sockfd_put() helper 2024-08-27 16:09:25 -07:00
hsr net: hsr: fix fill_frame_info() regression vs VLAN packets 2025-02-08 09:58:08 +01:00
ieee802154 net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() 2024-12-14 20:03:47 +01:00
ife
ipv4 net: use sock_gen_put() when sk_state is TCP_TIME_WAIT 2025-05-09 09:50:46 +02:00
ipv6 gre: Fix again IPv6 link-local address generation. 2025-05-18 08:24:48 +02:00
iucv s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() 2024-12-05 14:02:31 +01:00
kcm kcm: Serialise kcm_sendmsg() for the same socket. 2024-08-19 18:36:12 -07:00
key xfrm: Add support for per cpu xfrm state handling. 2025-02-08 09:58:00 +01:00
l2tp net/l2tp: fix warning in l2tp_exit_net found by syzbot 2024-12-05 14:02:31 +01:00
l3mdev
lapb
llc llc: do not use skb_get() before dev_queue_xmit() 2025-03-13 13:02:05 +01:00
mac80211 wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request 2025-05-22 14:29:43 +02:00
mac802154 mac802154: check local interfaces before deleting sdata list 2025-01-23 17:22:54 +01:00
mctp net: mctp: Ensure keys maintain only one ref to corresponding dev 2025-05-22 14:29:40 +02:00
mpls mpls: Handle error of rtnl_register_module(). 2024-10-10 15:39:35 +02:00
mptcp mptcp: only inc MPJoinAckHMacFailure for HMAC failures 2025-04-20 10:15:45 +02:00
ncsi net/ncsi: wait for the last response to Deselect Package before configuring channel 2025-02-17 10:05:41 +01:00
netfilter netfilter: ipset: fix region locking in hash types 2025-05-18 08:24:48 +02:00
netlabel
netlink netlink: fix false positive warning in extack during dumps 2024-12-05 14:02:31 +01:00
netrom netrom: check buffer length before accessing it 2025-01-09 13:33:38 +01:00
nfc NFC: nci: Add bounds checking in nci_hci_create_pipe() 2025-02-17 10:05:40 +01:00
nsh
openvswitch openvswitch: Fix unsafe attribute parsing in output_userspace() 2025-05-18 08:24:47 +02:00
packet af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK 2025-01-09 13:33:42 +01:00
phonet phonet: Handle error of rtnl_register_module(). 2024-10-10 15:39:36 +02:00
psample psample: adjust size if rate_as_probability is set 2024-12-27 14:02:06 +01:00
qrtr net: qrtr: Update packets cloning when broadcasting 2024-09-24 10:48:16 +02:00
rds rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy 2025-01-17 13:40:47 +01:00
rfkill net: rfkill: gpio: Add check for clk_enable() 2024-12-05 14:01:57 +01:00
rose net: rose: lock the socket in rose_bind() 2025-02-17 10:05:01 +01:00
rxrpc rxrpc: rxperf: Fix missing decoding of terminal magic cookie 2025-03-07 18:25:29 +01:00
sched net_sched: Flush gso_skb list too during ->change() 2025-05-22 14:29:39 +02:00
sctp sctp: detect and prevent references to a freed transport in sendmsg 2025-04-20 10:15:50 +02:00
smc smc: Fix lockdep false-positive for IPPROTO_SMC. 2025-04-25 10:47:42 +02:00
strparser strparser: Add read_sock callback 2025-02-27 04:30:19 -08:00
sunrpc svcrdma: do not unregister device for listeners 2025-04-20 10:15:43 +02:00
switchdev net: switchdev: Convert blocking notification chain to a raw one 2025-03-22 12:54:12 -07:00
tipc tipc: fix NULL pointer dereference in tipc_mon_reinit_self() 2025-05-02 07:59:02 +02:00
tls net/tls: fix kernel panic when alloc_page failed 2025-05-22 14:29:43 +02:00
unix splice: do not checksum AF_UNIX sockets 2024-12-19 18:12:59 +01:00
vmw_vsock vsock: avoid timeout during connect() if the socket is closing 2025-04-10 14:39:34 +02:00
wireless wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation 2025-05-18 08:24:47 +02:00
x25
xdp xsk: Fix race condition in AF_XDP generic RX path 2025-05-09 09:50:38 +02:00
xfrm xfrm_output: Force software GSO only in tunnel mode 2025-03-28 22:03:25 +01:00
compat.c
devres.c
Kconfig memory-provider: disable building dmabuf mp on !CONFIG_PAGE_POOL 2024-09-13 11:41:45 -07:00
Kconfig.debug
Makefile
socket.c net: explicitly clear the sk pointer, when pf->create fails 2024-10-07 16:21:59 -07:00
sysctl_net.c