MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-07-05 05:15:23 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
ffaf617813
linux-yocto/net
History
Eric Dumazet b3598f5321 sctp: add mutual exclusion in proc_sctp_do_udp_port() 
commit 10206302af856791fbcc27a33ed3c3eb09b2793d upstream.

We must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start()
or risk a crash as syzbot reported:

Oops: general protection fault, probably for non-canonical address 0xdffffc000000000d: 0000 [#1] SMP KASAN PTI
KASAN: null-ptr-deref in range [0x0000000000000068-0x000000000000006f]
CPU: 1 UID: 0 PID: 6551 Comm: syz.1.44 Not tainted 6.14.0-syzkaller-g7f2ff7b62617 #0 PREEMPT(full)
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025
 RIP: 0010:kernel_sock_shutdown+0x47/0x70 net/socket.c:3653
Call Trace:
 <TASK>
  udp_tunnel_sock_release+0x68/0x80 net/ipv4/udp_tunnel_core.c:181
  sctp_udp_sock_stop+0x71/0x160 net/sctp/protocol.c:930
  proc_sctp_do_udp_port+0x264/0x450 net/sctp/sysctl.c:553
  proc_sys_call_handler+0x3d0/0x5b0 fs/proc/proc_sysctl.c:601
  iter_file_splice_write+0x91c/0x1150 fs/splice.c:738
  do_splice_from fs/splice.c:935 [inline]
  direct_splice_actor+0x18f/0x6c0 fs/splice.c:1158
  splice_direct_to_actor+0x342/0xa30 fs/splice.c:1102
  do_splice_direct_actor fs/splice.c:1201 [inline]
  do_splice_direct+0x174/0x240 fs/splice.c:1227
  do_sendfile+0xafd/0xe50 fs/read_write.c:1368
  __do_sys_sendfile64 fs/read_write.c:1429 [inline]
  __se_sys_sendfile64 fs/read_write.c:1415 [inline]
  __x64_sys_sendfile64+0x1d8/0x220 fs/read_write.c:1415
  do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]

Fixes: 046c052b47 ("sctp: enable udp tunneling socks")
Reported-by: syzbot+fae49d997eb56fa7c74d@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/67ea5c01.050a0220.1547ec.012b.GAE@google.com/T/#u
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Xin Long <lucien.xin@gmail.com>
Link: https://patch.msgid.link/20250331091532.224982-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
[Minor conflict resolved due to code context change.]
Signed-off-by: Jianqi Ren <jianqi.ren.cn@windriver.com>
Signed-off-by: He Zhe <zhe.he@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-05-22 14:12:25 +02:00
..
6lowpan
9p 9p/net: fix improper handling of bogus negative read/write replies 2025-05-02 07:50:56 +02:00
802 net: 802: LLC+SNAP OID:PID lookup on start of skb data 2025-01-17 13:36:11 +01:00
8021q net: vlan: don't propagate flags on open 2025-04-25 10:45:16 +02:00
appletalk
atm atm: Fix NULL pointer dereference 2025-04-07 10:06:35 +02:00
ax25 ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt 2025-02-21 13:57:06 +01:00
batman-adv batman-adv: Ignore own maximum aggregation size during RX 2025-03-28 21:59:55 +01:00
bluetooth Bluetooth: MGMT: Fix MGMT_OP_ADD_DEVICE invalid device flags 2025-05-22 14:12:15 +02:00
bpf bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() 2025-02-27 04:10:50 -08:00
bpfilter
bridge net: Rename mono_delivery_time to tstamp_type for scalabilty 2025-05-09 09:43:57 +02:00
caif
can can: gw: fix RCU/BH usage in cgw_create_job() 2025-05-18 08:24:05 +02:00
ceph ceph: allocate sparse_ext map only for sparse reads 2025-01-02 10:32:00 +01:00
core bpf: Scrub packet on bpf_redirect_peer 2025-05-18 08:24:05 +02:00
dcb
dccp net: fix data-races around sk->sk_forward_alloc 2025-01-23 17:21:19 +01:00
devlink
dns_resolver
dsa net: dsa: avoid refcount warnings when ds->ops->tag_8021q_vlan_del() fails 2025-04-25 10:45:44 +02:00
ethernet ethernet: Add helper for assigning packet type when dest address does not match device address 2024-05-02 16:32:46 +02:00
ethtool net: ethtool: Don't call .cleanup_data when prepare_data fails 2025-04-25 10:45:07 +02:00
handshake
hsr net: hsr: fix fill_frame_info() regression vs VLAN packets 2025-02-08 09:52:32 +01:00
ieee802154 net: Rename mono_delivery_time to tstamp_type for scalabilty 2025-05-09 09:43:57 +02:00
ife
ipv4 net: ipv6: fix UDPv6 GSO segmentation with NAT 2025-05-09 09:44:01 +02:00
ipv6 gre: Fix again IPv6 link-local address generation. 2025-05-18 08:24:04 +02:00
iucv s390/iucv: MSG_PEEK causes memory leak in iucv_sock_destruct() 2024-12-09 10:32:33 +01:00
kcm kcm: Serialise kcm_sendmsg() for the same socket. 2024-08-29 17:33:46 +02:00
key
l2tp ipv6: introduce dst_rt6_info() helper 2024-12-14 19:59:35 +01:00
l3mdev
lapb
llc llc: do not use skb_get() before dev_queue_xmit() 2025-03-13 12:58:30 +01:00
mac80211 wifi: mac80211: Set n_channels after allocating struct cfg80211_scan_request 2025-05-22 14:12:18 +02:00
mac802154 mac802154: check local interfaces before deleting sdata list 2025-01-23 17:21:13 +01:00
mctp net: mctp: Ensure keys maintain only one ref to corresponding dev 2025-05-22 14:12:16 +02:00
mpls ipv6: introduce dst_rt6_info() helper 2024-12-14 19:59:35 +01:00
mptcp mptcp: sockopt: fix getting freebind & transparent 2025-04-25 10:45:54 +02:00
ncsi net/ncsi: use dev_set_mac_address() for Get MC MAC Address handling 2025-02-17 09:40:41 +01:00
netfilter netfilter: ipset: fix region locking in hash types 2025-05-18 08:24:05 +02:00
netlabel
netlink sock_diag: add module pointer to "struct sock_diag_handler" 2024-12-09 10:32:09 +01:00
netrom netrom: check buffer length before accessing it 2025-01-09 13:32:00 +01:00
nfc NFC: nci: Add bounds checking in nci_hci_create_pipe() 2025-02-17 09:40:38 +01:00
nsh nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment(). 2024-05-17 12:02:02 +02:00
openvswitch openvswitch: Fix unsafe attribute parsing in output_userspace() 2025-05-18 08:24:04 +02:00
packet af_packet: fix vlan_get_protocol_dgram() vs MSG_PEEK 2025-01-09 13:32:02 +01:00
phonet phonet: Handle error of rtnl_register_module(). 2024-10-17 15:24:30 +02:00
psample
qrtr net: qrtr: Update packets cloning when broadcasting 2024-10-04 16:29:41 +02:00
rds net:rds: Fix possible deadlock in rds_message_put 2024-08-19 06:04:27 +02:00
rfkill net: rfkill: gpio: Add check for clk_enable() 2024-12-09 10:32:11 +01:00
rose net: rose: lock the socket in rose_bind() 2025-02-17 09:40:13 +01:00
rxrpc rxrpc: rxperf: Fix missing decoding of terminal magic cookie 2025-03-07 16:45:38 +01:00
sched net_sched: Flush gso_skb list too during ->change() 2025-05-22 14:12:15 +02:00
sctp sctp: add mutual exclusion in proc_sctp_do_udp_port() 2025-05-22 14:12:25 +02:00
smc net/smc: fix data error when recvmsg with MSG_PEEK flag 2025-02-08 09:51:58 +01:00
strparser strparser: Add read_sock callback 2025-02-27 04:10:50 -08:00
sunrpc sunrpc: suppress warnings for unused procfs functions 2025-03-07 16:45:37 +01:00
switchdev net: switchdev: Convert blocking notification chain to a raw one 2025-03-22 12:50:39 -07:00
tipc tipc: fix NULL pointer dereference in tipc_mon_reinit_self() 2025-05-02 07:50:43 +02:00
tls net/tls: fix kernel panic when alloc_page failed 2025-05-22 14:12:18 +02:00
unix splice: do not checksum AF_UNIX sockets 2024-12-19 18:11:21 +01:00
vmw_vsock vsock: avoid timeout during connect() if the socket is closing 2025-04-10 14:37:40 +02:00
wireless wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation 2025-05-18 08:24:04 +02:00
x25
xdp xsk: fix an integer overflow in xp_create_and_assign_umem() 2025-03-28 21:59:55 +01:00
xfrm xfrm_output: Force software GSO only in tunnel mode 2025-03-28 21:59:52 +01:00
compat.c
devres.c
Kconfig
Kconfig.debug
Makefile
socket.c net: explicitly clear the sk pointer, when pf->create fails 2024-10-17 15:24:35 +02:00
sysctl_net.c sysctl: treewide: drop unused argument ctl_table_root::set_ownership(table) 2024-08-11 12:47:13 +02:00