Emulation/switch-linux
1
0
Fork 0
mirror of https://github.com/fail0verflow/switch-linux.git synced 2025-05-04 02:34:21 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
switch-linux/include/net
History
Xin Long d25adbeb0c sctp: fix an use-after-free issue in sctp_sock_dump 
Commit 86fdb3448c ("sctp: ensure ep is not destroyed before doing the
dump") tried to fix an use-after-free issue by checking !sctp_sk(sk)->ep
with holding sock and sock lock.

But Paolo noticed that endpoint could be destroyed in sctp_rcv without
sock lock protection. It means the use-after-free issue still could be
triggered when sctp_rcv put and destroy ep after sctp_sock_dump checks
!ep, although it's pretty hard to reproduce.

I could reproduce it by mdelay in sctp_rcv while msleep in sctp_close
and sctp_sock_dump long time.

This patch is to add another param cb_done to sctp_for_each_transport
and dump ep->assocs with holding tsp after jumping out of transport's
traversal in it to avoid this issue.

It can also improve sctp diag dump to make it run faster, as no need
to save sk into cb->args[5] and keep calling sctp_for_each_transport
any more.

This patch is also to use int * instead of int for the pos argument
in sctp_for_each_transport, which could make postion increment only
in sctp_for_each_transport and no need to keep changing cb->args[2]
in sctp_sock_filter and sctp_sock_dump any more.

Fixes: 86fdb3448c ("sctp: ensure ep is not destroyed before doing the dump")
Reported-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-09-15 14:47:49 -07:00
..
9p
bluetooth Bluetooth: make baswap src const 2017-09-01 22:49:47 +02:00
caif
iucv
netfilter netfilter: nat: Revert "netfilter: nat: convert nat bysrc hash to rhashtable" 2017-09-08 18:55:50 +02:00
netns Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-09-03 17:08:42 -07:00
nfc
phonet
sctp sctp: fix an use-after-free issue in sctp_sock_dump 2017-09-15 14:47:49 -07:00
tc_act
6lowpan.h
act_api.h net_sched: get rid of tcfa_rcu 2017-09-12 20:41:02 -07:00
addrconf.h
af_ieee802154.h
af_rxrpc.h rxrpc: Allow failed client calls to be retried 2017-08-29 10:55:20 +01:00
af_unix.h
af_vsock.h
ah.h
arp.h
atmclip.h
ax25.h
ax88796.h
bond_3ad.h
bond_alb.h
bond_options.h
bonding.h
busy_poll.h
calipso.h
cfg80211-wext.h
cfg80211.h
cfg802154.h
checksum.h
cipso_ipv4.h
cls_cgroup.h
codel.h
codel_impl.h
codel_qdisc.h
compat.h
datalink.h
dcbevent.h
dcbnl.h
devlink.h devlink: Add IPv6 header for dpipe 2017-08-31 14:42:19 -07:00
dn.h
dn_dev.h
dn_fib.h
dn_neigh.h
dn_nsp.h
dn_route.h
dsa.h net: dsa: Allow switch drivers to indicate number of TX queues 2017-09-05 11:53:34 -07:00
dsfield.h
dst.h
dst_cache.h
dst_metadata.h
dst_ops.h
erspan.h
esp.h
ethoc.h
fib_notifier.h net: Add module reference to FIB notifiers 2017-09-01 20:33:42 -07:00
fib_rules.h
firewire.h
flow.h
flow_dissector.h flow_dissector: Cleanup control flow 2017-09-05 11:40:08 -07:00
fou.h
fq.h
fq_impl.h
garp.h
gen_stats.h
genetlink.h
geneve.h
gre.h
gro_cells.h
gtp.h
gue.h
hwbm.h
icmp.h
ieee80211_radiotap.h
ieee802154_netdev.h
if_inet6.h
ife.h
ila.h
inet6_connection_sock.h
inet6_hashtables.h
inet_common.h
inet_connection_sock.h
inet_ecn.h
inet_frag.h Revert "net: fix percpu memory leaks" 2017-09-03 11:01:05 -07:00
inet_hashtables.h
inet_sock.h
inet_timewait_sock.h
inetpeer.h
ip.h
ip6_checksum.h
ip6_fib.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
ip6_route.h ipv6: Use rt6i_idev index for echo replies to a local address 2017-08-29 15:32:25 -07:00
ip6_tunnel.h
ip_fib.h
ip_tunnels.h gre: add collect_md mode to ERSPAN tunnel 2017-08-28 15:04:52 -07:00
ip_vs.h
ipcomp.h
ipconfig.h
ipv6.h
ipx.h
iw_handler.h
kcm.h
l3mdev.h
lapb.h
lib80211.h
llc.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
lwtunnel.h
mac80211.h mac80211: fix VLAN handling with TXQs 2017-09-05 11:28:43 +02:00
mac802154.h
mip6.h
mld.h
mpls.h
mpls_iptunnel.h
mrp.h
ncsi.h net/ncsi: fix ncsi_vlan_rx_{add,kill}_vid references 2017-09-05 09:11:45 -07:00
ndisc.h
neighbour.h
net_namespace.h
net_ratelimit.h
netevent.h
netlabel.h
netlink.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2017-09-03 17:08:42 -07:00
netprio_cgroup.h
netrom.h
nexthop.h
nl802154.h
nsh.h net: add NSH header structures and helpers 2017-08-29 15:16:52 -07:00
p8022.h
ping.h
pkt_cls.h
pkt_sched.h
pptp.h
protocol.h
psample.h
psnap.h
raw.h
rawv6.h
red.h
regulatory.h
request_sock.h
rose.h
route.h ipv4: Don't override return code from ip_route_input_noref() 2017-09-03 10:54:27 -07:00
rtnetlink.h
sch_generic.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
scm.h
secure_seq.h
seg6.h
seg6_hmac.h
slhc_vj.h
smc.h
snmp.h
sock.h neigh: increase queue_len_bytes to match wmem_default 2017-08-29 16:10:50 -07:00
sock_reuseport.h
Space.h
stp.h
strparser.h
switchdev.h
tcp.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
tcp_states.h
timewait_sock.h
tls.h
transp_v6.h
tso.h
tun_proto.h vxlan: factor out VXLAN-GPE next protocol 2017-08-29 15:16:52 -07:00
udp.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
udp_tunnel.h
udplite.h
vsock_addr.h
vxlan.h vxlan: factor out VXLAN-GPE next protocol 2017-08-29 15:16:52 -07:00
wext.h
wimax.h
x25.h
x25device.h
xfrm.h xfrm: Add support for network devices capable of removing the ESP trailer 2017-08-31 09:04:03 +02:00