linux/net
Magnus Karlsson 83cf5c68d6 xsk: Fix use-after-free in failed shared_umem bind
Fix use-after-free when a shared umem bind fails. The code incorrectly
tried to free the allocated buffer pool both in the bind code and then
later also when the socket was released. Fix this by setting the
buffer pool pointer to NULL after the bind code has freed the pool, so
that the socket release code will not try to free the pool. This is
the same solution as the regular, non-shared umem code path has. This
was missing from the shared umem path.

Fixes: b5aea28dca ("xsk: Add shared umem support between queue ids")
Reported-by: syzbot+5334f62e4d22804e646a@syzkaller.appspotmail.com
Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/1599032164-25684-1-git-send-email-magnus.karlsson@intel.com
2020-09-02 23:37:19 +02:00
..
6lowpan treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
9p 9p pull request for inclusion in 5.9 2020-08-15 08:34:36 -07:00
802
8021q net: get rid of lockdep_set_class_and_subclass() 2020-06-28 21:37:23 -07:00
appletalk appletalk: Fix atalk_proc_init() return path 2020-08-03 15:48:32 -07:00
atm mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
ax25 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-07-25 17:49:04 -07:00
batman-adv batman-adv: Migrate to linux/prandom.h 2020-08-18 19:39:54 +02:00
bluetooth mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
bpf bpf: Allow to specify ifindex for skb in bpf_prog_test_run_skb 2020-08-03 23:32:23 +02:00
bpfilter bpf: Add kernel module with user mode driver that populates bpffs. 2020-08-20 16:02:36 +02:00
bridge netlink: consistently use NLA_POLICY_EXACT_LEN() 2020-08-18 12:28:45 -07:00
caif net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
can can: j1939: add rxtimer for multipacket broadcast session 2020-08-15 11:12:58 +02:00
ceph libceph: replace HTTP links with HTTPS ones 2020-08-03 11:05:26 +02:00
core Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-09-01 13:22:59 -07:00
dcb dcb_doit: remove redundant skb check 2020-06-23 20:27:09 -07:00
dccp net: dccp: delete repeated words 2020-08-24 17:31:20 -07:00
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2020-08-03 16:03:18 -07:00
dns_resolver docs: networking: convert dns_resolver.txt to ReST 2020-04-28 14:39:46 -07:00
dsa net: dsa: stop overriding master's ndo_get_phys_port_name 2020-07-23 15:14:58 -07:00
ethernet net: move devres helpers into a separate source file 2020-05-23 16:56:17 -07:00
ethtool Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-09-01 13:22:59 -07:00
hsr hsr: Use %pM format specifier for MAC addresses 2020-07-31 16:46:26 -07:00
ieee802154 net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
ife
ipv4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-09-01 13:22:59 -07:00
ipv6 Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2020-09-01 13:22:59 -07:00
iucv Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-08-05 20:13:21 -07:00
kcm net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
key Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-08-02 01:02:12 -07:00
l2tp l2tp: remove tunnel and session debug flags field 2020-08-22 12:44:37 -07:00
l3mdev l3mdev: add infrastructure for table to VRF mapping 2020-06-20 17:22:22 -07:00
lapb treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
llc net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
mac80211 mac80211: rename csa counters to countdown counters 2020-08-27 14:12:15 +02:00
mac802154 mm, treewide: rename kzfree() to kfree_sensitive() 2020-08-07 11:33:22 -07:00
mpls net: Removed the device type check to add mpls support for devices 2020-07-27 11:40:47 -07:00
mptcp mptcp: Remove unused macro MPTCP_SAME_STATE 2020-08-31 12:37:40 -07:00
ncsi net/ncsi: use eth_zero_addr() to clear mac address 2020-07-23 11:49:41 -07:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2020-08-16 16:05:36 -07:00
netlabel netlabel: remove unused param from audit_log_format() 2020-08-28 09:08:51 -07:00
netlink netlink: policy: correct validation type check 2020-08-31 12:01:15 -07:00
netrom net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
nfc net/nfc/rawsock.c: add CAP_NET_RAW check. 2020-08-11 10:34:30 -07:00
nsh treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
openvswitch net: openvswitch: fixes crash if nf_conncount_init() fails 2020-09-01 13:23:23 -07:00
packet af_packet: TPACKET_V3: fix fill status rwlock imbalance 2020-08-13 15:37:30 -07:00
phonet net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
psample net: psample: fix build error when CONFIG_INET is not enabled 2020-05-23 16:36:05 -07:00
qrtr net: qrtr: fix usage of idr in port assignment to socket 2020-08-17 15:00:41 -07:00
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-08-02 01:02:12 -07:00
rfkill
rose net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
rxrpc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-08-02 01:02:12 -07:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-08-23 11:48:27 -07:00
sctp net: sctp: ulpqueue.c: delete duplicated word 2020-08-24 16:21:43 -07:00
smc net/smc: Prevent kernel-infoleak in __smc_diag_dump() 2020-08-20 12:07:31 -07:00
strparser
sunrpc sunrpc: Avoid comma separated statements 2020-08-25 07:54:19 -07:00
switchdev net: switchdev: kerneldoc fixes 2020-07-13 17:20:40 -07:00
tipc tipc: Remove unused macro TIPC_NACK_INTV 2020-08-31 12:39:07 -07:00
tls net/tls: Implement getsockopt SOL_TLS TLS_RX 2020-09-01 11:47:12 -07:00
unix net: make ->{get,set}sockopt in proto_ops optional 2020-07-19 18:16:41 -07:00
vmw_vsock vsock: fix potential null pointer dereference in vsock_poll() 2020-08-12 12:56:06 -07:00
wimax
wireless nl80211: support SAE authentication offload in AP mode 2020-08-27 15:19:44 +02:00
x25 net: pass a sockptr_t into ->setsockopt 2020-07-24 15:41:54 -07:00
xdp xsk: Fix use-after-free in failed shared_umem bind 2020-09-02 23:37:19 +02:00
xfrm A set of locking fixes and updates: 2020-08-10 19:07:44 -07:00
Kconfig net: ethtool: Remove PHYLIB direct dependency 2020-07-07 15:41:05 -07:00
Makefile net: move devres helpers into a separate source file 2020-05-23 16:56:17 -07:00
compat.c net/scm: Fix typo in SCM_RIGHTS compat refactoring 2020-08-07 12:43:25 -07:00
devres.c net: devres: rename the release callback of devm_register_netdev() 2020-06-30 15:57:34 -07:00
socket.c io_uring: allow tcp ancillary data for __sys_recvmsg_sock() 2020-08-24 16:16:06 -07:00
sysctl_net.c