openkylin
/
platform_kernel-5.15
mirror of https://gitee.com/openkylin/platform_kernel-5.15.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
platform_kernel-5.15/net
History
Wei Yongjun 46ef5b89ec ip6_gre: fix null-ptr-deref in ip6gre_init_net() 
KASAN report null-ptr-deref error when register_netdev() failed:

KASAN: null-ptr-deref in range [0x00000000000003c0-0x00000000000003c7]
CPU: 2 PID: 422 Comm: ip Not tainted 5.8.0-rc4+ #12
Call Trace:
 ip6gre_init_net+0x4ab/0x580
 ? ip6gre_tunnel_uninit+0x3f0/0x3f0
 ops_init+0xa8/0x3c0
 setup_net+0x2de/0x7e0
 ? rcu_read_lock_bh_held+0xb0/0xb0
 ? ops_init+0x3c0/0x3c0
 ? kasan_unpoison_shadow+0x33/0x40
 ? __kasan_kmalloc.constprop.0+0xc2/0xd0
 copy_net_ns+0x27d/0x530
 create_new_namespaces+0x382/0xa30
 unshare_nsproxy_namespaces+0xa1/0x1d0
 ksys_unshare+0x39c/0x780
 ? walk_process_tree+0x2a0/0x2a0
 ? trace_hardirqs_on+0x4a/0x1b0
 ? _raw_spin_unlock_irq+0x1f/0x30
 ? syscall_trace_enter+0x1a7/0x330
 ? do_syscall_64+0x1c/0xa0
 __x64_sys_unshare+0x2d/0x40
 do_syscall_64+0x56/0xa0
 entry_SYSCALL_64_after_hwframe+0x44/0xa9

ip6gre_tunnel_uninit() has set 'ign->fb_tunnel_dev' to NULL, later
access to ign->fb_tunnel_dev cause null-ptr-deref. Fix it by saving
'ign->fb_tunnel_dev' to local variable ndev.

Fixes: dafabb6590 ("ip6_gre: fix use-after-free in ip6gre_tunnel_lookup()")
Reported-by: Hulk Robot <hulkci@huawei.com>
Signed-off-by: Wei Yongjun <weiyongjun1@huawei.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2020-07-13 17:32:17 -07:00
..
6lowpan treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
9p net: Add MODULE_DESCRIPTION entries to network modules 2020-06-20 21:33:57 -07:00
802 net: 802: psnap.c: Use built-in RCU list checking 2020-02-24 13:02:53 -08:00
8021q net: get rid of lockdep_set_class_and_subclass() 2020-06-28 21:37:23 -07:00
appletalk ipv4,appletalk: move SIOCADDRT and SIOCDELRT handling into ->compat_ioctl 2020-05-18 17:35:02 -07:00
atm Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-06-13 16:27:13 -07:00
ax25 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-05-24 13:47:27 -07:00
batman-adv net: change addr_list_lock back to static key 2020-06-09 12:59:45 -07:00
bluetooth Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net-next 2020-06-03 16:27:18 -07:00
bpf bpf: Add tests for PTR_TO_BTF_ID vs. null comparison 2020-06-30 22:21:29 +02:00
bpfilter bpfilter: switch to kernel_write 2020-07-08 08:27:56 +02:00
bridge bridge: mcast: Fix MLD2 Report IPv6 payload length check 2020-07-07 15:37:57 -07:00
caif treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
can treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
ceph libceph: don't omit used_replica in target_copy() 2020-06-16 16:02:08 +02:00
core Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-07-10 18:16:22 -07:00
dcb treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
dccp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-06-13 16:27:13 -07:00
decnet treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
dns_resolver docs: networking: convert dns_resolver.txt to ReST 2020-04-28 14:39:46 -07:00
dsa dsa: Allow forwarding of redirected IGMP traffic 2020-06-24 14:39:43 -07:00
ethernet net: move devres helpers into a separate source file 2020-05-23 16:56:17 -07:00
ethtool ethtool: fix genlmsg_put() failure handling in ethnl_default_dumpit() 2020-07-09 12:35:33 -07:00
hsr hsr: fix interface leak in error path of hsr_dev_finalize() 2020-07-04 18:02:48 -07:00
ieee802154 treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
ife
ipv4 tcp: make sure listeners don't initialize congestion-control state 2020-07-09 13:07:45 -07:00
ipv6 ip6_gre: fix null-ptr-deref in ip6gre_init_net() 2020-07-13 17:32:17 -07:00
iucv net/af_iucv: clean up function prototypes 2020-05-19 12:50:14 -07:00
kcm treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
key
l2tp l2tp: remove skb_dst_set() from l2tp_xmit_skb() 2020-07-08 15:24:33 -07:00
l3mdev treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
lapb treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
llc llc: make sure applications use ARPHRD_ETHER 2020-06-28 21:41:23 -07:00
mac80211 mac80211: allow rx of mesh eapol frames with default rx key 2020-06-25 12:55:45 +02:00
mac802154 treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
mpls treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
mptcp mptcp: fix DSS map generation on fin retransmission 2020-07-07 15:27:37 -07:00
ncsi treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
netfilter netfilter: conntrack: refetch conntrack after nf_conntrack_update() 2020-07-03 14:47:03 +02:00
netlabel treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
netlink genetlink: remove genl_bind 2020-07-01 15:49:11 -07:00
netrom net: change addr_list_lock back to static key 2020-06-09 12:59:45 -07:00
nfc treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
nsh treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
openvswitch openvswitch: take into account de-fragmentation/gso_size in execute_check_pkt_len 2020-06-24 14:34:58 -07:00
packet treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
phonet sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
psample net: psample: fix build error when CONFIG_INET is not enabled 2020-05-23 16:36:05 -07:00
qrtr net: qrtr: Fix an out of bounds read qrtr_endpoint_post() 2020-06-30 18:36:13 -07:00
rds rds: If one path needs re-connection, check all and re-connect 2020-07-01 17:35:17 -07:00
rfkill
rose net: change addr_list_lock back to static key 2020-06-09 12:59:45 -07:00
rxrpc rxrpc: Fix notification call on completion of discarded calls 2020-06-20 21:31:43 -07:00
sched net_sched: fix a memory leak in atm_tc_init() 2020-07-09 12:31:28 -07:00
sctp sctp: Don't advertise IPv4 addresses if ipv6only is set on the socket 2020-06-25 16:11:33 -07:00
smc net/smc: tolerate future SMCD versions 2020-07-08 12:35:15 -07:00
strparser
sunrpc Fixes for a umask bug on exported filesystems lacking ACL support, a 2020-07-02 20:35:33 -07:00
switchdev treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
tipc tipc: fix retransmission on unicast links 2020-07-08 15:39:50 -07:00
tls treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
unix treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
vmw_vsock vsock/vmci: make vmci_vsock_transport_cb() static 2020-06-05 13:18:26 -07:00
wimax
wireless nl80211: fix memory leak when parsing NL80211_ATTR_HE_BSS_COLOR 2020-06-26 11:52:57 +02:00
x25 treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
xdp xsk: Use dma_need_sync instead of reimplenting it 2020-06-30 15:44:03 +02:00
xfrm net: xfrmi: implement header_ops->parse_protocol for AF_PACKET 2020-06-30 12:29:39 -07:00
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Makefile net: move devres helpers into a separate source file 2020-05-23 16:56:17 -07:00
compat.c switch cmsghdr_from_user_compat_to_kern() to copy_from_user() 2020-06-01 12:05:45 -07:00
devres.c net: devres: provide devm_register_netdev() 2020-05-23 16:56:17 -07:00
socket.c net: remove kernel_setsockopt 2020-05-29 13:10:39 -07:00
sysctl_net.c