linux/net
Duoming Zhou 7781607938 net/x25: Fix null-ptr-deref caused by x25_disconnect
When the link layer is terminating, x25->neighbour will be set to NULL
in x25_disconnect(). As a result, it could cause null-ptr-deref bugs in
x25_sendmsg(),x25_recvmsg() and x25_connect(). One of the bugs is
shown below.

    (Thread 1)                 |  (Thread 2)
x25_link_terminated()          | x25_recvmsg()
 x25_kill_by_neigh()           |  ...
  x25_disconnect()             |  lock_sock(sk)
   ...                         |  ...
   x25->neighbour = NULL //(1) |
   ...                         |  x25->neighbour->extended //(2)

The code sets NULL to x25->neighbour in position (1) and dereferences
x25->neighbour in position (2), which could cause null-ptr-deref bug.

This patch adds lock_sock() in x25_kill_by_neigh() in order to synchronize
with x25_sendmsg(), x25_recvmsg() and x25_connect(). What`s more, the
sock held by lock_sock() is not NULL, because it is extracted from x25_list
and uses x25_list_lock to synchronize.

Fixes: 4becb7ee5b ("net/x25: Fix x25_neigh refcnt leak when x25 disconnect")
Signed-off-by: Duoming Zhou <duoming@zju.edu.cn>
Reviewed-by: Lin Ma <linma@zju.edu.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
2022-03-26 11:48:16 -07:00
..
6lowpan net: don't include ndisc.h from ipv6.h 2022-02-04 14:15:11 -08:00
9p xen/9p: use alloc/free_pages_exact() 2022-03-07 09:48:55 +01:00
802
8021q vlan: use correct format characters 2022-03-17 16:34:49 -07:00
appletalk
atm proc: remove PDE_DATA() completely 2022-01-22 08:33:37 +02:00
ax25 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-23 10:53:49 -07:00
batman-adv batman-adv: Use netif_rx(). 2022-03-07 11:40:41 +00:00
bluetooth Bluetooth: call hci_le_conn_failed with hdev lock in hci_le_conn_failed 2022-03-18 17:12:08 +01:00
bpf bpf, test_run: Fix packet size check for live packet mode 2022-03-11 22:01:26 +01:00
bpfilter uaccess: remove CONFIG_SET_FS 2022-02-25 09:36:06 +01:00
bridge net: bridge: mst: Restrict info size queries to bridge ports 2022-03-23 10:32:44 -07:00
caif net: caif: Use netif_rx(). 2022-03-04 12:02:19 +00:00
can can: isotp: support MSG_TRUNC flag when reading from socket 2022-03-16 21:41:40 +01:00
ceph libceph: optionally use bounce buffer on recv path in crc mode 2022-02-02 18:50:36 +01:00
core Networking changes for 5.18. 2022-03-24 13:13:26 -07:00
dcb net: dcb: disable softirqs in dcbnl_flush_dev() 2022-03-03 08:01:55 -08:00
dccp dccp: remove max48() 2022-01-27 13:53:27 +00:00
decnet net: decnet: use time_is_before_jiffies() instead of open coding it 2022-02-28 13:21:32 +00:00
dns_resolver
dsa Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-23 10:53:49 -07:00
ethernet
ethtool ethtool: add support to set/get completion queue event size 2022-02-23 20:33:05 -08:00
hsr net: add per-cpu storage and net->core_stats 2022-03-11 23:17:24 -08:00
ieee802154 net: ipv6: Handle delivery_time in ipv6 defrag 2022-03-03 14:38:48 +00:00
ife
ipv4 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-23 10:53:49 -07:00
ipv6 netfilter: nft_fib: add reduce support 2022-03-20 00:29:47 +01:00
iucv s390/iucv: sort out physical vs virtual pointers usage 2022-02-22 16:09:13 -08:00
kcm net: Don't include filter.h from net/sock.h 2021-12-29 08:48:14 -08:00
key af_key: add __GFP_ZERO flag for compose_sadb_supported in function pfkey_register 2022-03-10 07:39:47 +01:00
l2tp
l3mdev net: Add l3mdev index to flow struct and avoid oif reset for port devices 2022-03-15 20:20:02 -07:00
lapb
llc llc: only change llc->dev when bind() succeeds 2022-03-25 16:55:41 -07:00
mac80211 mac80211: update bssid_indicator in ieee80211_assign_beacon 2022-03-15 11:50:33 +01:00
mac802154
mctp mctp: Avoid warning if unregister notifies twice 2022-02-25 22:23:23 -08:00
mpls net: mpls: Fix GCC 12 warning 2022-02-10 15:29:39 +00:00
mptcp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-23 10:53:49 -07:00
ncsi all: replace find_next{,_zero}_bit with find_first{,_zero}_bit where appropriate 2022-01-15 08:47:31 -08:00
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-23 10:53:49 -07:00
netlabel netlabel: fix out-of-bounds memory accesses 2022-03-21 10:59:11 +00:00
netlink af_netlink: Fix shift out of bounds in group mask calculation 2022-03-18 21:47:14 -07:00
netrom netrom: fix api breakage in nr_setsockopt() 2022-01-07 14:11:05 +00:00
nfc nfc: llcp: Revert "NFC: Keep socket alive until the DISC PDU is actually sent" 2022-03-03 10:43:37 +00:00
nsh
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-23 10:53:49 -07:00
packet Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-17 13:56:58 -07:00
phonet phonet: Use netif_rx(). 2022-03-07 11:40:41 +00:00
psample
qrtr
rds
rfkill rfkill: make new event layout opt-in 2022-03-18 13:09:17 +02:00
rose net: Don't include filter.h from net/sock.h 2021-12-29 08:48:14 -08:00
rxrpc rxrpc: Adjust retransmission backoff 2022-01-22 02:03:24 +00:00
sched net/sched: add vlan push_eth and pop_eth action to the hardware IR 2022-03-16 19:59:36 -07:00
sctp selinux/stable-5.18 PR 20220321 2022-03-21 20:47:54 -07:00
smc net/smc: fix -Wmissing-prototypes warning when CONFIG_SYSCTL not set 2022-03-09 20:02:35 -08:00
strparser
sunrpc Networking changes for 5.18. 2022-03-24 13:13:26 -07:00
switchdev net: switchdev: remove lag_mod_cb from switchdev_handle_fdb_event_to_device 2022-02-24 21:31:43 -08:00
tipc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-23 10:53:49 -07:00
tls net/tls: optimize judgement processes in tls_set_device_offload() 2022-03-21 14:58:16 -07:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-23 10:53:49 -07:00
vmw_vsock vsock/virtio: enable VQs early on probe 2022-03-24 18:36:36 -07:00
wireless brcmfmac 2022-03-11 13:00:17 -08:00
x25 net/x25: Fix null-ptr-deref caused by x25_disconnect 2022-03-26 11:48:16 -07:00
xdp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-23 10:53:49 -07:00
xfrm Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ 2022-03-19 14:49:08 +00:00
compat.c
devres.c
Kconfig page_pool: Add allocation stats 2022-03-03 09:55:28 +00:00
Kconfig.debug
Makefile
socket.c fs: allocate inode by using alloc_inode_sb() 2022-03-22 15:57:03 -07:00
sysctl_net.c