linux/net
Norbert Slusarek 5d1cbcc990 net/vmw_vsock: fix NULL pointer dereference
In vsock_stream_connect(), a thread will enter schedule_timeout().
While being scheduled out, another thread can enter vsock_stream_connect()
as well and set vsk->transport to NULL. In case a signal was sent, the
first thread can leave schedule_timeout() and vsock_transport_cancel_pkt()
will be called right after. Inside vsock_transport_cancel_pkt(), a null
dereference will happen on transport->cancel_pkt.

Fixes: c0cfa2d8a7 ("vsock: add multi-transports support")
Signed-off-by: Norbert Slusarek <nslusarek@gmx.net>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Link: https://lore.kernel.org/r/trinity-c2d6cede-bfb1-44e2-85af-1fbc7f541715-1612535117028@3c-app-gmx-bap12
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2021-02-06 15:03:17 -08:00
..
6lowpan
9p 9p for 5.11-rc1 2020-12-21 10:28:02 -08:00
802
8021q net: make free_netdev() more lenient with unregistering devices 2021-01-08 19:27:41 -08:00
appletalk net: appletalk: fix kerneldoc warnings 2020-10-30 11:48:17 -07:00
atm atm: nicstar: Replace in_interrupt() usage 2020-11-18 16:43:55 -08:00
ax25
batman-adv batman-adv: Drop unused soft-interface.h include in fragmentation.c 2020-12-04 08:41:16 +01:00
bluetooth Bluetooth: Increment management interface revision 2020-12-07 17:02:00 +02:00
bpf bpf: Reject too big ctx_size_in for raw_tp test run 2021-01-13 19:31:43 -08:00
bpfilter Revert "bpfilter: Fix build error with CONFIG_BPFILTER_UMH" 2020-10-15 12:33:24 -07:00
bridge net: mrp: move struct definitions out of uapi 2021-01-23 12:38:42 -08:00
caif caif: Remove duplicate macro SRVL_CTRL_PKT_SIZE 2020-09-05 15:57:05 -07:00
can can: isotp: isotp_getname(): fix kernel information leak 2021-01-13 22:15:13 +01:00
ceph libceph: fix "Boolean result is used in bitwise operation" warning 2021-01-21 16:49:59 +01:00
core net: gro: do not keep too many GRO packets in napi->rx_list 2021-02-05 19:28:01 -08:00
dcb net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands 2021-01-12 15:55:21 -08:00
dccp selinux/stable-5.11 PR 20201214 2020-12-16 11:01:04 -08:00
decnet net: decnet: fix netdev refcount leaking on error path 2021-01-27 17:33:46 -08:00
dns_resolver
dsa net: dsa: call teardown method on probe failure 2021-02-04 20:22:00 -08:00
ethernet net: datagram: fix some kernel-doc markups 2020-11-17 14:15:03 -08:00
ethtool ethtool: fix error paths in ethnl_set_channels() 2020-12-16 13:27:17 -08:00
hsr net: hsr: align sup_multicast_addr in struct hsr_priv to u16 boundary 2021-02-02 08:57:18 -08:00
ieee802154 treewide: rename nla_strlcpy to nla_strscpy. 2020-11-16 08:08:54 -08:00
ife
ipv4 udp: ipv4: manipulate network header of NATed UDP GRO fraglist 2021-02-01 20:02:16 -08:00
ipv6 udp: ipv4: manipulate network header of NATed UDP GRO fraglist 2021-02-01 20:02:16 -08:00
iucv net/af_iucv: use DECLARE_SOCKADDR to cast from sockaddr 2020-12-08 15:56:53 -08:00
kcm
key af_key: relax availability checks for skb size calculation 2021-01-04 10:05:50 +01:00
l2tp lsm,selinux: pass flowi_common instead of flowi to the LSM hooks 2020-11-23 18:36:21 -05:00
l3mdev net: l3mdev: Fix kerneldoc warning 2020-10-30 11:43:42 -07:00
lapb net: lapb: Copy the skb before sending a packet 2021-02-02 08:40:48 -08:00
llc net: llc: Fix kerneldoc warnings 2020-10-30 11:34:09 -07:00
mac80211 wireless-drivers fixes for v5.11 2021-02-06 09:27:20 -08:00
mac802154 net: mac802154: convert tasklets to use new tasklet_setup() API 2020-11-07 10:40:56 -08:00
mpls mpls: drop skb's dst in mpls_forward() 2020-11-03 12:55:53 -08:00
mptcp mptcp: fix locking in mptcp_disconnect() 2021-01-14 11:25:21 -08:00
ncsi net/ncsi: Use real net-device for response handler 2020-12-23 12:22:23 -08:00
netfilter netfilter: flowtable: fix tcp and udp header checksum update 2021-02-04 01:10:14 +01:00
netlabel Merge https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-11-19 19:08:46 -08:00
netlink netlink: export policy in extended ACK 2020-10-09 20:22:32 -07:00
netrom
nfc NFC: fix resource leak when target index is invalid 2021-01-23 13:34:35 -08:00
nsh
openvswitch net: openvswitch: fix TTL decrement exception action execution 2020-12-14 17:18:25 -08:00
packet net: af_packet: fix procfs header for 64-bit pointers 2020-12-18 12:17:23 -08:00
phonet
psample genetlink: move to smaller ops wherever possible 2020-10-02 19:11:11 -07:00
qrtr net/qrtr: restrict user-controlled length in qrtr_tun_write_iter() 2021-02-03 16:29:06 -08:00
rds net/rds: restrict iovecs length for RDS_CMSG_RDMA_ARGS 2021-02-02 08:44:08 -08:00
rfkill rfkill: add a reason to the HW rfkill state 2020-12-11 12:47:17 +01:00
rose rose: Fix Null pointer dereference in rose_send_frame() 2020-11-20 10:04:58 -08:00
rxrpc rxrpc: Fix clearance of Tx/Rx ring when releasing a call 2021-02-04 18:11:08 -08:00
sched net_sched: avoid shift-out-of-bounds in tcindex_set_parms() 2021-01-15 18:11:10 -08:00
sctp sctp: Fix some typo 2020-11-23 17:44:11 -08:00
smc net/smc: use memcpy instead of snprintf to avoid out of bounds read 2021-01-12 20:22:01 -08:00
strparser
sunrpc SUNRPC: Handle 0 length opaque XDR object data properly 2021-01-25 15:59:12 -05:00
switchdev net: switchdev: don't set port_obj_info->handled true when -EOPNOTSUPP 2021-01-27 16:41:59 -08:00
tipc net: tip: fix a couple kernel-doc markups 2021-01-14 10:30:24 -08:00
tls net: fix proc_fs init handling in af_packet and tls 2020-12-14 19:39:30 -08:00
unix networking changes for the 5.10 merge window 2020-10-15 18:42:13 -07:00
vmw_vsock net/vmw_vsock: fix NULL pointer dereference 2021-02-06 15:03:17 -08:00
wireless wext: fix NULL-ptr-dereference with cfg80211's lack of commit() 2021-01-26 11:59:42 +01:00
x25 net: x25: Remove unimplemented X.25-over-LLC code stubs 2020-12-12 17:15:33 -08:00
xdp xsk: Clear pool even for inactive queues 2021-01-19 22:47:04 +01:00
xfrm Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2021-01-21 11:05:10 -08:00
compat.c iov_iter: transparently handle compat iovecs in import_iovec 2020-10-03 00:02:13 -04:00
devres.c
Kconfig wimax: move out to staging 2020-10-29 19:27:45 +01:00
Makefile wimax: move out to staging 2020-10-29 19:27:45 +01:00
socket.c for-5.11/io_uring-2020-12-14 2020-12-16 12:44:05 -08:00
sysctl_net.c