leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
f60439bc21
linux/net
History
Vegard Nossum d2fbdf76b8 tipc: fix NULL pointer dereference in shutdown() 
tipc_msg_create() can return a NULL skb and if so, we shouldn't try to
call tipc_node_xmit_skb() on it.

    general protection fault: 0000 [] PREEMPT SMP KASAN
    CPU: 3 PID: 30298 Comm: trinity-c0 Not tainted 4.7.0-rc7+ 
    Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Ubuntu-1.8.2-1ubuntu1 04/01/2014
    task: ffff8800baf09980 ti: ffff8800595b8000 task.ti: ffff8800595b8000
    RIP: 0010:[<ffffffff830bb46b>]  [<ffffffff830bb46b>] tipc_node_xmit_skb+0x6b/0x140
    RSP: 0018:ffff8800595bfce8  EFLAGS: 00010246
    RAX: 0000000000000000 RBX: 0000000000000000 RCX: 000000003023b0e0
    RDX: 0000000000000000 RSI: dffffc0000000000 RDI: ffffffff83d12580
    RBP: ffff8800595bfd78 R08: ffffed000b2b7f32 R09: 0000000000000000
    R10: fffffbfff0759725 R11: 0000000000000000 R12: 1ffff1000b2b7f9f
    R13: ffff8800595bfd58 R14: ffffffff83d12580 R15: dffffc0000000000
    FS:  00007fcdde242700(0000) GS:ffff88011af80000(0000) knlGS:0000000000000000
    CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
    CR2: 00007fcddde1db10 CR3: 000000006874b000 CR4: 00000000000006e0
    DR0: 00007fcdde248000 DR1: 00007fcddd73d000 DR2: 00007fcdde248000
    DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000090602
    Stack:
     0000000000000018 0000000000000018 0000000041b58ab3 ffffffff83954208
     ffffffff830bb400 ffff8800595bfd30 ffffffff8309d767 0000000000000018
     0000000000000018 ffff8800595bfd78 ffffffff8309da1a 00000000810ee611
    Call Trace:
     [<ffffffff830c84a3>] tipc_shutdown+0x553/0x880
     [<ffffffff825b4a3b>] SyS_shutdown+0x14b/0x170
     [<ffffffff8100334c>] do_syscall_64+0x19c/0x410
     [<ffffffff83295ca5>] entry_SYSCALL64_slow_path+0x25/0x25
    Code: 90 00 b4 0b 83 c7 00 f1 f1 f1 f1 4c 8d 6d e0 c7 40 04 00 00 00 f4 c7 40 08 f3 f3 f3 f3 48 89 d8 48 c1 e8 03 c7 45 b4 00 00 00 00 <80> 3c 30 00 75 78 48 8d 7b 08 49 8d 75 c0 48 b8 00 00 00 00 00
    RIP  [<ffffffff830bb46b>] tipc_node_xmit_skb+0x6b/0x140
     RSP <ffff8800595bfce8>
    ---[ end trace 57b0484e351e71f1 ]---

I feel like we should maybe return -ENOMEM or -ENOBUFS, but I'm not sure
userspace is equipped to handle that. Anyway, this is better than a GPF
and looks somewhat consistent with other tipc_msg_create() callers.

Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Acked-by: Ying Xue <ying.xue@windriver.com>
Acked-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2016-08-15 13:55:36 -07:00
..
6lowpan
9p
802
8021q net: remove type_check from dev_get_nest_level() 2016-08-13 15:15:54 -07:00
appletalk
atm
ax25
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-07-24 00:53:32 -04:00
bluetooth
bridge bridge: Fix problems around fdb entries pointing to the bridge device 2016-08-09 21:42:44 -07:00
caif
can
ceph libceph: fsmap.user subscription support 2016-07-28 03:00:40 +02:00
core net: remove type_check from dev_get_nest_level() 2016-08-13 15:15:54 -07:00
dcb
dccp Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2016-07-29 17:38:46 -07:00
decnet
dns_resolver
dsa
ethernet
hsr
ieee802154
ipv4 gre: set inner_protocol on xmit 2016-08-15 13:37:12 -07:00
ipv6 gre: set inner_protocol on xmit 2016-08-15 13:37:12 -07:00
ipx
irda net/irda: handle iriap_register_lsap() allocation failure 2016-08-13 15:09:07 -07:00
iucv Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2016-07-29 17:38:46 -07:00
kcm kcm: remove redundant -ve error check and return path 2016-07-25 11:17:16 -07:00
key
l2tp l2tp: Correctly return -EBADF from pppol2tp_getname. 2016-07-26 15:19:46 -07:00
l3mdev
lapb
llc
mac80211 mac80211: Add ieee80211_hw pointer to get_expected_throughput 2016-08-05 14:23:25 +02:00
mac802154
mpls
ncsi net/ncsi: avoid maybe-uninitialized warning 2016-07-25 10:32:59 -07:00
netfilter netfilter: nft_exthdr: Add size check on u8 nft_exthdr attributes 2016-08-10 13:10:13 +02:00
netlabel
netlink
netrom
nfc
openvswitch openvswitch: do not ignore netdev errors when creating tunnel vports 2016-08-10 23:13:23 -07:00
packet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-07-24 00:53:32 -04:00
phonet
qrtr
rds
rfkill
rose
rxrpc rxrpc: Free packets discarded in data_ready 2016-08-09 17:13:56 +01:00
sched net_sched: get rid of struct tcf_common 2016-07-25 21:49:20 -07:00
sctp net/sctp: always initialise sctp_ht_iter::start_fail 2016-08-13 15:10:16 -07:00
sunrpc NFS client updates for Linux 4.8 2016-07-30 16:33:25 -07:00
switchdev
tipc tipc: fix NULL pointer dereference in shutdown() 2016-08-15 13:55:36 -07:00
unix af_unix: charge buffers to kmemcg 2016-07-26 16:19:19 -07:00
vmw_vsock
wimax
wireless nl80211: correct checks for NL80211_MESHCONF_HT_OPMODE value 2016-08-05 14:14:54 +02:00
x25
xfrm
compat.c
Kconfig
Makefile
socket.c
sysctl_net.c