Magnus Karlsson 83cf5c68d6 xsk: Fix use-after-free in failed shared_umem bind ... Fix use-after-free when a shared umem bind fails. The code incorrectly tried to free the allocated buffer pool both in the bind code and then later also when the socket was released. Fix this by setting the buffer pool pointer to NULL after the bind code has freed the pool, so that the socket release code will not try to free the pool. This is the same solution as the regular, non-shared umem code path has. This was missing from the shared umem path. Fixes: b5aea28dca ("xsk: Add shared umem support between queue ids") Reported-by: syzbot+5334f62e4d22804e646a@syzkaller.appspotmail.com Signed-off-by: Magnus Karlsson <magnus.karlsson@intel.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Link: https://lore.kernel.org/bpf/1599032164-25684-1-git-send-email-magnus.karlsson@intel.com		2020-09-02 23:37:19 +02:00
..
Kconfig	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00
Makefile	xsk: Introduce AF_XDP buffer allocation API	2020-05-21 17:31:26 -07:00
xdp_umem.c	xsk: Enable sharing of dma mappings	2020-08-31 21:15:04 +02:00
xdp_umem.h	xsk: Move xsk_tx_list and its lock to buffer pool	2020-08-31 21:15:04 +02:00
xsk_buff_pool.c	xsk: Fix null check on error return path	2020-09-02 20:31:50 +02:00
xsk_diag.c	xsk: Fix possible segfault in xsk umem diagnostics	2020-09-02 16:49:40 +02:00
xsk_queue.c	xsk: Remove MEM_TYPE_ZERO_COPY and corresponding code	2020-05-21 17:31:27 -07:00
xsk_queue.h	xsk: Create and free buffer pool independently from umem	2020-08-31 21:15:04 +02:00
xsk.c	xsk: Fix use-after-free in failed shared_umem bind	2020-09-02 23:37:19 +02:00
xsk.h	xsk: Fix possible segfault at xskmap entry insertion	2020-09-02 16:52:59 +02:00
xskmap.c	xsk: Fix possible segfault at xskmap entry insertion	2020-09-02 16:52:59 +02:00