linux_dsm_epyc7002/net
Johannes Berg 3a5a423bb9 nl80211: fix attrbuf access race by allocating a separate one
Since my commit 3713b4e364 ("nl80211: allow splitting wiphy
information in dumps"), nl80211_dump_wiphy() uses the global
nl80211_fam.attrbuf for parsing the incoming data. This wouldn't
be a problem if it only did so on the first dump iteration which
is locked against other commands in generic netlink, but due to
space constraints in cb->args (the needed state doesn't fit) I
decided to always parse the original message. That's racy though
since nl80211_fam.attrbuf could be used by some other parsing in
generic netlink concurrently.

For now, fix this by allocating a separate parse buffer (it's a
bit too big for the stack, currently 1448 bytes on 64-bit). For
-next, I'll change the code to parse into the global buffer in
the first round only and then allocate a smaller buffer to keep
the data in cb->args.

Reported-by: Linus Torvalds <torvalds@linux-foundation.org>
Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: John W. Linville <linville@tuxdriver.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
2013-06-19 18:31:20 +02:00
..
9p Lots of virtio work which wasn't quite ready for last merge window. Plus 2013-05-02 14:14:04 -07:00
802 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-22 20:32:51 -04:00
8021q net: vlan,ethtool: netdev_features_t is more than 32 bit 2013-05-02 13:58:12 -04:00
appletalk appletalk: info leak in ->getname() 2013-04-25 01:47:58 -04:00
atm Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
ax25 ax25: fix info leak via msg_name in ax25_recvmsg() 2013-04-07 16:28:00 -04:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-30 03:55:20 -04:00
bluetooth Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
bridge bridge: fix race with topology change timer 2013-05-03 16:08:58 -04:00
caif caif: Remove bouncing address for Daniel Martensson 2013-04-23 13:25:51 -04:00
can Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
ceph libceph: use slab cache for osd client requests 2013-05-02 11:58:41 -05:00
core gso: Handle Trans-Ether-Bridging protocol in skb_network_protocol() 2013-05-08 13:13:30 -07:00
dcb rtnetlink: Remove passing of attributes into rtnl_doit functions 2013-03-22 10:31:16 -04:00
dccp tcp: Remove TCPCT 2013-03-17 14:35:13 -04:00
decnet decnet: remove duplicated include from dn_table.c 2013-04-07 17:12:01 -04:00
dns_resolver Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2012-12-16 15:40:50 -08:00
dsa dsa: fix freeing of sparse port allocation 2013-03-25 12:23:41 -04:00
ethernet net: add ETH_P_802_3_MIN 2013-03-28 01:20:42 -04:00
ieee802154 ieee802154/nl-mac.c: make some MLME operations optional 2013-04-08 12:00:16 -04:00
ipv4 gso: Handle Trans-Ether-Bridging protocol in skb_network_protocol() 2013-05-08 13:13:30 -07:00
ipv6 Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
ipx hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00
irda Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-05-01 14:08:52 -07:00
iucv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-22 20:32:51 -04:00
key Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2013-03-27 14:07:04 -04:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-07 18:37:01 -04:00
lapb net/lapb: remove depends on CONFIG_EXPERIMENTAL 2013-01-11 11:40:01 -08:00
llc llc: Fix missing msg_namelen update in llc_ui_recvmsg() 2013-04-07 16:28:01 -04:00
mac80211 mac80211: Fix rate control mask matching call 2013-06-12 09:12:43 +02:00
mac802154 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-30 03:55:20 -04:00
netfilter Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
netlabel netlabel: fix build problems when CONFIG_IPV6=n 2013-03-08 11:33:51 -05:00
netlink netlink: kconfig: move mmap i/o into netlink kconfig 2013-05-01 15:02:42 -04:00
netrom netrom: info leak in ->getname() 2013-04-25 01:47:58 -04:00
nfc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-30 03:55:20 -04:00
openvswitch openvswitch: Remove unneeded ovs_netdev_get_ifindex() 2013-04-30 00:19:11 -04:00
packet packet: tpacket_v3: do not trigger bug() on wrong header status 2013-05-03 16:10:33 -04:00
phonet rtnetlink: Remove passing of attributes into rtnl_doit functions 2013-03-22 10:31:16 -04:00
rds net/rds: zero last byte for strncpy 2013-03-08 00:35:44 -05:00
rfkill Merge branch 'for-john' of git://git.kernel.org/pub/scm/linux/kernel/git/jberg/mac80211-next 2013-04-22 14:58:14 -04:00
rose rose: fix info leak via msg_name in rose_recvmsg() 2013-04-07 16:28:02 -04:00
rxrpc Driver core patches for 3.9-rc1 2013-02-21 12:05:51 -08:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-05-01 14:08:52 -07:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-05-01 14:08:52 -07:00
sunrpc More NFS client bugfixes for 3.10 2013-05-09 10:24:54 -07:00
tipc tipc: potential divide by zero in tipc_link_recv_fragment() 2013-05-06 16:16:52 -04:00
unix af_unix: fix a fatal race with bit fields 2013-05-01 15:13:49 -04:00
vmw_vsock Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-30 03:55:20 -04:00
wimax
wireless nl80211: fix attrbuf access race by allocating a separate one 2013-06-19 18:31:20 +02:00
x25 x25: use proc_remove_subtree() 2013-04-09 14:13:35 -04:00
xfrm Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2013-05-02 14:53:12 -07:00
compat.c
Kconfig netlink: kconfig: move mmap i/o into netlink kconfig 2013-05-01 15:02:42 -04:00
Makefile VSOCK: Introduce VM Sockets 2013-02-10 19:41:08 -05:00
nonet.c
socket.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
sysctl_net.c user_ns: get rid of duplicate code in net_ctl_permissions 2012-11-18 20:32:45 -05:00