linux_dsm_epyc7002/net/sctp
Xin Long af98c5a785 sctp: set stream ext to NULL after freeing it in sctp_stream_outq_migrate
In sctp_stream_init(), after sctp_stream_outq_migrate() freed the
surplus streams' ext, but sctp_stream_alloc_out() returns -ENOMEM,
stream->outcnt will not be set to 'outcnt'.

With the bigger value on stream->outcnt, when closing the assoc and
freeing its streams, the ext of those surplus streams will be freed
again since those stream exts were not set to NULL after freeing in
sctp_stream_outq_migrate(). Then the invalid-free issue reported by
syzbot would be triggered.

We fix it by simply setting them to NULL after freeing.

Fixes: 5bbbbe32a4 ("sctp: introduce stream scheduler foundations")
Reported-by: syzbot+58e480e7b28f2d890bfd@syzkaller.appspotmail.com
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-02-13 19:33:44 -05:00
..
associola.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-09 21:43:31 -08:00
auth.c
bind_addr.c sctp: add sock_reuseport for the sock in __sctp_hash_endpoint 2018-11-12 09:09:51 -08:00
chunk.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-12-09 21:43:31 -08:00
debug.c
diag.c inet_diag: fix reporting cgroup classid and fallback to priority 2019-02-12 13:35:57 -05:00
endpointola.c
input.c sctp: add sock_reuseport for the sock in __sctp_hash_endpoint 2018-11-12 09:09:51 -08:00
inqueue.c
ipv6.c sctp: set flow sport from saddr only when it's 0 2019-01-24 18:13:57 -08:00
Kconfig
Makefile
objcnt.c
offload.c sctp: call gso_reset_checksum when computing checksum in sctp_gso_segment 2019-02-13 19:31:43 -05:00
output.c sctp: increase sk_wmem_alloc when head->truesize is increased 2018-11-27 15:42:31 -08:00
outqueue.c sctp: define SCTP_SS_DEFAULT for Stream schedulers 2018-11-03 19:40:29 -07:00
primitive.c sctp: rename enum sctp_event to sctp_event_type 2018-11-19 12:25:43 -08:00
proc.c
protocol.c sctp: set flow sport from saddr only when it's 0 2019-01-24 18:13:57 -08:00
sm_make_chunk.c sctp: set chunk transport correctly when it's a new asoc 2019-01-24 18:13:57 -08:00
sm_sideeffect.c sctp: rename enum sctp_event to sctp_event_type 2018-11-19 12:25:43 -08:00
sm_statefuns.c
sm_statetable.c sctp: rename enum sctp_event to sctp_event_type 2018-11-19 12:25:43 -08:00
socket.c sctp: walk the list of asoc safely 2019-02-01 10:41:46 -08:00
stream_interleave.c sctp: add subscribe per asoc 2018-11-19 12:25:43 -08:00
stream_sched_prio.c
stream_sched_rr.c
stream_sched.c
stream.c sctp: set stream ext to NULL after freeing it in sctp_stream_outq_migrate 2019-02-13 19:33:44 -05:00
sysctl.c
transport.c
tsnmap.c
ulpevent.c
ulpqueue.c sctp: add subscribe per asoc 2018-11-19 12:25:43 -08:00