AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2024-12-18 09:26:45 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
9ebd796e24
linux_dsm_epyc7002/drivers/net
History
Jouni Hogander 9ebd796e24 can: slcan: Fix use-after-free Read in slcan_open 
Slcan_open doesn't clean-up device which registration failed from the
slcan_devs device list. On next open this list is iterated and freed
device is accessed. Fix this by calling slc_free_netdev in error path.

Driver/net/can/slcan.c is derived from slip.c. Use-after-free error was
identified in slip_open by syzboz. Same bug is in slcan.c. Here is the
trace from the Syzbot slip report:

__dump_stack lib/dump_stack.c:77 [inline]
dump_stack+0x197/0x210 lib/dump_stack.c:118
print_address_description.constprop.0.cold+0xd4/0x30b mm/kasan/report.c:374
__kasan_report.cold+0x1b/0x41 mm/kasan/report.c:506
kasan_report+0x12/0x20 mm/kasan/common.c:634
__asan_report_load8_noabort+0x14/0x20 mm/kasan/generic_report.c:132
sl_sync drivers/net/slip/slip.c:725 [inline]
slip_open+0xecd/0x11b7 drivers/net/slip/slip.c:801
tty_ldisc_open.isra.0+0xa3/0x110 drivers/tty/tty_ldisc.c:469
tty_set_ldisc+0x30e/0x6b0 drivers/tty/tty_ldisc.c:596
tiocsetd drivers/tty/tty_io.c:2334 [inline]
tty_ioctl+0xe8d/0x14f0 drivers/tty/tty_io.c:2594
vfs_ioctl fs/ioctl.c:46 [inline]
file_ioctl fs/ioctl.c:509 [inline]
do_vfs_ioctl+0xdb6/0x13e0 fs/ioctl.c:696
ksys_ioctl+0xab/0xd0 fs/ioctl.c:713
__do_sys_ioctl fs/ioctl.c:720 [inline]
__se_sys_ioctl fs/ioctl.c:718 [inline]
__x64_sys_ioctl+0x73/0xb0 fs/ioctl.c:718
do_syscall_64+0xfa/0x760 arch/x86/entry/common.c:290
entry_SYSCALL_64_after_hwframe+0x49/0xbe

Fixes: ed50e1600b ("slcan: Fix memory leak in error path")
Cc: Wolfgang Grandegger <wg@grandegger.com>
Cc: Marc Kleine-Budde <mkl@pengutronix.de>
Cc: David Miller <davem@davemloft.net>
Cc: Oliver Hartkopp <socketcan@hartkopp.net>
Cc: Lukas Bulwahn <lukas.bulwahn@gmail.com>
Signed-off-by: Jouni Hogander <jouni.hogander@unikie.com>
Cc: linux-stable <stable@vger.kernel.org> # >= v5.4
Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
2019-12-03 11:15:08 +01:00
..
appletalk
arcnet
bonding bonding: symmetric ICMP transmit 2019-11-16 13:02:53 -08:00
caif Driver core patches for 5.5-rc1 2019-11-27 11:06:20 -08:00
can can: slcan: Fix use-after-free Read in slcan_open 2019-12-03 11:15:08 +01:00
dsa Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-11-25 14:57:26 -08:00
ethernet r8169: fix resume on cable plug-in 2019-12-01 13:14:21 -08:00
fddi
fjes fjes: Handle workqueue allocation failure 2019-10-29 10:33:10 -07:00
hamradio net: core: add generic lockdep keys 2019-10-24 14:53:48 -07:00
hippi
hyperv - Support for new VMBus protocols (Andrea Parri). 2019-11-30 14:50:51 -08:00
ieee802154 drivers: net: Fix Kconfig indentation, continued 2019-11-21 11:54:09 -08:00
ipvlan Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-11-02 13:54:56 -07:00
netdevsim netdevsim: Update dummy reporter's devlink binary interface 2019-11-12 11:25:44 -08:00
phy net: phy: realtek: fix using paged operations with RTL8105e / RTL8208 2019-12-01 13:14:21 -08:00
plip
ppp compat_ioctl: remove most of fs/compat_ioctl.c 2019-12-01 13:46:15 -08:00
slip slip: Fix use-after-free Read in slip_open 2019-11-25 11:02:52 -08:00
team Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-11-02 13:54:56 -07:00
usb net: usb: aqc111: Use the correct style for SPDX License Identifier 2019-11-27 11:27:01 -08:00
vmxnet3
wan
wimax Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-11-02 13:54:56 -07:00
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-11-27 17:17:40 -08:00
xen-netback
dummy.c net: dummy: use standard dev_lstats_add() and dev_lstats_read() 2019-11-07 20:03:08 -08:00
eql.c
geneve.c
gtp.c
ifb.c
Kconfig drivers: net: Fix Kconfig indentation, continued 2019-11-21 11:54:09 -08:00
LICENSE.SRC
loopback.c net: use u64_stats_t in struct pcpu_lstats 2019-11-07 20:03:08 -08:00
macsec.c net: remove unnecessary variables and callback 2019-10-24 14:53:49 -07:00
macvlan.c macvlan: schedule bc_work even if error 2019-11-25 10:54:22 -08:00
macvtap.c
Makefile
mdio.c
mii.c
net_failover.c
netconsole.c
nlmon.c net: nlmon: use standard dev_lstats_add() and dev_lstats_read() 2019-11-07 20:03:08 -08:00
ntb_netdev.c
rionet.c
sb1000.c
Space.c
sungem_phy.c
tap.c
thunderbolt.c
tun.c tun: fix data-race in gro_normal_list() 2019-11-15 12:46:49 -08:00
veth.c veth: use standard dev_lstats_add() and dev_lstats_read() 2019-11-07 20:03:08 -08:00
virtio_net.c bpf: Convert bpf_prog refcnt to atomic64_t 2019-11-18 11:41:59 +01:00
vrf.c net: core: add generic lockdep keys 2019-10-24 14:53:48 -07:00
vsockmon.c vsockmon: use standard dev_lstats_add() and dev_lstats_read() 2019-11-07 20:03:08 -08:00
vxlan.c vxlan: implement get_link_ksettings ethtool method 2019-11-12 19:52:15 -08:00
xen-netfront.c