Go to file
Florian Westphal b0519de8b3 mptcp: fix use-after-free for ipv6
Turns out that when we accept a new subflow, the newly created
inet_sk(tcp_sk)->pinet6 points at the ipv6_pinfo structure of the
listener socket.

This wasn't caught by the selftest because it closes the accepted fd
before the listening one.

adding a close(listenfd) after accept returns is enough:
 BUG: KASAN: use-after-free in inet6_getname+0x6ba/0x790
 Read of size 1 at addr ffff88810e310866 by task mptcp_connect/2518
 Call Trace:
  inet6_getname+0x6ba/0x790
  __sys_getpeername+0x10b/0x250
  __x64_sys_getpeername+0x6f/0xb0

also alter test program to exercise this.

Reported-by: Christoph Paasch <cpaasch@apple.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-02-06 11:25:09 +01:00
arch ARM development updates for 5.6-rc1: 2020-02-04 13:12:19 +00:00
block SCSI misc on 20200129 2020-01-29 18:16:16 -08:00
certs certs: Add wrapper function to check blacklisted binary hash 2019-11-12 12:25:50 +11:00
crypto treewide: remove redundant IS_ERR() before error code check 2020-02-04 03:05:27 +00:00
Documentation Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-02-04 13:32:20 +00:00
drivers qed: Fix timestamping issue for L2 unicast ptp packets. 2020-02-05 15:19:34 +01:00
fs overlayfs update for 5.6 2020-02-04 11:45:21 +00:00
include bonding/alb: properly access headers in bond_alb_xmit() 2020-02-05 14:28:09 +01:00
init init/main.c: fix misleading "This architecture does not have kernel memory protection" message 2020-01-31 10:30:41 -08:00
ipc proc: convert everything to "struct proc_ops" 2020-02-04 03:05:26 +00:00
kernel proc: convert everything to "struct proc_ops" 2020-02-04 03:05:26 +00:00
lib lib: new testcases for bitmap_parse{_user} 2020-02-04 03:05:27 +00:00
LICENSES LICENSES: Rename other to deprecated 2019-05-03 06:34:32 -06:00
mm Merge branch 'akpm' (patches from Andrew) 2020-02-04 07:24:48 +00:00
net mptcp: fix use-after-free for ipv6 2020-02-06 11:25:09 +01:00
samples proc: convert everything to "struct proc_ops" 2020-02-04 03:05:26 +00:00
scripts mm: remove __krealloc 2020-02-04 03:05:24 +00:00
security linux-kselftest-5.6-rc1-kunit 2020-01-29 15:25:34 -08:00
sound treewide: remove redundant IS_ERR() before error code check 2020-02-04 03:05:27 +00:00
tools mptcp: fix use-after-free for ipv6 2020-02-06 11:25:09 +01:00
usr initramfs: do not show compression mode choice if INITRAMFS_SOURCE is empty 2020-02-03 17:31:43 +00:00
virt Merge branch 'cve-2019-3016' into kvm-next-5.6 2020-01-30 18:47:59 +01:00
.clang-format clang-format: Update with the latest for_each macro list 2019-08-31 10:00:51 +02:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore Opt out of scripts/get_maintainer.pl 2019-05-16 10:53:40 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for dts files 2019-12-04 19:44:11 -08:00
.gitignore modpost: dump missing namespaces into a single modules.nsdeps file 2019-11-11 20:10:01 +09:00
.mailmap RTC for 5.6 2020-02-04 07:03:40 +00:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS open: introduce openat2(2) syscall 2020-01-18 09:19:18 -05:00
Kbuild kbuild: do not descend to ./Kbuild when cleaning 2019-08-21 21:03:58 +09:00
Kconfig docs: kbuild: convert docs to ReST and rename to *.rst 2019-06-14 14:21:21 -06:00
MAINTAINERS Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2020-02-04 13:32:20 +00:00
Makefile Kbuild updates for v5.6 2020-02-01 10:01:52 -08:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.