iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
0817534ff9
linux/security/smack
History
Pawan Gupta 0817534ff9 smackfs: Fix use-after-free in netlbl_catmap_walk() 
Syzkaller reported use-after-free bug as described in [1]. The bug is
triggered when smk_set_cipso() tries to free stale category bitmaps
while there are concurrent reader(s) using the same bitmaps.

Wait for RCU grace period to finish before freeing the category bitmaps
in smk_set_cipso(). This makes sure that there are no more readers using
the stale bitmaps and freeing them should be safe.

[1] https://lore.kernel.org/netdev/000000000000a814c505ca657a4e@google.com/

Reported-by: syzbot+3f91de0b813cc3d19a80@syzkaller.appspotmail.com
Signed-off-by: Pawan Gupta <pawan.kumar.gupta@linux.intel.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
2021-09-15 16:42:25 -07:00
..
Kconfig treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
Makefile treewide: Add SPDX license identifier - Makefile/Kconfig 2019-05-21 10:50:46 +02:00
smack_access.c Smack: Fix wrong semantics in smk_access_entry() 2021-07-20 09:17:36 -07:00
smack_lsm.c smack: mark 'smack_enabled' global variable as __initdata 2021-07-20 10:34:59 -07:00
smack_netfilter.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
smack.h smack: mark 'smack_enabled' global variable as __initdata 2021-07-20 10:34:59 -07:00
smackfs.c smackfs: Fix use-after-free in netlbl_catmap_walk() 2021-09-15 16:42:25 -07:00