iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,185,979 Commits 104 Branches 1,843 Tags 5.7 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
448a5ce112
Go to file
Vladislav Efanov 448a5ce112 udp6: Fix race condition in udp6_sendmsg & connect 
Syzkaller got the following report:
BUG: KASAN: use-after-free in sk_setup_caps+0x621/0x690 net/core/sock.c:2018
Read of size 8 at addr ffff888027f82780 by task syz-executor276/3255

The function sk_setup_caps (called by ip6_sk_dst_store_flow->
ip6_dst_store) referenced already freed memory as this memory was
freed by parallel task in udpv6_sendmsg->ip6_sk_dst_lookup_flow->
sk_dst_check.

          task1 (connect)              task2 (udp6_sendmsg)
        sk_setup_caps->sk_dst_set |
                                  |  sk_dst_check->
                                  |      sk_dst_set
                                  |      dst_release
        sk_setup_caps references  |
        to already freed dst_entry|

The reason for this race condition is: sk_setup_caps() keeps using
the dst after transferring the ownership to the dst cache.

Found by Linux Verification Center (linuxtesting.org) with syzkaller.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Vladislav Efanov <VEfanov@ispras.ru>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-05-31 10:35:10 +01:00
arch m68k fixes for v6.4 2023-05-25 09:33:03 -07:00
block block: Deny writable memory mapping if block is read-only 2023-05-19 20:17:10 -06:00
certs KEYS: Add missing function documentation 2023-04-24 16:15:52 +03:00
crypto This push fixes the following problems: 2023-05-07 10:57:14 -07:00
Documentation netlink: specs: correct types of legacy arrays 2023-05-29 22:03:48 -07:00
drivers net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters 2023-05-30 12:05:22 +02:00
fs Changes since last update: 2023-05-23 10:47:32 -07:00
include net: mana: Fix perf regression: remove rx_cqes, tx_cqes counters 2023-05-30 12:05:22 +02:00
init Objtool changes for v6.4: 2023-04-28 14:02:54 -07:00
io_uring for-6.4/io_uring-2023-05-07 2023-05-07 10:00:09 -07:00
ipc Merge branch 'work.namespace' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2023-02-24 19:20:07 -08:00
kernel Networking fixes for 6.4-rc4, including fixes from bluetooth and bpf 2023-05-25 10:55:26 -07:00
lib Eight hotfixes. Four are cc:stable, the other four are for post-6.4 2023-05-18 17:06:04 -07:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm mm: fix zswap writeback race condition 2023-05-17 15:24:33 -07:00
net udp6: Fix race condition in udp6_sendmsg & connect 2023-05-31 10:35:10 +01:00
rust Rust changes for v6.4 2023-04-30 11:20:22 -07:00
samples samples/bpf: Drop unnecessary fallthrough 2023-05-16 19:44:05 +02:00
scripts Locking changes in v6.4: 2023-05-05 12:56:55 -07:00
security integrity-v6.4 2023-04-29 10:11:32 -07:00
sound ALSA: hda/realtek: Enable headset onLenovo M70/M90 2023-05-24 14:18:59 +02:00
tools selftests: mptcp: userspace pm: skip if MPTCP is not supported 2023-05-30 13:21:03 +02:00
usr initramfs: Check negative timestamp to prevent broken cpio archive 2023-04-16 17:37:01 +09:00
virt KVM: Fix vcpu_array[0] races 2023-05-19 13:56:26 -04:00
.clang-format cxl for v6.4 2023-04-30 11:51:51 -07:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: use 'dts' diff driver for *.dtso files 2023-02-26 15:28:23 +09:00
.gitignore linux-kselftest-kunit-6.4-rc1 2023-04-24 12:31:32 -07:00
.mailmap mailmap: add entries for Nikolay Aleksandrov 2023-05-17 09:35:05 +01:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: sctp: move Neil to CREDITS 2023-05-12 08:51:32 +01:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS Networking fixes for 6.4-rc4, including fixes from bluetooth and bpf 2023-05-25 10:55:26 -07:00
Makefile Linux 6.4-rc3 2023-05-21 14:05:48 -07:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.