iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Eric Dumazet 8738c85c72 sch_choke: avoid potential panic in choke_reset() 
If choke_init() could not allocate q->tab, we would crash later
in choke_reset().

BUG: KASAN: null-ptr-deref in memset include/linux/string.h:366 [inline]
BUG: KASAN: null-ptr-deref in choke_reset+0x208/0x340 net/sched/sch_choke.c:326
Write of size 8 at addr 0000000000000000 by task syz-executor822/7022

CPU: 1 PID: 7022 Comm: syz-executor822 Not tainted 5.7.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x188/0x20d lib/dump_stack.c:118
 __kasan_report.cold+0x5/0x4d mm/kasan/report.c:515
 kasan_report+0x33/0x50 mm/kasan/common.c:625
 check_memory_region_inline mm/kasan/generic.c:187 [inline]
 check_memory_region+0x141/0x190 mm/kasan/generic.c:193
 memset+0x20/0x40 mm/kasan/common.c:85
 memset include/linux/string.h:366 [inline]
 choke_reset+0x208/0x340 net/sched/sch_choke.c:326
 qdisc_reset+0x6b/0x520 net/sched/sch_generic.c:910
 dev_deactivate_queue.constprop.0+0x13c/0x240 net/sched/sch_generic.c:1138
 netdev_for_each_tx_queue include/linux/netdevice.h:2197 [inline]
 dev_deactivate_many+0xe2/0xba0 net/sched/sch_generic.c:1195
 dev_deactivate+0xf8/0x1c0 net/sched/sch_generic.c:1233
 qdisc_graft+0xd25/0x1120 net/sched/sch_api.c:1051
 tc_modify_qdisc+0xbab/0x1a00 net/sched/sch_api.c:1670
 rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5454
 netlink_rcv_skb+0x15a/0x410 net/netlink/af_netlink.c:2469
 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline]
 netlink_unicast+0x537/0x740 net/netlink/af_netlink.c:1329
 netlink_sendmsg+0x882/0xe10 net/netlink/af_netlink.c:1918
 sock_sendmsg_nosec net/socket.c:652 [inline]
 sock_sendmsg+0xcf/0x120 net/socket.c:672
 ____sys_sendmsg+0x6bf/0x7e0 net/socket.c:2362
 ___sys_sendmsg+0x100/0x170 net/socket.c:2416
 __sys_sendmsg+0xec/0x1b0 net/socket.c:2449
 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:295

Fixes: 77e62da6e60c ("sch_choke: drop all packets in queue during reset")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2020-04-27 11:35:27 -07:00
..
6lowpan
9p
9pnet: allow making incomplete read requests
2020-03-27 09:29:56 +00:00
802
net: 802: psnap.c: Use built-in RCU list checking
2020-02-24 13:02:53 -08:00
8021q
net: vlan: suppress "failed to kill vid" warnings
2020-02-17 14:30:54 -08:00
appletalk
atm
proc: convert everything to "struct proc_ops"
2020-02-04 03:05:26 +00:00
ax25
net: Make sock protocol value checks more specific
2020-01-09 18:41:40 -08:00
batman-adv
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-03-12 22:34:48 -07:00
bluetooth
Bluetooth: L2CAP: Use DEFER_SETUP to group ECRED connections
2020-03-25 22:16:08 +01:00
bpf
bpf: Fix build warning regarding missing prototypes
2020-03-28 18:13:18 +01:00
bpfilter
SPDX patches for 5.7-rc1.
2020-04-03 13:12:26 -07:00
bridge
net: bridge: vlan options: move the tunnel command to the nested attribute
2020-03-20 08:52:20 -07:00
caif
net: caif: Add lockdep expression to RCU traversal primitive
2020-03-11 22:55:25 -07:00
can
ceph
libceph: directly skip to the end of redirect reply
2020-03-30 12:42:41 +02:00
core
net: remove obsolete comment
2020-04-25 20:49:32 -07:00
dcb
dccp
Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
2020-02-29 15:53:35 -08:00
decnet
Remove DST_HOST
2020-03-23 21:57:44 -07:00
dns_resolver
KEYS: Don't write out to userspace while holding key semaphore
2020-03-29 12:40:41 +01:00
dsa
net: dsa: don't fail to probe if we couldn't set the MTU
2020-04-22 19:22:59 -07:00
ethernet
net: remove eth_change_mtu
2020-01-27 11:09:31 +01:00
ethtool
ethtool: provide timestamping information with TSINFO_GET request
2020-03-29 22:32:37 -07:00
hsr
hsr: check protocol version in hsr_newlink()
2020-04-07 18:34:18 -07:00
ieee802154
nl802154: add missing attribute validation for dev_type
2020-03-03 13:28:48 -08:00
ife
ipv4
ipv4: Update fib_select_default to handle nexthop objects
2020-04-22 19:57:39 -07:00
ipv6
xfrm: Always set XFRM_TRANSFORMED in xfrm{4,6}_output_finish
2020-04-22 12:32:11 -07:00
iucv
kcm
net: kcm: kcmproc.c: Fix RCU list suspicious usage warning
2020-03-16 17:14:02 -07:00
key
l2tp
l2tp: Allow management of tunnels and session in user namespace
2020-04-08 14:30:46 -07:00
l3mdev
lapb
llc
af_llc: fix if-statement empty body warning
2020-02-26 20:38:13 -08:00
mac80211
mac80211: sta_info: Add lockdep condition for RCU list usage
2020-04-24 11:31:20 +02:00
mac802154
mpls
net: add net available in build_state
2020-03-29 22:30:57 -07:00
mptcp
mptcp: fix race in msk status update
2020-04-25 20:38:54 -07:00
ncsi
net/ncsi: Support for multi host mellanox card
2020-01-09 18:36:22 -08:00
netfilter
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
2020-04-21 11:50:31 -07:00
netlabel
netlabel: Kconfig: Update reference for NetLabel Tools project
2020-04-22 19:55:01 -07:00
netlink
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-03-25 18:58:11 -07:00
netrom
net: netrom: Fix potential nr_neigh refcnt leak in nr_add_node
2020-04-18 13:09:46 -07:00
nfc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-03-12 22:34:48 -07:00
nsh
openvswitch
net: openvswitch: ovs_ct_exit to be done under ovs_lock
2020-04-20 10:53:54 -07:00
packet
net/packet: tpacket_rcv: avoid a producer race condition
2020-03-15 00:25:25 -07:00
phonet
net: Remove redundant BUG_ON() check in phonet_pernet
2020-01-03 12:25:50 -08:00
psample
qrtr
net: qrtr: send msgs from local of same id as broadcast
2020-04-09 10:08:31 -07:00
rds
net/rds: Use ERR_PTR for rds_message_alloc_sgs()
2020-04-15 12:33:29 -07:00
rfkill
rose
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-01-26 10:40:21 +01:00
rxrpc
rxrpc: Fix DATA Tx to disable nofrag for UDP on AF_INET6 socket
2020-04-14 16:26:47 -07:00
sched
sch_choke: avoid potential panic in choke_reset()
2020-04-27 11:35:27 -07:00
sctp
sctp: Fix SHUTDOWN CTSN Ack in the peer restart case
2020-04-22 19:27:40 -07:00
smc
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2020-03-12 22:34:48 -07:00
strparser
sunrpc
svcrdma: Fix leak of svc_rdma_recv_ctxt objects
2020-04-17 12:40:38 -04:00
switchdev
net: switchdev: do not propagate bridge updates across bridges
2020-02-26 20:58:33 -08:00
tipc
tipc: Fix potential tipc_node refcnt leak in tipc_rcv
2020-04-18 13:24:20 -07:00
tls
net/tls: Fix sk_psock refcnt leak when in tls_data_ready()
2020-04-27 11:22:38 -07:00
unix
net: datagram: drop 'destructor' argument from several helpers
2020-02-28 12:12:53 -08:00
vmw_vsock
vsock/virtio: fix multiple packet delivery to monitoring devices
2020-04-27 10:18:01 -07:00
wimax
wireless
nl80211: fix NL80211_ATTR_FTM_RESPONDER policy
2020-04-14 12:28:48 +02:00
x25
net/x25: Fix x25_neigh refcnt leak when x25 disconnect
2020-04-27 11:20:30 -07:00
xdp
xsk: Add missing check on user supplied headroom size
2020-04-15 13:07:18 +02:00
xfrm
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next
2020-03-30 10:59:20 -07:00
compat.c
net: abstract out normal and compat msghdr import
2020-03-10 09:12:49 -06:00
Kconfig
net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build
2020-03-25 12:24:33 -07:00
Makefile
mptcp: Add MPTCP socket stubs
2020-01-24 13:44:07 +01:00
socket.c
for-5.7/io_uring-2020-03-29
2020-03-30 12:18:49 -07:00
sysctl_net.c