Go to file
Xin Long d25adbeb0c sctp: fix an use-after-free issue in sctp_sock_dump
Commit 86fdb3448c ("sctp: ensure ep is not destroyed before doing the
dump") tried to fix an use-after-free issue by checking !sctp_sk(sk)->ep
with holding sock and sock lock.

But Paolo noticed that endpoint could be destroyed in sctp_rcv without
sock lock protection. It means the use-after-free issue still could be
triggered when sctp_rcv put and destroy ep after sctp_sock_dump checks
!ep, although it's pretty hard to reproduce.

I could reproduce it by mdelay in sctp_rcv while msleep in sctp_close
and sctp_sock_dump long time.

This patch is to add another param cb_done to sctp_for_each_transport
and dump ep->assocs with holding tsp after jumping out of transport's
traversal in it to avoid this issue.

It can also improve sctp diag dump to make it run faster, as no need
to save sk into cb->args[5] and keep calling sctp_for_each_transport
any more.

This patch is also to use int * instead of int for the pos argument
in sctp_for_each_transport, which could make postion increment only
in sctp_for_each_transport and no need to keep changing cb->args[2]
in sctp_sock_filter and sctp_sock_dump any more.

Fixes: 86fdb3448c ("sctp: ensure ep is not destroyed before doing the dump")
Reported-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Marcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-09-15 14:47:49 -07:00
arch Merge branch 'akpm' (patches from Andrew) 2017-09-09 10:30:07 -07:00
block Merge branch 'for-4.14/block-postmerge' of git://git.kernel.dk/linux-block 2017-09-09 12:49:01 -07:00
certs modsign: add markers to endif-statements in certs/Makefile 2017-07-14 11:01:37 +10:00
crypto crypto: af_alg - get_page upon reassignment to TX SGL 2017-08-22 15:03:27 +08:00
Documentation Merge branch 'for-4.14/block-postmerge' of git://git.kernel.dk/linux-block 2017-09-09 12:49:01 -07:00
drivers netvsc: increase default receive buffer size 2017-09-15 14:41:12 -07:00
firmware firmware/Makefile: force recompilation if makefile changes 2017-05-08 17:15:10 -07:00
fs More RDMA work and some op-structure constification from Chuck Lever, 2017-09-09 13:31:49 -07:00
include sctp: fix an use-after-free issue in sctp_sock_dump 2017-09-15 14:47:49 -07:00
init init/main.c: extract early boot entropy from the passed cmdline 2017-09-08 18:26:50 -07:00
ipc ipc: optimize semget/shmget/msgget for lots of keys 2017-09-08 18:26:51 -07:00
kernel perf/bpf: fix a clang compilation issue 2017-09-11 14:28:45 -07:00
lib cpumask: make cpumask_next() out-of-line 2017-09-08 18:26:51 -07:00
mm mem/memcg: cache rightmost node 2017-09-08 18:26:49 -07:00
net sctp: fix an use-after-free issue in sctp_sock_dump 2017-09-15 14:47:49 -07:00
samples media updates for v4.14-rc1 2017-09-07 12:53:14 -07:00
scripts Merge branch 'akpm' (patches from Andrew) 2017-09-09 10:30:07 -07:00
security audit/stable-4.14 PR 20170907 2017-09-07 20:48:25 -07:00
sound linux/kernel.h: move DIV_ROUND_DOWN_ULL() macro 2017-09-08 18:26:47 -07:00
tools Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-09 11:05:20 -07:00
usr ramfs: clarify help text that compression applies to ramfs as well as legacy ramdisk. 2017-07-06 16:24:30 -07:00
virt First batch of KVM changes for 4.14 2017-09-08 15:18:36 -07:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.get_maintainer.ignore
.gitattributes .gitattributes: set git diff driver for C source code files 2016-10-07 18:46:30 -07:00
.gitignore kbuild: Add support to generate LLVM assembly files 2017-04-25 08:13:52 +09:00
.mailmap power supply and reset changes for the v4.12 series (part 2) 2017-05-12 12:02:21 -07:00
COPYING
CREDITS PCI: Fix typos and whitespace errors 2017-09-01 16:35:50 -05:00
Kbuild kbuild: Consolidate header generation from ASM offset information 2017-04-13 05:43:37 +09:00
Kconfig
MAINTAINERS MAINTAINERS: review Renesas DT bindings as well 2017-09-13 13:41:04 -07:00
Makefile Merge branch 'docs-next' of git://git.lwn.net/linux 2017-09-03 21:07:29 -07:00
README README: add a new README file, pointing to the Documentation/ 2016-10-24 08:12:35 -02:00

Linux kernel
============

This file was moved to Documentation/admin-guide/README.rst

Please notice that there are several guides for kernel developers and users.
These guides can be rendered in a number of formats, like HTML and PDF.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.