iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
f7b94bdc1e
linux/net
History
Luiz Augusto von Dentz f7b94bdc1e Bluetooth: af_bluetooth: Fix deadlock 
Attemting to do sock_lock on .recvmsg may cause a deadlock as shown
bellow, so instead of using sock_sock this uses sk_receive_queue.lock
on bt_sock_ioctl to avoid the UAF:

INFO: task kworker/u9:1:121 blocked for more than 30 seconds.
      Not tainted 6.7.6-lemon #183
Workqueue: hci0 hci_rx_work
Call Trace:
 <TASK>
 __schedule+0x37d/0xa00
 schedule+0x32/0xe0
 __lock_sock+0x68/0xa0
 ? __pfx_autoremove_wake_function+0x10/0x10
 lock_sock_nested+0x43/0x50
 l2cap_sock_recv_cb+0x21/0xa0
 l2cap_recv_frame+0x55b/0x30a0
 ? psi_task_switch+0xeb/0x270
 ? finish_task_switch.isra.0+0x93/0x2a0
 hci_rx_work+0x33a/0x3f0
 process_one_work+0x13a/0x2f0
 worker_thread+0x2f0/0x410
 ? __pfx_worker_thread+0x10/0x10
 kthread+0xe0/0x110
 ? __pfx_kthread+0x10/0x10
 ret_from_fork+0x2c/0x50
 ? __pfx_kthread+0x10/0x10
 ret_from_fork_asm+0x1b/0x30
 </TASK>

Fixes: 2e07e8348e ("Bluetooth: af_bluetooth: Fix Use-After-Free in bt_sock_recvmsg")
Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>
2024-03-06 17:26:25 -05:00
..
6lowpan net: fill in MODULE_DESCRIPTION()s for 6LoWPAN 2024-02-09 14:12:01 -08:00
9p
802
8021q rtnetlink: prepare nla_put_iflink() to run under RCU 2024-02-26 11:46:12 +00:00
appletalk
atm net: fill in MODULE_DESCRIPTION()s for mpoa 2024-02-09 14:12:01 -08:00
ax25
batman-adv This cleanup patchset includes the following patches: 2024-02-02 12:44:16 +00:00
bluetooth Bluetooth: af_bluetooth: Fix deadlock 2024-03-06 17:26:25 -05:00
bpf bpf: treewide: Annotate BPF kfuncs in BTF 2024-01-31 20:40:56 -08:00
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-02-29 14:24:56 -08:00
caif
can linux-can-next-for-6.9-20240220 2024-02-20 15:32:45 +01:00
ceph libceph: just wait for more data to be available on the socket 2024-02-07 14:43:29 +01:00
core netdev: let netlink core handle -EMSGSIZE errors 2024-03-06 08:07:44 +00:00
dcb
dccp net: dccp: Simplify the allocation of slab caches in dccp_ackvec_init 2024-02-02 12:19:26 +00:00
devlink devlink: fix port dump cmd type 2024-02-21 17:11:04 -08:00
dns_resolver Networking changes for 6.8. 2024-01-11 10:07:29 -08:00
dsa rtnetlink: prepare nla_put_iflink() to run under RCU 2024-02-26 11:46:12 +00:00
ethernet
ethtool ethtool: ignore unused/unreliable fields in set_eee op 2024-03-05 19:07:13 -08:00
handshake net/handshake: Fix handshake_req_destroy_test1 2024-02-08 18:32:29 -08:00
hsr Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-02-29 14:24:56 -08:00
ieee802154 rtnetlink: prepare nla_put_iflink() to run under RCU 2024-02-26 11:46:12 +00:00
ife
ipv4 inet: Add getsockopt support for IP_ROUTER_ALERT and IPV6_ROUTER_ALERT 2024-03-06 12:37:06 +00:00
ipv6 inet: Add getsockopt support for IP_ROUTER_ALERT and IPV6_ROUTER_ALERT 2024-03-06 12:37:06 +00:00
iucv net/af_iucv: fix virtual vs physical address confusion 2024-02-22 18:28:13 -08:00
kcm net: kcm: Simplify the allocation of slab caches 2024-02-21 11:28:57 +00:00
key net: fill in MODULE_DESCRIPTION()s for af_key 2024-02-09 14:12:01 -08:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-02-22 15:29:26 -08:00
l3mdev
lapb
llc llc: call sock_orphan() at release time 2024-01-30 13:49:09 +01:00
mac80211 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-02-29 14:24:56 -08:00
mac802154
mctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-02-29 14:24:56 -08:00
mpls inet: allow ip_valid_fib_dump_req() to be called with RTNL or RCU 2024-02-26 11:46:12 +00:00
mptcp mptcp: get addr in userspace pm list 2024-03-04 13:07:46 +00:00
ncsi
netfilter bpf-next-for-netdev 2024-03-02 20:50:59 -08:00
netlabel netlabel: remove impossible return value in netlbl_bitmap_walk 2024-02-28 19:37:34 -08:00
netlink genetlink: fit NLMSG_DONE into same read() as families 2024-03-06 08:07:45 +00:00
netrom
nfc nfc: core: make nfc_class constant 2024-03-05 11:21:18 -08:00
nsh
openvswitch net: openvswitch: limit the number of recursions from action sets 2024-02-09 12:54:38 -08:00
packet net: Re-use and set mono_delivery_time bit for userspace tstamp packets 2024-03-05 13:41:16 +01:00
phonet phonet/pep: fix racy skb_queue_empty() use 2024-02-22 09:05:50 +01:00
psample
qrtr
rds Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-02-15 16:20:04 -08:00
rfkill
rose
rxrpc rxrpc: Fix counting of new acks and nacks 2024-02-05 12:34:07 +00:00
sched Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-02-22 15:29:26 -08:00
sctp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-02-15 16:20:04 -08:00
smc net/smc: reduce rtnl pressure in smc_pnet_create_pnetids_list() 2024-03-05 15:49:35 +01:00
strparser
sunrpc NFSv4.1: Assign the right value for initval and retries for rpc timeout 2024-01-29 13:39:48 -05:00
switchdev net: bridge: switchdev: Skip MDB replays of deferred events on offload 2024-02-16 09:36:37 +00:00
tipc tipc: Cleanup tipc_nl_bearer_add() error paths 2024-02-15 13:18:19 +01:00
tls tls: fix use-after-free on failed backlog decryption 2024-02-29 09:07:16 -08:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-02-22 15:29:26 -08:00
vmw_vsock sock_diag: add module pointer to "struct sock_diag_handler" 2024-01-23 15:13:54 +01:00
wireless Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-02-29 14:24:56 -08:00
x25
xdp bpf-next-for-netdev 2024-03-02 20:50:59 -08:00
xfrm bpf-next-for-netdev 2024-03-02 20:50:59 -08:00
compat.c
devres.c
Kconfig net: bql: allow the config to be disabled 2024-02-18 10:19:21 +00:00
Kconfig.debug
Makefile af_unix: Remove CONFIG_UNIX_SCM. 2024-01-31 16:41:16 -08:00
socket.c net: remove SLAB_MEM_SPREAD flag usage 2024-02-28 19:29:46 -08:00
sysctl_net.c