Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/net/core
History
Sharath Chandra Vurukala a84417e849 net: sockev: avoid races between sockev and socket_close 
Use-after-free is seen when sending a sockev netlink message
since socket is not held which can race with sk_free.

KASAN: use-after-free in sockev_client_cb+0x41c/0x4b8
	in net/core/sockev_nlmcast.c:104
Read of size 2 at addr ffffffc08420c550
Call trace:
dump_backtrace+0x0/0x388 arch/arm64/kernel/time.c:55
show_stack+0x24/0x30 arch/arm64/kernel/traps.c:152
__dump_stack+0x24/0x2c lib/dump_stack.c:17
dump_stack+0x8c/0xd0 lib/dump_stack.c:53
print_address_description+0x74/0x234 mm/kasan/report.c:256
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report+0x240/0x264 mm/kasan/report.c:412
__asan_report_load2_noabort+0x2c/0x38 mm/kasan/report.c:431
sockev_client_cb+0x41c/0x4b8 net/core/sockev_nlmcast.c:104
notifier_call_chain+0x104/0x158 kernel/notifier.c:93
__blocking_notifier_call_chain+0x80/0xb0 kernel/notifier.c:317
blocking_notifier_call_chain+0x3c/0x4c kernel/notifier.c:328
sockev_notify+0x30/0x3c net/socket.c:181
SYSC_bind net/socket.c:1509 [inline]
SyS_bind+0x1ec/0x30c net/socket.c:1489
el0_svc_naked+0x34/0x38
Freed by task 19460:
save_stack mm/kasan/kasan.c:447 [inline]
set_track mm/kasan/kasan.c:459 [inline]
__kasan_slab_free+0x134/0x20c mm/kasan/kasan.c:520
kasan_slab_free+0x10/0x1c mm/kasan/kasan.c:527
slab_free_hook mm/slub.c:1401 [inline]
slab_free_freelist_hook mm/slub.c:1422 [inline]
slab_free mm/slub.c:2979 [inline]
kmem_cache_free+0x114/0x664 mm/slub.c:3001
sk_prot_free net/core/sock.c:1504 [inline]
__sk_destruct+0x324/0x3c0 net/core/sock.c:1585
__sk_free+0x180/0x200 net/core/sock.c:1601
sk_free+0x44/0x50 net/core/sock.c:1612
sock_put include/net/sock.h:1643 [inline]
sk_common_release+0x198/0x20c net/core/sock.c:3014
raw_close+0x38/0x44 net/ipv4/raw.c:703
inet_release+0x128/0x15c net/ipv4/af_inet.c:446
__sock_release+0xb8/0x258 net/socket.c:614
sock_close+0x24/0x34 net/socket.c:1150
__fput+0x1f4/0x4e4 fs/file_table.c:345
____fput+0x20/0x2c fs/file_table.c:380
task_work_run+0x9c/0x174 kernel/task_work.c:113

Change-Id: Idb4335889b6e4228f36d76ca5b6156cc5e5838da
Signed-off-by: Sharath Chandra Vurukala <sharathv@codeaurora.org>
 		2020-10-11 20:40:04 +02:00
..
Makefile net: sockev: Initial Commit 2014-06-06 17:01:51 -07:00
datagram.c Revert "[stable-only] net: add length argument to skb_copy_and_csum_datagram_iovec" 2019-07-27 22:05:55 +02:00
dev.c treewide: Fix typo in Documentation/DocBook 2019-07-27 22:10:20 +02:00
dev_addr_lists.c net: fix uninit-value in __hw_addr_add_ex() 2019-07-27 21:49:08 +02:00
dev_ioctl.c
drop_monitor.c drop_monitor: consider inserted data in genlmsg_end 2019-07-27 21:43:42 +02:00
dst.c net: ratelimit warnings about dst entry refcount underflow or overflow 2019-07-27 21:42:33 +02:00
ethtool.c net: ethtool: not call vzalloc for zero sized memory request 2019-07-27 22:10:06 +02:00
fib_rules.c net: core: add UID to flows, rules, and routes 2019-07-27 21:50:59 +02:00
filter.c tcp: take care of truncations done by sk_filter() 2019-07-27 21:42:33 +02:00
flow.c net/core/flow.c: Fix CPU hotplug callback registration 2014-07-03 09:55:32 -07:00
flow_dissector.c net: core: add MAP support to RPS flow dissector 2014-06-23 07:47:38 -06:00
gen_estimator.c
gen_stats.c gen_stats.c: Duplicate xstats buffer for later use 2015-03-18 13:22:26 +01:00
iovec.c iovec: make sure the caller actually wants anything in memcpy_fromiovecend 2019-07-27 21:45:59 +02:00
link_watch.c arch: Mass conversion of smp_mb__*() 2014-08-15 11:45:28 -07:00
neighbour.c net: neigh: fix multiple neigh timer scheduling 2019-10-27 19:33:27 +01:00
net-procfs.c
net-sysfs.c net-sysfs: Fix memory leak in netdev_register_kobject 2019-08-13 03:29:23 +02:00
net-sysfs.h
net-traces.c
net_namespace.c netns: provide pure entropy for net_hash_mix() 2019-07-27 22:10:05 +02:00
netevent.c
netpoll.c netpoll: fix the skb check in pkt_is_ns 2014-04-14 06:42:17 -07:00
netprio_cgroup.c
pktgen.c net: pktgen: fix race between pktgen_thread_worker() and kthread_stop() 2015-10-01 12:07:35 +02:00
request_sock.c
rtnetlink.c rtnetlink: ndo_dflt_fdb_dump() only work for ARPHRD_ETHER devices 2019-07-27 21:53:23 +02:00
scm.c This is the 3.10.95 stable release 2017-04-18 17:14:54 +02:00
secure_seq.c inetpeer: get rid of ip_id_count 2014-08-14 09:24:15 +08:00
skbuff.c net: make skb_partial_csum_set() more robust against overflows 2019-07-27 21:53:15 +02:00
sock.c net: fix possible overflow in __sk_mem_raise_allocated() 2020-02-12 22:53:24 +01:00
sock_diag.c net: diag: Add the ability to destroy a socket. 2016-05-18 14:36:07 +05:30
sockev_nlmcast.c net: sockev: avoid races between sockev and socket_close 2020-10-11 20:40:04 +02:00
stream.c tcp: make sure EPOLLOUT wont be missed 2019-12-21 19:59:22 +01:00
sysctl_net_core.c This is the 3.10.73 stable release 2015-04-24 18:14:57 -07:00
timestamping.c
user_dma.c
utils.c