Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/net
History
Eric Dumazet 4734f5361b phonet: properly unshare skbs in phonet_rcv() 
[ Upstream commit 7aaed57c5c2890634cfadf725173c7c68ea4cb4f ]

Ivaylo Dimitrov reported a regression caused by commit 7866a621043f
("dev: add per net_device packet type chains").

skb->dev becomes NULL and we crash in __netif_receive_skb_core().

Before above commit, different kind of bugs or corruptions could happen
without major crash.

But the root cause is that phonet_rcv() can queue skb without checking
if skb is shared or not.

Many thanks to Ivaylo Dimitrov for his help, diagnosis and tests.

Reported-by: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
Tested-by: Ivaylo Dimitrov <ivo.g.dimitrov.75@gmail.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Remi Denis-Courmont <courmisch@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2016-01-28 21:49:34 -08:00
..
9p 9p: forgetting to cancel request on interrupted zero-copy RPC 2015-08-03 09:29:47 -07:00
802
8021q 8021q: fix a potential memory leak 2014-07-28 08:00:04 -07:00
appletalk appletalk: Fix socket referencing in skb 2014-07-28 08:00:05 -07:00
atm net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
ax25 net: add validation for the socket syscall protocol argument 2016-01-22 19:47:55 -08:00
batman-adv batman-adv: set up network coding packet handlers during module init 2013-11-20 12:27:47 -08:00
bluetooth bluetooth: Validate socket address length in sco_sock_bind(). 2016-01-22 19:47:55 -08:00
bridge bridge: Only call /sbin/bridge-stp for the initial network namespace 2016-01-28 21:49:34 -08:00
caif unix/caif: sk_socket can disappear when state is unlocked 2015-06-22 16:55:51 -07:00
can can: add missing initialisations in CAN related skbuffs 2015-03-26 15:00:58 +01:00
ceph crush: fix a bug in tree bucket decode 2015-08-03 09:29:46 -07:00
core net: possible use after free in dst_release 2016-01-28 21:49:34 -08:00
dcb net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:12:37 -04:00
dccp
decnet net: add validation for the socket syscall protocol argument 2016-01-22 19:47:55 -08:00
dns_resolver dns_resolver: Null-terminate the right string 2014-07-28 08:00:06 -07:00
dsa
ethernet
ieee802154 6lowpan: fix lockdep splats 2014-03-06 21:30:02 -08:00
ipv4 tcp_yeah: don't set ssthresh below 2 2016-01-28 21:49:34 -08:00
ipv6 ipv6/addrlabel: fix ip6addrlbl_get() 2016-01-28 21:49:33 -08:00
ipx ipx: fix locking regression in ipx_sendmsg and ipx_recvmsg 2014-12-06 15:05:47 -08:00
irda net: add validation for the socket syscall protocol argument 2016-01-22 19:47:55 -08:00
iucv af_iucv: wrong mapping of sent and confirmed skbs 2014-06-30 20:09:40 -07:00
key net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
l2tp l2tp: protect tunnel->del_work by ref_count 2015-10-27 09:44:47 +09:00
lapb
llc net: llc: use correct size for sysctl timeout entries 2015-04-19 10:10:50 +02:00
mac80211 mac80211: fix driver RSSI event calculations 2015-12-09 13:40:09 -05:00
mac802154
netfilter ipvs: fix crash with sync protocol v0 and FTP 2015-10-22 14:37:51 -07:00
netlabel
netlink netlink: don't hold mutex in rcu callback when releasing mmapd ring 2015-10-01 12:07:37 +02:00
netrom net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
nfc net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
openvswitch openvswitch: fix panic with multiple vlan headers 2014-10-15 08:31:57 +02:00
packet packet: avoid out of bounds read in round robin fanout 2015-07-10 10:40:20 -07:00
phonet phonet: properly unshare skbs in phonet_rcv() 2016-01-28 21:49:34 -08:00
rds RDS: verify the underlying transport exists before creating a connection 2015-12-09 13:40:07 -05:00
rfkill
rose net: rose: restore old recvmsg behavior 2014-01-15 15:28:49 -08:00
rxrpc rxrpc: bogus MSG_PEEK test in rxrpc_recvmsg() 2015-03-26 15:00:56 +01:00
sched net_sched: invoke ->attach() after setting dev->qdisc 2015-06-22 16:55:51 -07:00
sctp sctp: sctp should release assoc when sctp_make_abort_user return NULL in sctp_close 2016-01-28 21:49:33 -08:00
sunrpc SUNRPC: Fix a memory leak in the backchannel code 2015-08-03 09:29:47 -07:00
tipc net/tipc: initialize security state for new connection socket 2015-10-01 12:07:35 +02:00
unix unix: properly account for FDs passed over unix sockets 2016-01-28 21:49:33 -08:00
vmw_vsock net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
wimax
wireless cfg80211: wext: clear sinfo struct before calling driver 2015-06-22 16:55:54 -07:00
x25 net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
xfrm net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:12:37 -04:00
Kconfig
Makefile
compat.c net: compat: Update get_compat_msghdr() to match copy_msghdr_from_user() behaviour 2015-03-26 15:00:56 +01:00
nonet.c
socket.c net: socket: Fix the wrong returns for recvmsg and sendmsg 2015-06-05 23:19:53 -07:00
sysctl_net.c