Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/net
History
Hannes Frederic Sowa 341f09c01a unix: correctly track in-flight fds in sending process user_struct 
commit 415e3d3e90ce9e18727e8843ae343eda5a58fad6 upstream.

The commit referenced in the Fixes tag incorrectly accounted the number
of in-flight fds over a unix domain socket to the original opener
of the file-descriptor. This allows another process to arbitrary
deplete the original file-openers resource limit for the maximum of
open files. Instead the sending processes and its struct cred should
be credited.

To do so, we add a reference counted struct user_struct pointer to the
scm_fp_list and use it to account for the number of inflight unix fds.

Fixes: 712f4aad406bb1 ("unix: properly account for FDs passed over unix sockets")
Reported-by: David Herrmann <dh.herrmann@gmail.com>
Cc: David Herrmann <dh.herrmann@gmail.com>
Cc: Willy Tarreau <w@1wt.eu>
Cc: Linus Torvalds <torvalds@linux-foundation.org>
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Willy Tarreau <w@1wt.eu>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2016-03-03 15:06:20 -08:00
..
9p 9p: forgetting to cancel request on interrupted zero-copy RPC 2015-08-03 09:29:47 -07:00
802
8021q 8021q: fix a potential memory leak 2014-07-28 08:00:04 -07:00
appletalk appletalk: Fix socket referencing in skb 2014-07-28 08:00:05 -07:00
atm net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
ax25 net: add validation for the socket syscall protocol argument 2016-01-22 19:47:55 -08:00
batman-adv
bluetooth bluetooth: Validate socket address length in sco_sock_bind(). 2016-01-22 19:47:55 -08:00
bridge bridge: Only call /sbin/bridge-stp for the initial network namespace 2016-01-28 21:49:34 -08:00
caif unix/caif: sk_socket can disappear when state is unlocked 2015-06-22 16:55:51 -07:00
can can: add missing initialisations in CAN related skbuffs 2015-03-26 15:00:58 +01:00
ceph crush: fix a bug in tree bucket decode 2015-08-03 09:29:46 -07:00
core unix: correctly track in-flight fds in sending process user_struct 2016-03-03 15:06:20 -08:00
dcb net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:12:37 -04:00
dccp
decnet net: add validation for the socket syscall protocol argument 2016-01-22 19:47:55 -08:00
dns_resolver dns_resolver: Null-terminate the right string 2014-07-28 08:00:06 -07:00
dsa
ethernet
ieee802154 6lowpan: fix lockdep splats 2014-03-06 21:30:02 -08:00
ipv4 tcp_yeah: don't set ssthresh below 2 2016-01-28 21:49:34 -08:00
ipv6 ip6mr: call del_timer_sync() in ip6mr_free_table() 2016-02-25 11:57:50 -08:00
ipx ipx: fix locking regression in ipx_sendmsg and ipx_recvmsg 2014-12-06 15:05:47 -08:00
irda net: add validation for the socket syscall protocol argument 2016-01-22 19:47:55 -08:00
iucv af_iucv: wrong mapping of sent and confirmed skbs 2014-06-30 20:09:40 -07:00
key net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
l2tp l2tp: protect tunnel->del_work by ref_count 2015-10-27 09:44:47 +09:00
lapb
llc net: llc: use correct size for sysctl timeout entries 2015-04-19 10:10:50 +02:00
mac80211 mac80211: fix driver RSSI event calculations 2015-12-09 13:40:09 -05:00
mac802154
netfilter netfilter: nf_conntrack: fix RCU race in nf_conntrack_find_get 2016-03-03 15:06:19 -08:00
netlabel
netlink netlink: don't hold mutex in rcu callback when releasing mmapd ring 2015-10-01 12:07:37 +02:00
netrom net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
nfc net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
openvswitch openvswitch: fix panic with multiple vlan headers 2014-10-15 08:31:57 +02:00
packet packet: avoid out of bounds read in round robin fanout 2015-07-10 10:40:20 -07:00
phonet phonet: properly unshare skbs in phonet_rcv() 2016-01-28 21:49:34 -08:00
rds RDS: verify the underlying transport exists before creating a connection 2015-12-09 13:40:07 -05:00
rfkill
rose net: rose: restore old recvmsg behavior 2014-01-15 15:28:49 -08:00
rxrpc rxrpc: bogus MSG_PEEK test in rxrpc_recvmsg() 2015-03-26 15:00:56 +01:00
sched net_sched: invoke ->attach() after setting dev->qdisc 2015-06-22 16:55:51 -07:00
sctp sctp: sctp should release assoc when sctp_make_abort_user return NULL in sctp_close 2016-01-28 21:49:33 -08:00
sunrpc SUNRPC: Fix a memory leak in the backchannel code 2015-08-03 09:29:47 -07:00
tipc net/tipc: initialize security state for new connection socket 2015-10-01 12:07:35 +02:00
unix unix: correctly track in-flight fds in sending process user_struct 2016-03-03 15:06:20 -08:00
vmw_vsock net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
wimax
wireless cfg80211: wext: clear sinfo struct before calling driver 2015-06-22 16:55:54 -07:00
x25 net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
xfrm net: Use netlink_ns_capable to verify the permisions of netlink messages 2014-06-26 15:12:37 -04:00
Kconfig
Makefile
compat.c net: compat: Update get_compat_msghdr() to match copy_msghdr_from_user() behaviour 2015-03-26 15:00:56 +01:00
nonet.c
socket.c net: socket: Fix the wrong returns for recvmsg and sendmsg 2015-06-05 23:19:53 -07:00
sysctl_net.c