linux/net/kcm
Kirill Tkhai c6fae49a44 kcm: Fix use-after-free caused by clonned sockets
[ Upstream commit eb7f54b90b ]

(resend for properly queueing in patchwork)

kcm_clone() creates kernel socket, which does not take net counter.
Thus, the net may die before the socket is completely destructed,
i.e. kcm_exit_net() is executed before kcm_done().

Reported-by: syzbot+5f1a04e374a635efc426@syzkaller.appspotmail.com
Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-06-11 22:49:19 +02:00
..
kcmproc.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
kcmsock.c kcm: Fix use-after-free caused by clonned sockets 2018-06-11 22:49:19 +02:00
Kconfig kcm: Use stream parser 2016-08-17 19:36:23 -04:00
Makefile kcm: Add statistics and proc interfaces 2016-03-09 16:36:14 -05:00