korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-14 15:54:15 +08:00
Code Issues Packages Projects Releases Wiki Activity
0b532f5943
linux/net/core
History
Thadeu Lima de Souza Cascardo 7b0e64583e net: fix out-of-bounds access in ops_init 
commit a26ff37e62 upstream.

net_alloc_generic is called by net_alloc, which is called without any
locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It
is read twice, first to allocate an array, then to set s.len, which is
later used to limit the bounds of the array access.

It is possible that the array is allocated and another thread is
registering a new pernet ops, increments max_gen_ptrs, which is then used
to set s.len with a larger than allocated length for the variable array.

Fix it by reading max_gen_ptrs only once in net_alloc_generic. If
max_gen_ptrs is later incremented, it will be caught in net_assign_generic.

Signed-off-by: Thadeu Lima de Souza Cascardo <cascardo@igalia.com>
Fixes: 073862ba5d ("netns: fix net_alloc_generic()")
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Cc: stable@vger.kernel.org
Link: https://lore.kernel.org/r/20240502132006.3430840-1-cascardo@igalia.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-05-17 11:43:55 +02:00
..
bpf_sk_storage.c bpf: Improve bucket_log calculation logic 2020-02-14 16:34:10 -05:00
datagram.c net: datagram: fix data-races in datagram_poll() 2023-05-30 12:44:02 +01:00
datagram.h
dev_addr_lists.c net: remove unnecessary variables and callback 2019-10-24 14:53:49 -07:00
dev_ioctl.c net: fix dev_ifsioc_locked() race condition 2021-03-07 12:20:43 +01:00
dev.c packet: annotate data-races around ignore_outgoing 2024-03-26 18:22:25 -04:00
devlink.c devlink: remove reload failed checks in params get/set callbacks 2023-09-23 11:00:03 +02:00
drop_monitor.c drop_monitor: Require 'CAP_SYS_ADMIN' when joining "events" group 2023-12-13 18:18:17 +01:00
dst_cache.c
dst.c ipv6: remove max_size check inline with ipv4 2024-01-15 18:25:29 +01:00
ethtool.c net/ethtool/ioctl: return -EOPNOTSUPP if we have no phy stats 2023-01-24 07:17:58 +01:00
failover.c
fib_notifier.c net: fib_notifier: move fib_notifier_ops from struct net into per-net struct 2019-09-07 17:28:22 +02:00
fib_rules.c ipv6: fix memory leak in fib6_rule_suppress 2021-12-08 09:01:13 +01:00
filter.c bpf: sockmap, updating the sg structure should also update curr 2023-12-13 18:18:13 +01:00
flow_dissector.c net/ipv6: SKB symmetric hash should incorporate transport ports 2023-09-23 10:59:56 +02:00
flow_offload.c net: core: rename indirect block ingress cb function 2019-12-18 16:08:47 +01:00
gen_estimator.c net_sched: gen_estimator: support large ewma log 2021-02-07 15:35:47 +01:00
gen_stats.c
gro_cells.c
hwbm.c net: hwbm: Make the hwbm_pool lock a mutex 2019-06-09 19:40:10 -07:00
link_watch.c net: linkwatch: fix failure to restore device state across suspend/resume 2021-08-18 08:57:00 +02:00
lwt_bpf.c lwt: Fix return values of BPF xmit ops 2023-09-23 10:59:42 +02:00
lwtunnel.c lwtunnel: Validate RTA_ENCAP_TYPE attribute length 2022-01-11 15:23:32 +01:00
Makefile
neighbour.c neighbour: Don't let neigh_forced_gc() disable preemption for long 2024-01-25 14:34:20 -08:00
net_namespace.c net: fix out-of-bounds access in ops_init 2024-05-17 11:43:55 +02:00
net-procfs.c net-procfs: show net devices bound packet types 2022-02-01 17:24:37 +01:00
net-sysfs.c net-sysfs: add check for netdevice being present to speed_show 2022-03-16 13:21:46 +01:00
net-sysfs.h
net-traces.c page_pool: add tracepoints for page_pool with details need by XDP 2019-06-19 11:23:13 -04:00
netclassid_cgroup.c cgroup, netclassid: remove double cond_resched 2020-05-10 10:31:32 +02:00
netevent.c
netpoll.c net: don't let netpoll invoke NAPI if in xmit context 2023-04-20 12:07:33 +02:00
netprio_cgroup.c netprio_cgroup: Fix unlimited memory leak of v2 cgroups 2020-05-20 08:20:12 +02:00
page_pool.c mm: fix struct page layout on 32-bit systems 2021-05-19 10:08:31 +02:00
pktgen.c net: pktgen: Fix interface flags printing 2023-10-25 11:53:22 +02:00
ptp_classifier.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 295 2019-06-05 17:36:38 +02:00
request_sock.c tcp: add rcu protection around tp->fastopen_rsk 2019-10-13 10:13:08 -07:00
rtnetlink.c rtnetlink: Correct nested IFLA_VF_VLAN_LIST attribute validation 2024-05-17 11:43:54 +02:00
scm.c io_uring/unix: drop usage of io_uring socket 2024-03-26 18:22:12 -04:00
secure_seq.c tcp: Fix data-races around sysctl knobs related to SYN option. 2022-07-29 17:14:14 +02:00
skbuff.c net: prevent mss overflow in skb_segment() 2024-02-23 08:25:14 +01:00
skmsg.c bpf, sockmap: Fix memleak in tcp_bpf_sendmsg while sk msg is full 2022-04-15 14:18:16 +02:00
sock_diag.c sock_diag: annotate data-races around sock_diag_handlers[family] 2024-03-26 18:22:14 -04:00
sock_map.c bpf, sockmap: Prevent lock inversion deadlock in map delete elem 2024-04-13 12:51:34 +02:00
sock_reuseport.c udp: Prevent reuseport_select_sock from reading uninitialized socks 2021-01-23 15:57:56 +01:00
sock.c net: mark racy access on sk->sk_rcvbuf 2024-05-17 11:43:50 +02:00
stream.c net: Remove WARN_ON_ONCE(sk->sk_forward_alloc) from sk_stream_kill_queues(). 2023-03-03 11:41:48 +01:00
sysctl_net_core.c net: Fix data-races around weight_p and dev_weight_[rt]x_bias. 2022-09-05 10:27:41 +02:00
timestamping.c
tso.c net: Use skb accessors in network core 2019-07-22 20:47:56 -07:00
utils.c net: Fix skb->csum update in inet_proto_csum_replace16(). 2020-02-05 21:22:52 +00:00
xdp.c xdp: obtain the mem_id mutex before trying to remove an entry. 2019-12-18 16:09:10 +01:00