linux/fs/ocfs2/cluster
David S. Miller 676d23690f net: Fix use after free by removing length arg from sk_data_ready callbacks.
Several spots in the kernel perform a sequence like:

	skb_queue_tail(&sk->s_receive_queue, skb);
	sk->sk_data_ready(sk, skb->len);

But at the moment we place the SKB onto the socket receive queue it
can be consumed and freed up.  So this skb->len access is potentially
to freed up memory.

Furthermore, the skb->len can be modified by the consumer so it is
possible that the value isn't accurate.

And finally, no actual implementation of this callback actually uses
the length argument.  And since nobody actually cared about it's
value, lots of call sites pass arbitrary values in such as '0' and
even '1'.

So just remove the length argument from the callback, that way there
is no confusion whatsoever and all of these use-after-free cases get
fixed as a side effect.

Based upon a patch by Eric Dumazet and his suggestion to audit this
issue tree-wide.

Signed-off-by: David S. Miller <davem@davemloft.net>
2014-04-11 16:15:36 -04:00
..
heartbeat.c block: Abstract out bvec iterator 2013-11-23 22:33:47 -08:00
heartbeat.h ocfs2/cluster: Get all heartbeat regions 2010-10-07 14:31:06 -07:00
Makefile ocfs2: remove versioning information 2014-01-21 16:19:41 -08:00
masklog.c ocfs2: Remove masklog ML_UPTODATE. 2011-02-24 16:22:20 +08:00
masklog.h ocfs2: don't spam on -EDQUOT 2013-11-13 12:09:01 +09:00
netdebug.c switch debugfs to umode_t 2012-01-03 22:54:56 -05:00
nodemanager.c ocfs2: remove versioning information 2014-01-21 16:19:41 -08:00
nodemanager.h ocfs2/cluster: Make fence method configurable - v2 2009-12-02 16:49:26 -08:00
ocfs2_heartbeat.h ocfs2: warn the user on a dead timeout mismatch 2006-06-29 15:45:35 -07:00
ocfs2_nodemanager.h ocfs2/dlm: Add message DLM_QUERY_REGION 2010-10-09 10:26:23 -07:00
quorum.c ocfs2: fix a comments typo at o2quo_hb_still_up() 2013-07-03 16:07:24 -07:00
quorum.h [PATCH] OCFS2: The Second Oracle Cluster Filesystem 2006-01-03 11:45:46 -08:00
sys.c VERIFY_OCTAL_PERMISSIONS: stricter checking for sysfs perms. 2014-03-24 12:21:00 +10:30
sys.h [PATCH] OCFS2: The Second Oracle Cluster Filesystem 2006-01-03 11:45:46 -08:00
tcp_internal.h net: Fix use after free by removing length arg from sk_data_ready callbacks. 2014-04-11 16:15:36 -04:00
tcp.c net: Fix use after free by removing length arg from sk_data_ready callbacks. 2014-04-11 16:15:36 -04:00
tcp.h ocfs2/cluster: Add new function o2net_fill_node_map() 2011-07-24 10:32:54 -07:00