linux/net/core
Eric Dumazet eefca20eb2 socket, bpf: fix possible use after free
Starting from linux-4.4, 3WHS no longer takes the listener lock.

Since this time, we might hit a use-after-free in sk_filter_charge(),
if the filter we got in the memcpy() of the listener content
just happened to be replaced by a thread changing listener BPF filter.

To fix this, we need to make sure the filter refcount is not already
zero before incrementing it again.

Fixes: e994b2f0fb ("tcp: do not lock listener to process SYN packets")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Alexei Starovoitov <ast@kernel.org>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-10-02 15:23:42 -07:00
..
datagram.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
dev_addr_lists.c net: fix spelling for synchronized 2014-11-18 15:26:32 -05:00
dev_ioctl.c net: check dev->addr_len for dev_set_mac_address() 2017-07-29 11:25:05 -07:00
dev.c net: orphan frags on stand-alone ptype in dev_queue_xmit_nit 2017-09-22 20:31:29 -07:00
devlink.c devlink: Add IPv6 header for dpipe 2017-08-31 14:42:19 -07:00
drop_monitor.c drop_monitor: use setup_timer 2017-03-12 23:47:16 -07:00
dst_cache.c net: dst_cache_per_cpu_dst_set() can be static 2016-03-18 17:45:08 -04:00
dst.c net: check type when freeing metadata dst 2017-08-21 10:57:38 -07:00
ethtool.c net: ethtool: Add back transceiver type 2017-09-21 15:20:40 -07:00
fib_notifier.c net: Add module reference to FIB notifiers 2017-09-01 20:33:42 -07:00
fib_rules.c rtnetlink: make rtnl_register accept a flags parameter 2017-08-09 16:57:38 -07:00
filter.c socket, bpf: fix possible use after free 2017-10-02 15:23:42 -07:00
flow_dissector.c flow_dissector: Add limit for number of headers to dissect 2017-09-05 11:40:08 -07:00
gen_estimator.c net_sched: gen_estimator: fix scaling error in bytes/packets samples 2017-09-13 13:30:53 -07:00
gen_stats.c net_sched: gen_estimator: complete rewrite of rate estimators 2016-12-05 15:21:59 -05:00
gro_cells.c net: Generic XDP 2017-04-25 13:33:49 -04:00
hwbm.c net: hwbm: Fix unbalanced spinlock in error case 2016-05-25 12:35:09 -07:00
link_watch.c dev: introduce dev_get_iflink() 2015-04-02 14:04:59 -04:00
lwt_bpf.c net: add extack arg to lwtunnel build state 2017-05-30 11:55:32 -04:00
lwtunnel.c ipv6: sr: define core operations for seg6local lightweight tunnel 2017-08-07 14:16:22 -07:00
Makefile net: core: Make the FIB notification chain generic 2017-08-03 15:35:59 -07:00
neighbour.c rtnetlink: make rtnl_register accept a flags parameter 2017-08-09 16:57:38 -07:00
net_namespace.c net: call newid/getid without rtnl mutex held 2017-08-09 16:57:38 -07:00
net-procfs.c net-procfs: Use vsnprintf extension %phN 2017-06-04 19:52:58 -04:00
net-sysfs.c net: style cleanups 2017-08-18 22:38:47 -07:00
net-sysfs.h
net-traces.c bridge: add tracepoint in br_fdb_update 2017-08-31 11:42:41 -07:00
netclassid_cgroup.c cgroup: add @flags to css_task_iter_start() and implement CSS_TASK_ITER_PROCS 2017-07-21 11:14:51 -04:00
netevent.c netevent: remove automatic variable in register_netevent_notifier() 2015-05-31 00:03:21 -07:00
netpoll.c netpoll: Fix device name check in netpoll_setup() 2017-07-26 17:01:43 -07:00
netprio_cgroup.c net: break include loop netdevice.h, dsa.h, devlink.h 2017-03-28 22:46:04 -07:00
pktgen.c net: convert sk_buff.users from atomic_t to refcount_t 2017-07-01 07:39:07 -07:00
ptp_classifier.c ptp: Change ptp_class to a proper bitmask 2015-11-03 11:08:22 -05:00
request_sock.c ipv4: Namespaceify tcp_max_syn_backlog knob 2016-12-29 11:38:31 -05:00
rtnetlink.c rtnelink: Move link dump consistency check out of the loop 2017-08-13 19:43:57 -07:00
scm.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/user.h> 2017-03-02 08:42:29 +01:00
secure_seq.c tcp: Namespaceify sysctl_tcp_timestamps 2017-06-08 10:53:29 -04:00
skbuff.c udp: drop head states only when all skb references are gone 2017-09-07 20:02:39 -07:00
sock_diag.c netlink: extended ACK reporting 2017-04-13 13:58:20 -04:00
sock_reuseport.c soreuseport: use "unsigned int" in __reuseport_alloc() 2017-04-03 19:06:38 -07:00
sock.c socket, bpf: fix possible use after free 2017-10-02 15:23:42 -07:00
stream.c sched/headers: Prepare for new header dependencies before moving code to <linux/sched/signal.h> 2017-03-02 08:42:29 +01:00
sysctl_net_core.c net: move somaxconn init from sysctl code 2017-05-25 13:12:17 -04:00
timestamping.c net: skb_defer_rx_timestamp should check for phydev before setting up classify 2015-07-09 14:17:15 -07:00
tso.c net: tso: add support for IPv6 2015-10-26 22:24:22 -07:00
utils.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2017-05-02 16:40:27 -07:00