NothingOSS/android_kernel_msm-6.1_nothing_sm7635
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Kernel Source and devicetree for NOTHING Phone(3a) and Phone(3a)Pro
1145247 commits 1 branch 0 tags 2.6 GiB
Find a file
Vladislav Efanov 401a1cf50b udp6: Fix race condition in udp6_sendmsg & connect 
[ Upstream commit 448a5ce1120c5bdbce1f1ccdabcd31c7d029f328 ]

Syzkaller got the following report:
BUG: KASAN: use-after-free in sk_setup_caps+0x621/0x690 net/core/sock.c:2018
Read of size 8 at addr ffff888027f82780 by task syz-executor276/3255

The function sk_setup_caps (called by ip6_sk_dst_store_flow->
ip6_dst_store) referenced already freed memory as this memory was
freed by parallel task in udpv6_sendmsg->ip6_sk_dst_lookup_flow->
sk_dst_check.

          task1 (connect)              task2 (udp6_sendmsg)
        sk_setup_caps->sk_dst_set |
                                  |  sk_dst_check->
                                  |      sk_dst_set
                                  |      dst_release
        sk_setup_caps references  |
        to already freed dst_entry|

The reason for this race condition is: sk_setup_caps() keeps using
the dst after transferring the ownership to the dst cache.

Found by Linux Verification Center (linuxtesting.org) with syzkaller.

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Vladislav Efanov <VEfanov@ispras.ru>
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2023-06-09 10:34:04 +02:00
arch riscv: Fix unused variable warning when BUILTIN_DTB is set 2023-06-09 10:34:00 +02:00
block block: fix bio-cache for passthru IO 2023-06-05 09:26:21 +02:00
certs certs: Fix build error when PKCS#11 URI contains semicolon 2023-02-09 11:28:11 +01:00
crypto crypto: testmgr - fix RNG performance in fuzz tests 2023-05-24 17:32:53 +01:00
Documentation dt-binding: cdns,usb3: Fix cdns,on-chip-buff-size type 2023-05-30 14:03:19 +01:00
drivers RDMA/irdma: Fix Local Invalidate fencing 2023-06-09 10:34:02 +02:00
fs nfsd: make a copy of struct iattr before calling notify_change 2023-06-09 10:34:00 +02:00
include tcp: deny tcp_disconnect() when threads are waiting 2023-06-09 10:34:02 +02:00
init gcc: disable '-Warray-bounds' for gcc-13 too 2023-04-26 14:28:43 +02:00
io_uring io_uring/rsrc: use nospec'ed indexes 2023-05-11 23:03:24 +09:00
ipc ipc: fix memory leak in init_mqueue_fs() 2022-12-31 13:32:01 +01:00
kernel x86/pci/xen: populate MSI sysfs entries 2023-05-30 14:03:22 +01:00
lib debugobjects: Don't wake up kswapd from fill_pool() 2023-05-30 14:03:20 +01:00
LICENSES LICENSES/LGPL-2.1: Add LGPL-2.1-or-later as valid identifiers 2021-12-16 14:33:10 +01:00
mm mm: fix zswap writeback race condition 2023-05-24 17:32:51 +01:00
net udp6: Fix race condition in udp6_sendmsg & connect 2023-06-09 10:34:04 +02:00
rust rust: kernel: Mark rust_fmt_argument as extern "C" 2023-04-26 14:28:38 +02:00
samples samples/bpf: Fix fout leak in hbm's run_bpf_prog 2023-05-24 17:32:38 +01:00
scripts recordmcount: Fix memory leaks in the uwrite function 2023-05-24 17:32:41 +01:00
security selinux: ensure av_permissions.h is built when needed 2023-05-11 23:03:06 +09:00
sound ASoC: Intel: avs: Access path components under lock 2023-05-30 14:03:32 +01:00
tools perf ftrace latency: Remove unnecessary "--" from --use-nsec option 2023-06-09 10:34:02 +02:00
usr usr/gen_init_cpio.c: remove unnecessary -1 values from int file 2022-10-03 14:21:44 -07:00
virt KVM: Fix vcpu_array[0] races 2023-05-24 17:32:50 +01:00
.clang-format inet: ping: use hlist_nulls rcu iterator during lookup 2022-12-01 12:42:46 +01:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes
.gitignore Kbuild: add Rust support 2022-09-28 09:02:20 +02:00
.mailmap 9 hotfixes. 6 for MM, 3 for other areas. Four of these patches address 2022-12-10 17:10:52 -08:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING
CREDITS MAINTAINERS: Remove Michal Marek from Kbuild maintainers 2022-11-16 14:53:00 +09:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS platform/x86: Move existing HP drivers to a new hp subdir 2023-05-24 17:32:42 +01:00
Makefile Linux 6.1.32 2023-06-05 09:26:22 +02:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.