system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-22 03:55:39 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/net/sctp
History
Xin Long 5179b26694 sctp: call rcu_read_lock before checking for duplicate transport nodes 
Commit cd2b708750 ("sctp: check duplicate node before inserting a
new transport") called rhltable_lookup() to check for the duplicate
transport node in transport rhashtable.

But rhltable_lookup() doesn't call rcu_read_lock inside, it could cause
a use-after-free issue if it tries to dereference the node that another
cpu has freed it. Note that sock lock can not avoid this as it is per
sock.

This patch is to fix it by calling rcu_read_lock before checking for
duplicate transport nodes.

Fixes: cd2b708750 ("sctp: check duplicate node before inserting a new transport")
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-01 09:50:58 -08:00
..
associola.c sctp: add dst_pending_confirm flag 2017-02-07 13:07:46 -05:00
auth.c sctp: use IS_ENABLED() instead of checking for built-in or module 2016-09-10 21:19:11 -07:00
bind_addr.c sctp: not copying duplicate addrs to the assoc's bind address list 2016-12-20 14:15:45 -05:00
chunk.c sctp: refactor sctp_datamsg_from_user 2016-12-29 14:44:03 -05:00
debug.c net: sctp: fix array overrun read on sctp_timer_tbl 2017-01-24 15:24:35 -05:00
endpointola.c sctp: add reconf_enable in asoc ep and netns 2017-01-18 14:55:10 -05:00
input.c sctp: call rcu_read_lock before checking for duplicate transport nodes 2017-03-01 09:50:58 -08:00
inqueue.c sctp: rename WORD_TRUNC/ROUND macros 2016-09-22 03:13:26 -04:00
ipv6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-01-28 10:33:06 -05:00
Kconfig sctp: add the sctp_diag.c file 2016-04-15 17:29:36 -04:00
Makefile sctp: prepare asoc stream for stream reconf 2017-01-06 21:07:26 -05:00
objcnt.c sctp: prepare asoc stream for stream reconf 2017-01-06 21:07:26 -05:00
offload.c sctp: sctp gso should set feature with NETIF_F_SG when calling skb_segment 2017-01-25 12:28:33 -05:00
output.c lib/vsprintf.c: remove %Z support 2017-02-27 18:43:47 -08:00
outqueue.c sctp: add dst_pending_confirm flag 2017-02-07 13:07:46 -05:00
primitive.c sctp: add stream reconf primitive 2017-01-18 14:55:10 -05:00
probe.c net: sctp: Convert log timestamps to be y2038 safe 2016-03-01 17:18:44 -05:00
proc.c net: Suppress the "Comparison to NULL could be written" warnings 2016-09-30 01:50:45 -04:00
protocol.c sctp: set sin_port for addr param when checking duplicate address 2017-02-26 21:24:05 -05:00
sctp_diag.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-10-02 22:20:41 -04:00
sm_make_chunk.c sctp: add a function to verify the sctp reconf chunk 2017-02-19 18:17:59 -05:00
sm_sideeffect.c sctp: flush out queue once assoc state falls into SHUTDOWN_PENDING 2017-02-20 10:26:09 -05:00
sm_statefuns.c sctp: add reconf chunk process 2017-02-19 18:17:59 -05:00
sm_statetable.c sctp: add reconf chunk event 2017-02-19 18:17:59 -05:00
socket.c sctp: deny peeloff operation on asocs with threads sleeping on it 2017-02-24 11:10:38 -05:00
stream.c sctp: implement receiver-side procedures for the Incoming SSN Reset Request Parameter 2017-02-19 18:17:59 -05:00
sysctl.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2016-01-11 23:55:43 -05:00
transport.c scripts/spelling.txt: add "varible" pattern and fix typo instances 2017-02-27 18:43:47 -08:00
tsnmap.c sctp: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
ulpevent.c sctp: add support for generating stream ssn reset event notification 2017-02-19 18:17:59 -05:00
ulpqueue.c sctp: prepare asoc stream for stream reconf 2017-01-06 21:07:26 -05:00