Li RongQing 117991ed14 tcp: release sk_frag.page in tcp_disconnect ... [ Upstream commit 9b42d55a66d388e4dd5550107df051a9637564fc ] socket can be disconnected and gets transformed back to a listening socket, if sk_frag.page is not released, which will be cloned into a new socket by sk_clone_lock, but the reference count of this page is increased, lead to a use after free or double free issue Signed-off-by: Li RongQing <lirongqing@baidu.com> Cc: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2018-02-16 20:09:38 +01:00
..
6lowpan
9p	net/9p: Switch to wait_event_killable()	2017-11-30 08:37:25 +00:00
802
8021q	8021q: fix a memory leak for VLAN 0 device	2018-01-17 09:35:29 +01:00
appletalk
atm
ax25
batman-adv
bluetooth	Bluetooth: Prevent stack info leak from the EFS element.	2018-01-17 09:35:32 +01:00
bridge	net: bridge: fix early call to br_stp_change_bridge_id and plug newlink leaks	2018-01-02 20:33:26 +01:00
caif	net: caif: Fix a sleep-in-atomic bug in cfpkt_create_pfx	2017-07-05 14:37:14 +02:00
can	can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once	2018-01-31 12:06:08 +01:00
ceph	libceph: force GFP_NOIO for socket allocations	2017-04-08 09:53:30 +02:00
core	bpf: fix 32-bit divide by zero	2018-02-03 17:04:25 +01:00
dcb
dccp	dccp: don't restart ccid2_hc_tx_rto_expire() if sk in closed state	2018-01-31 12:06:12 +01:00
decnet	decnet: always not take dst->__refcnt when inserting dst into hash table	2017-07-05 14:37:14 +02:00
dns_resolver	KEYS: Fix race between updating and finding a negative key	2017-10-27 10:23:18 +02:00
dsa	net: dsa: select NET_SWITCHDEV	2017-11-15 17:13:11 +01:00
ethernet
hsr
ieee802154	Revert "net: fix percpu memory leaks"	2017-09-27 11:00:11 +02:00
ipv4	tcp: release sk_frag.page in tcp_disconnect	2018-02-16 20:09:38 +01:00
ipv6	ip6mr: fix stale iterator	2018-02-16 20:09:37 +01:00
ipx	ipx: call ipxitf_put() in ioctl error path	2017-05-25 14:30:13 +02:00
irda	irda: do not leak initialized list.dev to userspace	2017-08-30 10:19:21 +02:00
iucv
key	af_key: fix buffer overread in parse_exthdrs()	2018-01-23 19:50:14 +01:00
l2tp	l2tp: cleanup l2tp_tunnel_delete calls	2017-12-20 10:04:59 +01:00
l3mdev
lapb
llc
mac80211	mac80211: fix the update of path metric for RANN frame	2018-02-03 17:04:27 +01:00
mac802154
mpls
netfilter	netfilter: xt_osf: Add missing permission checks	2018-01-31 12:06:11 +01:00
netlabel
netlink	netlink: Add netns check on taps	2018-01-02 20:33:24 +01:00
netrom
nfc	NFC: fix device-allocation error return	2017-11-30 08:37:23 +00:00
openvswitch	openvswitch: fix the incorrect flow action alloc size	2018-02-03 17:04:27 +01:00
packet	net/packet: fix a race in packet_bind() and packet_notifier()	2017-12-16 10:33:56 +01:00
phonet
rds	RDS: null pointer dereference in rds_atomic_free_op	2018-01-17 09:35:29 +01:00
rfkill
rose
rxrpc	rxrpc: Fix several cases where a padded len isn't checked in ticket decode	2017-06-29 12:48:52 +02:00
sched	sch_dsmark: fix invalid skb_cow() usage	2017-12-25 14:22:10 +01:00
sctp	sctp: return error if the asoc has been peeled off in sctp_wait_for_sndbuf	2018-01-31 12:06:13 +01:00
sunrpc	SUNRPC: Allow connect to return EHOSTUNREACH	2018-02-03 17:04:28 +01:00
switchdev
tipc	tipc: fix memory leak in tipc_accept_from_sock()	2017-12-16 10:33:56 +01:00
unix	net/unix: don't show information about sockets from other namespaces	2017-11-18 11:11:06 +01:00
vmw_vsock	vsock: use new wait API for vsock_stream_sendmsg()	2017-11-30 08:37:19 +00:00
wimax
wireless	nl80211: Define policy for packet pattern attributes	2017-10-18 09:20:41 +02:00
x25
xfrm	xfrm: Copy policy family in clone_policy	2017-12-16 10:33:55 +01:00
compat.c	audit: log 32-bit socketcalls	2017-10-08 10:14:18 +02:00
Kconfig	bpf: introduce BPF_JIT_ALWAYS_ON config	2018-02-03 17:04:24 +01:00
Makefile
socket.c	bpf: introduce BPF_JIT_ALWAYS_ON config	2018-02-03 17:04:24 +01:00
sysctl_net.c