android_kernel_oneplus_msm8998/net/llc at 36e7c2e687603c81dc47152537bd91cce681f0dc - evie/android_kernel_oneplus_msm8998 - Gay Catgirls Forgejo: gay catgirls having sex

evie/android_kernel_oneplus_msm8998

History

Eric Biggers 96ff6ba50a llc: fix sk_buff leak in llc_conn_service() commit b74555de21acd791f12c4a1aeaf653dd7ac21133 upstream. syzbot reported: BUG: memory leak unreferenced object 0xffff88811eb3de00 (size 224): comm "syz-executor559", pid 7315, jiffies 4294943019 (age 10.300s) hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00 a0 38 24 81 88 ff ff 00 c0 f2 15 81 88 ff ff ..8$............ backtrace: [<000000008d1c66a1>] kmemleak_alloc_recursive include/linux/kmemleak.h:55 [inline] [<000000008d1c66a1>] slab_post_alloc_hook mm/slab.h:439 [inline] [<000000008d1c66a1>] slab_alloc_node mm/slab.c:3269 [inline] [<000000008d1c66a1>] kmem_cache_alloc_node+0x153/0x2a0 mm/slab.c:3579 [<00000000447d9496>] __alloc_skb+0x6e/0x210 net/core/skbuff.c:198 [<000000000cdbf82f>] alloc_skb include/linux/skbuff.h:1058 [inline] [<000000000cdbf82f>] llc_alloc_frame+0x66/0x110 net/llc/llc_sap.c:54 [<000000002418b52e>] llc_conn_ac_send_sabme_cmd_p_set_x+0x2f/0x140 net/llc/llc_c_ac.c:777 [<000000001372ae17>] llc_exec_conn_trans_actions net/llc/llc_conn.c:475 [inline] [<000000001372ae17>] llc_conn_service net/llc/llc_conn.c:400 [inline] [<000000001372ae17>] llc_conn_state_process+0x1ac/0x640 net/llc/llc_conn.c:75 [<00000000f27e53c1>] llc_establish_connection+0x110/0x170 net/llc/llc_if.c:109 [<00000000291b2ca0>] llc_ui_connect+0x10e/0x370 net/llc/af_llc.c:477 [<000000000f9c740b>] __sys_connect+0x11d/0x170 net/socket.c:1840 [...] The bug is that most callers of llc_conn_send_pdu() assume it consumes a reference to the skb, when actually due to commit b85ab56c3f81 ("llc: properly handle dev_queue_xmit() return value") it doesn't. Revert most of that commit, and instead make the few places that need llc_conn_send_pdu() to not consume a reference call skb_get() before. Fixes: b85ab56c3f81 ("llc: properly handle dev_queue_xmit() return value") Reported-by: syzbot+6b825a6494a04cc0e3f7@syzkaller.appspotmail.com Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2019-11-06 12:09:22 +01:00
..
af_llc.c	llc: do not use sk_eat_skb()	2018-12-01 09:46:34 +01:00
Kconfig
llc_c_ac.c	llc: fix sk_buff leak in llc_conn_service()	2019-11-06 12:09:22 +01:00
llc_c_ev.c	net: replace remaining __FUNCTION__ occurrences	2008-03-05 20:47:47 -08:00
llc_c_st.c	llc: Make llc_conn_ev_qfyr_t function pointer arrays const	2014-12-10 15:21:24 -05:00
llc_conn.c	llc: fix sk_buff leak in llc_conn_service()	2019-11-06 12:09:22 +01:00
llc_core.c	llc: use refcount_inc_not_zero() for llc_sap_find()	2018-08-22 07:48:35 +02:00
llc_if.c	net: llc: include linux/errno.h instead of asm/errno.h	2014-10-24 15:51:42 -04:00
llc_input.c	llc: Fix races between llc2 handler use and (un)registration	2012-08-14 16:52:02 -07:00
llc_output.c	llc: fix skb leak in llc_build_and_send_ui_pkt()	2019-06-11 12:24:06 +02:00
llc_pdu.c	[LLC]: skb allocation size for responses	2008-03-31 21:02:47 -07:00
llc_proc.c	net: proc_fs: trivial: print UIDs as unsigned int	2013-08-15 14:37:46 -07:00
llc_s_ac.c	llc: fix sk_buff leak in llc_sap_state_process()	2019-11-06 12:09:22 +01:00
llc_s_ev.c
llc_s_st.c	llc: Make llc_sap_action_t function pointer arrays const	2014-12-10 15:21:24 -05:00
llc_sap.c	llc: fix sk_buff leak in llc_sap_state_process()	2019-11-06 12:09:22 +01:00
llc_station.c	llc2: Collapse remainder of state machine into simple if-else if-statement	2012-09-17 13:04:19 -04:00
Makefile
sysctl_net_llc.c	net: llc: use correct size for sysctl timeout entries	2015-01-25 00:23:21 -08:00