Jia-Ju Bai 4c641342d7 net: sched: Fix a possible null-pointer dereference in dequeue_func() ... [ Upstream commit 051c7b39be4a91f6b7d8c4548444e4b850f1f56c ] In dequeue_func(), there is an if statement on line 74 to check whether skb is NULL: if (skb) When skb is NULL, it is used on line 77: prefetch(&skb->end); Thus, a possible null-pointer dereference may occur. To fix this bug, skb->end is used when skb is not NULL. This bug is found by a static analysis tool STCheck written by us. Fixes: 76e3cc126b ("codel: Controlled Delay AQM") Signed-off-by: Jia-Ju Bai <baijiaju1990@gmail.com> Reviewed-by: Jiri Pirko <jiri@mellanox.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2019-08-11 12:20:45 +02:00
..
6lowpan	6lowpan: iphc: reset mac_header after decompress to fix panic	2018-10-10 08:52:04 +02:00
9p	9p/virtio: Add cleanup path in p9_virtio_init	2019-08-04 09:34:51 +02:00
802
8021q	vlan: disable SIOCSHWTSTAMP in container	2019-05-16 19:45:17 +02:00
appletalk	appletalk: Fix use-after-free in atalk_proc_exit	2019-04-27 09:33:59 +02:00
atm	net: atm: Fix potential Spectre v1 vulnerabilities	2019-04-27 09:33:59 +02:00
ax25	ax25: fix inconsistent lock state in ax25_destroy_timer	2019-06-22 08:18:25 +02:00
batman-adv	batman-adv: fix for leaked TVLV handler.	2019-08-04 09:34:39 +02:00
bluetooth	Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug	2019-08-04 09:34:53 +02:00
bridge	net: bridge: delete local fdb on device init failure	2019-08-11 12:20:44 +02:00
caif	net: caif: Add a missing rcu_read_unlock() in caif_flow_cb	2018-09-05 09:18:34 +02:00
can	can: purge socket error queue on sock destruct	2019-07-10 09:56:33 +02:00
ceph	libceph: handle an empty authorize reply	2019-03-23 08:44:18 +01:00
core	net: fix ifindex collision during namespace removal	2019-08-11 12:20:44 +02:00
dcb	net: dcb: For wild-card lookups, use priority -1, not 0	2018-09-19 22:48:58 +02:00
dccp	dccp: do not use ipv6 header for ipv4 flow	2019-04-03 06:23:25 +02:00
decnet	dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock	2018-02-25 11:03:38 +01:00
dns_resolver	KEYS: DNS: fix parsing multiple options	2018-07-22 14:25:54 +02:00
dsa	net: dsa: slave: Don't propagate flag changes on down slave interfaces	2019-02-20 10:13:15 +01:00
ethernet	net: introduce device min_header_len	2017-02-18 16:39:27 +01:00
hsr	net/hsr: fix possible crash in add_timer()	2019-03-23 08:44:31 +01:00
ieee802154	inet: frags: fix ip6frag_low_thresh boundary	2019-02-08 11:25:32 +01:00
ipv4	tcp: be more careful in tcp_fragment()	2019-08-11 12:20:43 +02:00
ipv6	ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt	2019-08-04 09:35:01 +02:00
ipx	ipx: call ipxitf_put() in ioctl error path	2017-05-25 14:30:13 +02:00
irda	irda: Only insert new objects into the global database via setsockopt	2018-09-15 09:40:40 +02:00
iucv	af_iucv: Move sockaddr length checks to before accessing sa_family in bind and connect handlers	2018-11-10 07:41:35 -08:00
key	af_key: fix leaks in key_pol_get_resp and dump_sp.	2019-08-04 09:34:42 +02:00
l2tp	l2tp: fix infoleak in l2tp_ip6_recvmsg()	2019-03-23 08:44:29 +01:00
l3mdev	net: Add netif_is_l3_slave	2015-10-07 04:27:43 -07:00
lapb	lapb: fixed leak of control-blocks.	2019-06-22 08:18:25 +02:00
llc	llc: fix skb leak in llc_build_and_send_ui_pkt()	2019-06-11 12:24:06 +02:00
mac80211	mac80211: mesh: fix RCU warning	2019-07-21 09:07:06 +02:00
mac802154	net: mac802154: tx: expand tailroom if necessary	2018-09-09 20:04:32 +02:00
mpls	mpls, nospec: Sanitize array index in mpls_label_ok()	2018-03-11 16:19:47 +01:00
netfilter	netfilter: nfnetlink_acct: validate NFACCT_QUOTA parameter	2019-08-11 12:20:43 +02:00
netlabel	netlabel: check for IPV4MASK in addrinfo_get	2018-10-20 09:52:36 +02:00
netlink	netlink: Don't shift on 64 for ngroups	2018-08-09 12:19:28 +02:00
netrom	netrom: hold sock when setting skb->destructor	2019-08-04 09:34:54 +02:00
nfc	nfc: fix potential illegal memory access	2019-08-04 09:34:54 +02:00
openvswitch	openvswitch: fix flow actions reallocation	2019-04-27 09:33:54 +02:00
packet	packet: Fix error path in packet_init	2019-05-16 19:45:17 +02:00
phonet	phonet: fix building with clang	2019-03-23 08:44:34 +01:00
rds	net: rds: fix memory leak in rds_ib_flush_mr_pool	2019-06-11 12:24:12 +02:00
rfkill	rfkill: gpio: fix memory leak in probe error path	2018-05-16 10:06:51 +02:00
rose	net: rose: fix a possible stack overflow	2019-04-03 06:23:25 +02:00
rxrpc	rxrpc: check return value of skb_to_sgvec always	2018-04-13 19:50:23 +02:00
sched	net: sched: Fix a possible null-pointer dereference in dequeue_func()	2019-08-11 12:20:45 +02:00
sctp	sctp: change to hold sk after auth shkey is created successfully	2019-07-10 09:56:36 +02:00
sunrpc	sunrpc: don't mark uninitialised items as VALID.	2019-05-16 19:44:44 +02:00
switchdev	switchdev: pass pointer to fib_info instead of copy	2016-06-24 10:18:16 -07:00
tipc	tipc: compat: allow tipc commands without arguments	2019-08-11 12:20:45 +02:00
unix	missing barriers in some of unix_sock ->addr and ->path accesses	2019-03-23 08:44:31 +01:00
vmw_vsock	vsock: cope with memory allocation failure at socket creation time	2019-02-23 09:05:13 +01:00
wimax	net:wimax: Fix doucble word "the the" in networking.xml	2015-08-09 22:43:52 -07:00
wireless	cfg80211: fix memory leak of wiphy device name	2019-07-10 09:56:34 +02:00
x25	net/x25: fix a race in x25_bind()	2019-03-23 08:44:30 +01:00
xfrm	xfrm: fix sa selector validation	2019-08-04 09:34:46 +02:00
compat.c	sock: Make sock->sk_stamp thread-safe	2019-01-13 10:05:28 +01:00
Kconfig	Make DST_CACHE a silent config option	2018-02-25 11:03:37 +01:00
Makefile	net: Introduce L3 Master device abstraction	2015-09-29 20:40:32 -07:00
socket.c	sockfs: getxattr: Fail with -EOPNOTSUPP for invalid attribute names	2019-03-23 08:44:21 +01:00
sysctl_net.c	net: Use ns_capable_noaudit() when determining net sysctl permissions	2016-09-15 08:27:50 +02:00