evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net
History
Sharath Chandra Vurukala 4d2f6ab9a8 net: sockev: avoid races between sockev and socket_close 
Use-after-free is seen when sending a sockev netlink message
since socket is not held which can race with sk_free.

KASAN: use-after-free in sockev_client_cb+0x41c/0x4b8
	in net/core/sockev_nlmcast.c:104
Read of size 2 at addr ffffffc08420c550
Call trace:
dump_backtrace+0x0/0x388 arch/arm64/kernel/time.c:55
show_stack+0x24/0x30 arch/arm64/kernel/traps.c:152
__dump_stack+0x24/0x2c lib/dump_stack.c:17
dump_stack+0x8c/0xd0 lib/dump_stack.c:53
print_address_description+0x74/0x234 mm/kasan/report.c:256
kasan_report_error mm/kasan/report.c:354 [inline]
kasan_report+0x240/0x264 mm/kasan/report.c:412
__asan_report_load2_noabort+0x2c/0x38 mm/kasan/report.c:431
sockev_client_cb+0x41c/0x4b8 net/core/sockev_nlmcast.c:104
notifier_call_chain+0x104/0x158 kernel/notifier.c:93
__blocking_notifier_call_chain+0x80/0xb0 kernel/notifier.c:317
blocking_notifier_call_chain+0x3c/0x4c kernel/notifier.c:328
sockev_notify+0x30/0x3c net/socket.c:181
SYSC_bind net/socket.c:1509 [inline]
SyS_bind+0x1ec/0x30c net/socket.c:1489
el0_svc_naked+0x34/0x38
Freed by task 19460:
save_stack mm/kasan/kasan.c:447 [inline]
set_track mm/kasan/kasan.c:459 [inline]
__kasan_slab_free+0x134/0x20c mm/kasan/kasan.c:520
kasan_slab_free+0x10/0x1c mm/kasan/kasan.c:527
slab_free_hook mm/slub.c:1401 [inline]
slab_free_freelist_hook mm/slub.c:1422 [inline]
slab_free mm/slub.c:2979 [inline]
kmem_cache_free+0x114/0x664 mm/slub.c:3001
sk_prot_free net/core/sock.c:1504 [inline]
__sk_destruct+0x324/0x3c0 net/core/sock.c:1585
__sk_free+0x180/0x200 net/core/sock.c:1601
sk_free+0x44/0x50 net/core/sock.c:1612
sock_put include/net/sock.h:1643 [inline]
sk_common_release+0x198/0x20c net/core/sock.c:3014
raw_close+0x38/0x44 net/ipv4/raw.c:703
inet_release+0x128/0x15c net/ipv4/af_inet.c:446
__sock_release+0xb8/0x258 net/socket.c:614
sock_close+0x24/0x34 net/socket.c:1150
__fput+0x1f4/0x4e4 fs/file_table.c:345
____fput+0x20/0x2c fs/file_table.c:380
task_work_run+0x9c/0x174 kernel/task_work.c:113

Change-Id: Idb4335889b6e4228f36d76ca5b6156cc5e5838da
Signed-off-by: Sharath Chandra Vurukala <sharathv@codeaurora.org>
2019-05-20 15:51:25 +05:30
..
6lowpan
9p net/9p: Switch to wait_event_killable() 2017-11-30 08:37:25 +00:00
802
8021q vlan: also check phy_driver ts_info for vlan's real device 2018-04-13 19:50:25 +02:00
appletalk
atm net: atm: Fix potential Spectre v1 2018-05-16 10:06:51 +02:00
ax25
batman-adv batman-adv: fix packet loss for broadcasted DHCP packets to a server 2018-05-30 07:49:06 +02:00
bluetooth Merge android-4.4.153 (5e24b4e) into msm-4.4 2018-08-28 17:28:39 +05:30
bridge This is the 4.4.152 stable release 2018-08-24 13:37:12 +02:00
caif
can can: af_can: canfd_rcv(): replace WARN_ONCE by pr_warn_once 2018-01-31 12:06:08 +01:00
ceph libceph: validate con->state at the top of try_write() 2018-05-02 07:53:42 -07:00
core net: sockev: avoid races between sockev and socket_close 2019-05-20 15:51:25 +05:30
dcb
dccp dccp: fix undefined behavior with 'cwnd' shift in ccid2_cwnd_restart() 2018-08-22 07:48:35 +02:00
decnet dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock 2018-02-25 11:03:38 +01:00
dns_resolver KEYS: DNS: fix parsing multiple options 2018-07-22 14:25:54 +02:00
dsa net: dsa: Do not suspend/resume closed slave_dev 2018-08-06 16:24:41 +02:00
ethernet
hsr
ieee802154 net: ieee802154: fix net_device reference release too early 2018-04-13 19:50:10 +02:00
ipc_router net: ipc_router: Initialize the sockaddr in recvmsg() handler 2018-07-25 22:57:06 -07:00
ipv4 Merge android-4.4.153 (5e24b4e) into msm-4.4 2018-08-28 17:28:39 +05:30
ipv6 Merge android-4.4.153 (5e24b4e) into msm-4.4 2018-08-28 17:28:39 +05:30
ipx
irda irda: do not leak initialized list.dev to userspace 2017-08-30 10:19:21 +02:00
iucv net/iucv: Free memory obtained by kzalloc 2018-03-31 18:12:33 +02:00
key af_key: unconditionally clone on broadcast 2018-11-25 22:58:27 -08:00
l2tp This is the 4.4.151 stable release 2018-08-22 08:08:40 +02:00
l3mdev
lapb
llc llc: use refcount_inc_not_zero() for llc_sap_find() 2018-08-22 07:48:35 +02:00
mac80211 Merge android-4.4.132 (46155cc) into msm-4.4 2018-05-22 15:23:13 +05:30
mac802154
mpls mpls, nospec: Sanitize array index in mpls_label_ok() 2018-03-11 16:19:47 +01:00
netfilter Merge android-4.4.153 (5e24b4e) into msm-4.4 2018-08-28 17:28:39 +05:30
netlabel netlabel: If PF_INET6, check sk_buff ip header version 2018-05-30 07:49:17 +02:00
netlink Merge android-4.4.148 (f057ff9) into msm-4.4 2018-08-24 00:07:01 +05:30
netrom
nfc This is the 4.4.143 stable release 2018-07-31 20:11:21 +02:00
openvswitch openvswitch: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found 2018-05-26 08:48:47 +02:00
packet packet: refine ring v3 block size test to hold one frame 2018-08-24 13:27:01 +02:00
phonet
rds rds: avoid unenecessary cong_update in loop transport 2018-07-22 14:25:54 +02:00
rfkill This is the 4.4.132 stable release 2018-05-16 11:32:47 +02:00
rmnet_data net: rmnet_data: Support recycling frames to real device 2017-10-31 10:59:13 -06:00
rose
rxrpc rxrpc: check return value of skb_to_sgvec always 2018-04-13 19:50:23 +02:00
sched Merge android-4.4.153 (5e24b4e) into msm-4.4 2018-08-28 17:28:39 +05:30
sctp sctp: delay the authentication for the duplicated cookie-echo chunk 2018-05-26 08:48:49 +02:00
sunrpc rpc_pipefs: fix double-dput() 2018-04-24 09:32:11 +02:00
switchdev
tipc tipc: add policy for TIPC_NLA_NET_ADDR 2018-04-29 07:50:06 +02:00
unix Merge android-4.4.99 (7eab308) into msm-4.4 2017-12-26 17:37:19 +05:30
vmw_vsock vsock: split dwork to avoid reinitializations 2018-08-22 07:48:35 +02:00
wimax
wireless Merge "msm: wlan: Update regulatory database" 2019-04-29 23:25:24 -07:00
x25 net: x25: fix one potential use-after-free issue 2018-04-13 19:50:07 +02:00
xfrm xfrm: validate template mode 2018-10-29 09:15:20 -07:00
compat.c net: support compat 64-bit time in {s,g}etsockopt 2018-05-26 08:48:47 +02:00
Kconfig Merge android-4.4.118 (5f7f76a) into msm-4.4 2018-03-01 17:20:34 +05:30
Makefile
socket.c Merge android-4.4.153 (5e24b4e) into msm-4.4 2018-08-28 17:28:39 +05:30
sysctl_net.c