evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net
History
Dmitry Ivanov 95415ac578 netlink: don't send NETLINK_URELEASE for unbound sockets 
commit e27260203912b40751fa353d009eaa5a642c739f upstream.

All existing users of NETLINK_URELEASE use it to clean up resources that
were previously allocated to a socket via some command. As a result, no
users require getting this notification for unbound sockets.

Sending it for unbound sockets, however, is a problem because any user
(including unprivileged users) can create a socket that uses the same ID
as an existing socket. Binding this new socket will fail, but if the
NETLINK_URELEASE notification is generated for such sockets, the users
thereof will be tricked into thinking the socket that they allocated the
resources for is closed.

In the nl80211 case, this will cause destruction of virtual interfaces
that still belong to an existing hostapd process; this is the case that
Dmitry noticed. In the NFC case, it will cause a poll abort. In the case
of netlink log/queue it will cause them to stop reporting events, as if
NFULNL_CFG_CMD_UNBIND/NFQNL_CFG_CMD_UNBIND had been called.

Fix this problem by checking that the socket is bound before generating
the NETLINK_URELEASE notification.

Signed-off-by: Dmitry Ivanov <dima@ubnt.com>
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2016-05-04 14:48:45 -07:00
..
6lowpan 6lowpan: put mcast compression in an own function 2015-10-21 00:49:25 +02:00
9p IB/cma: Add support for network namespaces 2015-10-28 12:32:48 -04:00
802
8021q vlan: Do not put vlan headers back on bridge and macvlan ports 2015-11-17 14:38:35 -05:00
appletalk
atm atm: deal with setting entry before mkip was called 2015-09-17 22:13:32 -07:00
ax25 ax25: add link layer header validation function 2016-04-20 15:42:00 +09:00
batman-adv batman-adv: Drop immediate orig_node free function 2016-01-31 11:29:02 -08:00
bluetooth Bluetooth: Fix potential buffer overflow with Add Advertising 2016-04-12 09:08:54 -07:00
bridge bridge: Allow set bridge ageing time when switchdev disabled 2016-04-20 15:42:05 +09:00
caif net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA 2015-12-01 15:45:05 -05:00
can can: avoid using timeval for uapi 2015-10-13 17:42:34 +02:00
ceph libceph: don't spam dmesg with stray reply warnings 2016-03-03 15:07:26 -08:00
core tun, bpf: fix suspicious RCU usage in tun_{attach, detach}_filter 2016-04-20 15:42:06 +09:00
dcb net/dcb: make dcbnl.c explicitly non-modular 2015-10-09 07:52:27 -07:00
dccp tcp/dccp: remove obsolete WARN_ON() in icmp handlers 2016-04-20 15:42:04 +09:00
decnet net: add validation for the socket syscall protocol argument 2015-12-14 16:09:30 -05:00
dns_resolver net: dns_resolver: convert time_t to time64_t 2015-11-18 16:27:46 -05:00
dsa net: dsa: use switchdev obj for VLAN add/del ops 2015-11-01 15:56:11 -05:00
ethernet net: help compiler generate better code in eth_get_headlen 2015-09-28 22:51:15 -07:00
hsr net/hsr: fix a warning message 2015-11-23 14:56:15 -05:00
ieee802154 net: fix percpu memory leaks 2015-11-02 22:47:14 -05:00
ipv4 ipv4: initialize flowi4_flags before calling fib_lookup() 2016-04-20 15:42:05 +09:00
ipv6 ipv6: Count in extension headers in skb->network_header 2016-04-20 15:42:07 +09:00
ipx
irda net: add validation for the socket syscall protocol argument 2015-12-14 16:09:30 -05:00
iucv af_iucv: Validate socket address length in iucv_sock_bind() 2016-03-03 15:07:03 -08:00
key af_key: fix two typos 2015-10-23 03:05:19 -07:00
l2tp ipv6: l2tp: fix a potential issue in l2tp_ip6_recv 2016-04-20 15:42:06 +09:00
l3mdev net: Add netif_is_l3_slave 2015-10-07 04:27:43 -07:00
lapb
llc
mac80211 mac80211: fix txq queue related crashes 2016-04-20 15:42:11 +09:00
mac802154 mac802154: llsec: use kzfree 2015-10-21 00:49:24 +02:00
mpls mpls: find_outdev: check for err ptr in addition to NULL check 2016-04-20 15:42:07 +09:00
netfilter netfilter: nft_ct: include direction when dumping NFT_CT_L3PROTOCOL key 2015-12-18 14:45:45 +01:00
netlabel
netlink netlink: don't send NETLINK_URELEASE for unbound sockets 2016-05-04 14:48:45 -07:00
netrom
nfc net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA 2015-12-01 15:45:05 -05:00
openvswitch lwt: fix rx checksum setting for lwt devices tunneling over ipv6 2016-03-03 15:07:04 -08:00
packet packet: validate variable length ll headers 2016-04-20 15:42:01 +09:00
phonet phonet: properly unshare skbs in phonet_rcv() 2016-01-31 11:29:00 -08:00
rds RDS: fix race condition when sending a message on unbound socket 2015-11-24 17:20:09 -05:00
rfkill rfkill: fix rfkill_fop_read wait_event usage 2016-03-03 15:07:26 -08:00
rose
rxrpc net: rename SOCK_ASYNC_NOSPACE and SOCK_ASYNC_WAITDATA 2015-12-01 15:45:05 -05:00
sched net_sched fix: reclassification needs to consider ether protocol changes 2016-03-03 15:07:07 -08:00
sctp sctp: lack the check for ports in sctp_v6_cmp_addr 2016-04-20 15:41:58 +09:00
sunrpc sunrpc/cache: fix off-by-one in qword_get() 2016-03-03 15:07:29 -08:00
switchdev switchdev: Require RTNL mutex to be held when sending FDB notifications 2016-03-03 15:07:04 -08:00
tipc tipc: Revert "tipc: use existing sk_write_queue for outgoing packet chain" 2016-04-20 15:41:58 +09:00
unix unix_diag: fix incorrect sign extension in unix_lookup_by_ino 2016-03-03 15:07:07 -08:00
vmw_vsock VSOCK: call sk->sk_data_ready() on accept() 2015-11-04 22:03:10 -05:00
wimax
wireless nl80211: check netlink protocol in socket release notification 2016-05-04 14:48:45 -07:00
x25
xfrm xfrm: Fix crash observed during device unregistration and decryption 2016-04-20 15:42:05 +09:00
compat.c
Kconfig net: Introduce L3 Master device abstraction 2015-09-29 20:40:32 -07:00
Makefile net: Introduce L3 Master device abstraction 2015-09-29 20:40:32 -07:00
socket.c net: Fix use after free in the recvmmsg exit path 2016-04-20 15:42:03 +09:00
sysctl_net.c net: sysctl: fix a kmemleak warning 2015-10-23 06:22:08 -07:00