evie/android_kernel_oneplus_msm8998
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_oneplus_msm8998/net/packet
History
Willem de Bruijn 63364a508d packet: fix tp_reserve race in packet_set_ring 
[ Upstream commit c27927e372f0785f3303e8fad94b85945e2c97b7 ]

Updates to tp_reserve can race with reads of the field in
packet_set_ring. Avoid this by holding the socket lock during
updates in setsockopt PACKET_RESERVE.

This bug was discovered by syzkaller.

Fixes: 8913336a7e ("packet: add PACKET_RESERVE sockopt")
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-08-12 19:29:08 -07:00
..
af_packet.c packet: fix tp_reserve race in packet_set_ring 2017-08-12 19:29:08 -07:00
diag.c netlink: make nlmsg_end() and genlmsg_end() void 2015-01-18 01:03:45 -05:00
internal.h packet: add classic BPF fanout mode 2015-08-17 14:22:47 -07:00
Kconfig packet: Diag core and basic socket info dumping 2012-08-14 16:56:33 -07:00
Makefile packet: Diag core and basic socket info dumping 2012-08-14 16:56:33 -07:00