superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/net
History
Kuniyuki Iwashima e5b28ce127 kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). 
[ Upstream commit a22730b1b4 ]

syzkaller found a memory leak in kcm_sendmsg(), and commit c821a88bd7
("kcm: Fix memory leak in error path of kcm_sendmsg()") suppressed it by
updating kcm_tx_msg(head)->last_skb if partial data is copied so that the
following sendmsg() will resume from the skb.

However, we cannot know how many bytes were copied when we get the error.
Thus, we could mess up the MSG_MORE queue.

When kcm_sendmsg() fails for SOCK_DGRAM, we should purge the queue as we
do so for UDP by udp_flush_pending_frames().

Even without this change, when the error occurred, the following sendmsg()
resumed from a wrong skb and the queue was messed up.  However, we have
yet to get such a report, and only syzkaller stumbled on it.  So, this
can be changed safely.

Note this does not change SOCK_SEQPACKET behaviour.

Fixes: c821a88bd7 ("kcm: Fix memory leak in error path of kcm_sendmsg()")
Fixes: ab7ac4eb98 ("kcm: Kernel Connection Multiplexor module")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.com>
Link: https://lore.kernel.org/r/20230912022753.33327-1-kuniyu@amazon.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2023-09-19 12:28:10 +02:00
..
6lowpan
9p 9p: virtio: make sure 'offs' is initialized in zc_request 2023-09-13 09:42:21 +02:00
802
8021q vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit() 2023-05-24 17:32:47 +01:00
appletalk
atm atm: hide unused procfs functions 2023-06-09 10:34:16 +02:00
ax25
batman-adv batman-adv: Hold rtnl lock during MTU update via netlink 2023-08-30 16:11:08 +02:00
bluetooth net: annotate data-races around sk->sk_lingertime 2023-09-13 09:42:33 +02:00
bpf Revert "bpf, test_run: fix &xdp_frame misplacement for LIVE_FRAMES" 2023-03-17 08:50:32 +01:00
bpfilter
bridge Revert "bridge: Add extack warning when enabling STP in netns." 2023-09-13 09:42:20 +02:00
caif net: caif: Fix use-after-free in cfusbl_device_notify() 2023-03-17 08:50:24 +01:00
can can: raw: add missing refcount for memory leak fix 2023-08-30 16:11:11 +02:00
ceph libceph: fix potential hang in ceph_osdc_notify() 2023-08-11 12:08:19 +02:00
core af_unix: Fix data race around sk->sk_err. 2023-09-19 12:28:02 +02:00
dcb net: dcb: choose correct policy to parse DCB_ATTR_BCN 2023-08-11 12:08:17 +02:00
dccp dccp: Fix out of bounds access in DCCP error handler 2023-09-13 09:43:02 +02:00
devlink devlink: add missing unregister linecard notification 2023-08-30 16:11:00 +02:00
dns_resolver
dsa net: dsa: sja1105: always enable the send_meta options 2023-07-19 16:22:06 +02:00
ethernet
ethtool ipv6: Remove in6addr_any alternatives. 2023-09-19 12:28:10 +02:00
hsr hsr: Fix uninit-value access in fill_frame_info() 2023-09-19 12:28:08 +02:00
ieee802154
ife
ipv4 tcp: Fix bind() regression for v4-mapped-v6 non-wildcard address. 2023-09-19 12:28:10 +02:00
ipv6 net: ipv6/addrconf: avoid integer underflow in ipv6_create_tempaddr 2023-09-19 12:28:02 +02:00
iucv net/iucv: Fix size of interrupt data 2023-03-22 13:33:50 +01:00
kcm kcm: Fix error handling for SOCK_DGRAM in kcm_sendmsg(). 2023-09-19 12:28:10 +02:00
key net: af_key: fix sadb_x_filter validation 2023-08-23 17:52:32 +02:00
l2tp net: annotate data-races around sk->sk_mark 2023-08-11 12:08:14 +02:00
l3mdev
lapb
llc llc: Don't drop packet from non-root netns. 2023-07-27 08:50:45 +02:00
mac80211 wifi: mac80211: Use active_links instead of valid_links in Tx 2023-09-13 09:42:24 +02:00
mac802154
mctp net: mctp: purge receive queues on sk destruction 2023-02-06 08:06:34 +01:00
mpls net: mpls: fix stale pointer if allocation fails during device rename 2023-02-22 12:59:53 +01:00
mptcp mptcp: annotate data-races around msk->rmem_fwd_alloc 2023-09-19 12:28:01 +02:00
ncsi net/ncsi: change from ndo_set_mac_address to dev_set_mac_address 2023-07-23 13:49:51 +02:00
netfilter netfilter: nfnetlink_osf: avoid OOB read 2023-09-19 12:28:03 +02:00
netlabel netlabel: fix shift wrapping bug in netlbl_catmap_setlong() 2023-09-13 09:42:24 +02:00
netlink netlink: Add __sock_i_ino() for __netlink_diag_dump(). 2023-07-19 16:21:13 +02:00
netrom netrom: Deny concurrent connect(). 2023-09-13 09:42:35 +02:00
nfc net: nfc: Fix use-after-free caused by nfc_llcp_find_local 2023-07-19 16:21:13 +02:00
nsh net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() 2023-05-24 17:32:45 +01:00
openvswitch net: openvswitch: reject negative ifindex 2023-08-23 17:52:35 +02:00
packet net/packet: annotate data-races around tp->status 2023-08-16 18:27:26 +02:00
phonet
psample
qrtr net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() 2023-04-20 12:35:09 +02:00
rds rds: rds_rm_zerocopy_callback() correct order for list_add_tail() 2023-03-10 09:33:02 +01:00
rfkill
rose net/rose: Fix to not accept on connected socket 2023-02-22 12:59:42 +01:00
rxrpc rxrpc: Fix hard call timeout units 2023-05-17 11:53:35 +02:00
sched net: sched: sch_qfq: Fix UAF in qfq_dequeue() 2023-09-19 12:28:02 +02:00
sctp sctp: annotate data-races around sk->sk_wmem_queued 2023-09-19 12:28:00 +02:00
smc net/smc: use smc_lgr_list.lock to protect smc_lgr_list.list iterate in smcr_port_add 2023-09-19 12:28:08 +02:00
strparser
sunrpc xprtrdma: Remap Receive buffers after a reconnect 2023-08-30 16:10:57 +02:00
switchdev
tipc tipc: stop tipc crypto on failure in tipc_node_create 2023-08-03 10:24:02 +02:00
tls net/tls: do not free tls_rec on async operation in bpf_exec_tx_verdict() 2023-09-19 12:28:09 +02:00
unix af_unix: Fix data-race around unix_tot_inflight. 2023-09-19 12:28:02 +02:00
vmw_vsock vsock: avoid to close connected socket after the timeout 2023-05-24 17:32:44 +01:00
wireless wifi: nl80211/cfg80211: add forgotten nla_policy for BSS color attribute 2023-09-13 09:42:34 +02:00
x25 net/x25: Fix to not accept on connected socket 2023-02-09 11:28:13 +01:00
xdp xsk: Fix xsk_diag use-after-free error during socket cleanup 2023-09-19 12:28:01 +02:00
xfrm xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH 2023-08-23 17:52:32 +02:00
Kconfig
Kconfig.debug
Makefile devlink: move code to a dedicated directory 2023-08-30 16:11:00 +02:00
compat.c use less confusing names for iov_iter direction initializers 2023-02-09 11:28:04 +01:00
devres.c
socket.c net: Avoid address overwrite in kernel_connect 2023-09-13 09:42:26 +02:00
sysctl_net.c