superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/net
History
Jakub Kicinski b8d7519352 net: shaper: rework the VALID marking (again) 
Recent commit changed the semantics from NOT_VALID to VALID.
I didn't realize that the flags are not stored atomically
with the entry in XArray. There's still a race of reader
observing a VALID mark for a slot, getting interrupted,
writer replacing the entry with a different one, reader
continuing, fetching the entry which is now a different
pointer than the pointer for which VALID was meant.

The biggest consequence of this is that we may see a UAF
since net_shaper_rollback() assumed that entries without
VALID can be freed without observing RCU.

Looks like the XArray marks are buying us nothing at this
point. Let's convert the code to an explicit valid field.
The smp_load_acquire() / smp_store_release() barriers are
marginally cleaner.

Reported-by: Sashiko <sashiko-bot@kernel.org>
Fixes: 93954b40f6 ("net-shapers: implement NL set and delete operations")
Reviewed-by: Simon Horman <horms@kernel.org>
Link: https://patch.msgid.link/20260515221325.1685455-3-kuba@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2026-05-20 16:34:20 -07:00
..
6lowpan
9p 9p/trans_xen: replace simple_strto* with kstrtouint 2026-04-16 02:57:01 +00:00
802
8021q 8021q: delete cleared egress QoS mappings 2026-04-23 12:13:57 +02:00
appletalk net: appletalk: fix NULL pointer dereference in aarp_send_ddp() 2026-05-18 16:33:34 -07:00
atm net: atm: fix skb leak in sigd_send() default branch 2026-05-12 18:07:02 -07:00
batman-adv batman-adv: tp_meter: directly shut down timer on cleanup 2026-05-15 10:41:55 +02:00
bluetooth Bluetooth: L2CAP: ecred_reconfigure: send packed pdu, not stack pointer 2026-05-14 09:57:45 -04:00
bpf bpf: reject short IPv4/IPv6 inputs in bpf_prog_test_run_skb 2026-04-12 15:42:57 -07:00
bridge bridge: mcast: Fix a possible use-after-free when removing a bridge port 2026-05-19 18:15:22 -07:00
can Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
ceph libceph: Fix slab-out-of-bounds access in auth message processing 2026-04-22 01:40:23 +02:00
core net: skbuff: preserve shared-frag marker during coalescing 2026-05-14 17:22:00 -07:00
dcb
devlink Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-09 13:20:59 -07:00
dns_resolver
dsa net: dsa: remove redundant netdev_lock_ops() from conduit ethtool ops 2026-04-16 19:10:48 -07:00
ethernet
ethtool ethtool: fix ethnl_bitmap32_not_zero() bit interval semantics 2026-05-12 18:45:13 -07:00
handshake
hsr net: hsr: defer node table free until after RCU readers 2026-05-15 18:25:26 -07:00
ieee802154
ife
ipv4 udp: Fix UDP length on last GSO_PARTIAL segment 2026-05-20 15:03:47 -07:00
ipv6 ipv6: ioam: add NULL check for idev in ipv6_hop_ioam() 2026-05-19 18:46:44 -07:00
iucv net/iucv: Add missing kernel-doc return value descriptions 2026-03-31 20:14:56 -07:00
kcm
key vfs-7.1-rc1.kino 2026-04-13 12:19:01 -07:00
l2tp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-09 13:20:59 -07:00
l3mdev
lapb
llc llc: Return -EINPROGRESS from llc_ui_connect() 2026-04-23 11:40:39 -07:00
mac80211 wifi: mac80211: remove station if connection prep fails 2026-05-06 11:02:57 +02:00
mac802154
mctp net: mctp: test: Use dev_direct_xmit for TX to our test device 2026-04-30 13:36:47 -07:00
mpls Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-02 11:03:13 -07:00
mptcp mptcp: update window_clamp on subflows when SO_RCVBUF is set 2026-05-19 15:36:35 +02:00
ncsi
netfilter netfilter: nf_queue: hold bridge skb->dev while queued 2026-05-16 13:23:01 +02:00
netlabel
netlink genetlink: free the skb on 'group >= family->n_mcgrps' 2026-05-08 15:43:29 -07:00
nfc NFC: digital: Bounds check NFC-A cascade depth in SDD response handler 2026-04-12 11:40:45 -07:00
nsh
openvswitch openvswitch: vport: fix race between linking and the device notifier 2026-05-18 16:38:45 -07:00
packet net/packet: fix TOCTOU race on mmap'd vnet_hdr in tpacket_snd() 2026-04-22 20:16:34 -07:00
phonet net: phonet: do not BUG_ON() in pn_socket_autobind() on failed bind 2026-04-27 18:45:17 -07:00
psample
psp psp: strip variable-length PSP header in psp_dev_rcv() 2026-05-04 19:25:14 -07:00
qrtr Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2026-04-14 12:04:00 -07:00
rds rds_tcp: close NULL deref window in rds_tcp_set_callbacks 2026-05-14 17:06:59 -07:00
rfkill net: rfkill: prevent unlimited numbers of rfkill events from being created 2026-04-07 12:35:04 +02:00
rxrpc rxrpc: Also unshare DATA/RESPONSE packets when paged frags are present 2026-05-10 08:15:57 -07:00
sched net/sched: sch_cbs: Call qdisc_reset for child qdisc 2026-05-13 17:53:39 -07:00
sctp sctp: revalidate list cursor after sctp_sendmsg_to_asoc() in SCTP_SENDALL 2026-05-08 18:21:09 -07:00
shaper net: shaper: rework the VALID marking (again) 2026-05-20 16:34:20 -07:00
smc net/smc: reject CHID-0 ACCEPT that matches an empty ism_dev slot 2026-05-14 12:20:06 +02:00
strparser net: strparser: fix skb_head leak in strp_abort_strp() 2026-04-14 12:37:00 +02:00
sunrpc NFS client updates for Linux 7.1 2026-04-24 14:20:03 -07:00
switchdev
tipc Including fixes from Netfilter. 2026-04-23 16:50:42 -07:00
tls tls: Preserve sk_err across recvmsg() when data has been copied 2026-05-14 18:19:44 -07:00
unix af_unix: Fix UAF read of tail->len in unix_stream_data_wait() 2026-05-19 18:53:56 -07:00
vmw_vsock vsock/virtio: fix zerocopy completion for multi-skb sends 2026-05-15 17:38:15 -07:00
wireless wifi: nl80211: re-check wiphy netns in nl80211_prepare_wdev_dump() continuation 2026-05-06 11:08:41 +02:00
x25 vfs-7.1-rc1.kino 2026-04-13 12:19:01 -07:00
xdp bpf-fixes 2026-05-09 18:42:54 -07:00
xfrm xfrm: defensively unhash xfrm_state lists in __xfrm_state_delete 2026-04-29 11:27:34 +02:00
Kconfig net: remove ax25 and amateur radio (hamradio) subsystem 2026-04-23 10:24:02 -07:00
Kconfig.debug
Makefile net: remove ax25 and amateur radio (hamradio) subsystem 2026-04-23 10:24:02 -07:00
compat.c
devres.c
socket.c Networking changes for 7.1. 2026-04-14 18:36:10 -07:00
sysctl_net.c