a7y18lte-ubports/android_kernel_samsung_a7y18lte
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e0dd03cdcc
android_kernel_samsung_a7y1.../net
History
Cong Wang e0dd03cdcc netrom: hold sock when setting skb->destructor 
[ Upstream commit 4638faac032756f7eab5524be7be56bee77e426b ]

sock_efree() releases the sock refcnt, if we don't hold this refcnt
when setting skb->destructor to it, the refcnt would not be balanced.
This leads to several bug reports from syzbot.

I have checked other users of sock_efree(), all of them hold the
sock refcnt.

Fixes: c8c8218ec5af ("netrom: fix a memory leak in nr_rx_frame()")
Reported-and-tested-by: <syzbot+622bdabb128acc33427d@syzkaller.appspotmail.com>
Reported-and-tested-by: <syzbot+6eaef7158b19e3fec3a0@syzkaller.appspotmail.com>
Reported-and-tested-by: <syzbot+9399c158fcc09b21d0d2@syzkaller.appspotmail.com>
Reported-and-tested-by: <syzbot+a34e5f3d0300163f0c87@syzkaller.appspotmail.com>
Cc: Ralf Baechle <ralf@linux-mips.org>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-04-06 20:05:22 +02:00
..
6lowpan
9p 9p/virtio: Add cleanup path in p9_virtio_init 2020-04-06 20:04:29 +02:00
802
8021q vlan: disable SIOCSHWTSTAMP in container 2020-04-06 17:01:37 +02:00
appletalk appletalk: Fix use-after-free in atalk_proc_exit 2020-04-06 15:20:39 +02:00
atm net: atm: Fix potential Spectre v1 vulnerabilities 2020-04-06 15:28:29 +02:00
ax25 ax25: fix inconsistent lock state in ax25_destroy_timer 2020-04-06 19:03:36 +02:00
batman-adv batman-adv: fix for leaked TVLV handler. 2020-04-06 19:54:11 +02:00
bluetooth Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug 2020-04-06 20:04:59 +02:00
bridge bridge: Fix error path for kobject_init_and_add() 2020-04-06 17:01:30 +02:00
caif
can can: purge socket error queue on sock destruct 2020-04-06 19:16:48 +02:00
ceph
core net: neigh: fix multiple neigh timer scheduling 2020-04-06 20:05:14 +02:00
dcb
dccp
decnet
dns_resolver
dsa
ethernet
hsr
ieee802154
ipv4 ipv4: don't set IPv6 only flags to IPv4 addresses 2020-04-06 20:05:10 +02:00
ipv6 ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero 2020-04-06 19:03:40 +02:00
ipx
irda
iucv
key af_key: fix leaks in key_pol_get_resp and dump_sp. 2020-04-06 19:54:25 +02:00
l2tp
l3mdev
lapb lapb: fixed leak of control-blocks. 2020-04-06 19:03:42 +02:00
llc llc: fix skb leak in llc_build_and_send_ui_pkt() 2020-04-06 18:20:39 +02:00
mac80211 mac80211: mesh: fix RCU warning 2020-04-06 19:26:05 +02:00
mac802154
mpls
mptcp
ncm
netfilter ipvs: do not schedule icmp errors from tunnels 2020-04-06 16:47:06 +02:00
netlabel
netlink
netrom netrom: hold sock when setting skb->destructor 2020-04-06 20:05:22 +02:00
nfc nfc: fix potential illegal memory access 2020-04-06 20:05:16 +02:00
openvswitch openvswitch: fix flow actions reallocation 2020-04-06 15:07:42 +02:00
packet packet: Fix error path in packet_init 2020-04-06 17:01:35 +02:00
phonet
rds net: rds: fix memory leak in rds_ib_flush_mr_pool 2020-04-06 18:45:06 +02:00
rfkill
rose net: rose: fix a possible stack overflow 2020-04-06 12:57:06 +02:00
rxrpc
sched net: create skb_gso_validate_mac_len() 2020-04-06 18:44:21 +02:00
sctp sctp: change to hold sk after auth shkey is created successfully 2020-04-06 19:17:23 +02:00
sunrpc sunrpc: don't mark uninitialised items as VALID. 2020-04-06 16:38:50 +02:00
switchdev
tipc tipc: check msg->req data len in tipc_nl_compat_bearer_disable 2020-04-06 19:17:27 +02:00
unix
vmw_vsock
wimax
wireless cfg80211: fix memory leak of wiphy device name 2020-04-06 19:16:58 +02:00
x25
xfrm xfrm: fix sa selector validation 2020-04-06 19:54:59 +02:00
compat.c
Kconfig
Makefile
socket.c
sysctl_net.c