android/android_kernel_asus_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
2945f948aa
android_kernel_asus_sm8350/net
History
Pratyush Yadav c381527918 net_sched: prevent NULL dereference if default qdisc setup failed 
If qdisc_create_dflt() fails, it returns NULL. With CONFIG_NET_SCHED
enabled, the check qdisc != &noop_qdisc passes and qdisc will be passed
to qdisc_hash_add(), which dereferences it.

This assignment was present in the upstream commit 5891cd5ec46c2
("net_sched: add __rcu annotation to netdev->qdisc") but was missed in
the backport 22d95b5449 ("net_sched: add __rcu annotation to
netdev->qdisc"), perhaps due to merge conflicts.  dev->qdisc is
&noop_qdisc by default and if qdisc_create_dflt() fails, this assignment
will make sure qdisc == &noop_qdisc and no NULL dereference will take
place.

This bug was discovered and resolved using Coverity Static Analysis
Security Testing (SAST) by Synopsys, Inc.

Fixes: 22d95b5449 ("net_sched: add __rcu annotation to netdev->qdisc")
Signed-off-by: Pratyush Yadav <ptyadav@amazon.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-04-20 12:07:34 +02:00
..
6lowpan 6lowpan: iphc: Fix an off-by-one check of array index 2021-09-15 09:47:31 +02:00
9p 9p/rdma: unmap receive dma buffer in rdma_request()/post_recv() 2023-03-11 16:44:12 +01:00
802 mrp: introduce active flags to prevent UAF when applicant uninit 2023-01-18 11:41:37 +01:00
8021q net: vlan: fix underflow for the real_dev refcnt 2021-12-01 09:23:34 +01:00
appletalk appletalk: Fix skb allocation size in loopback case 2021-04-07 14:47:41 +02:00
atm treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD() 2023-04-20 12:07:32 +02:00
ax25 ax25: Fix UAF bugs in ax25 timers 2022-04-20 09:19:40 +02:00
batman-adv batman-adv: Don't skb_split skbuffs with frag_list 2022-05-18 09:47:24 +02:00
bluetooth Bluetooth: hci_sock: purge socket queues in the destruct() callback 2023-03-11 16:44:16 +01:00
bpf bpf: Move skb->len == 0 checks into __bpf_redirect 2023-01-18 11:41:04 +01:00
bpfilter bpfilter: Specify the log level for the kmsg message 2021-07-14 16:53:33 +02:00
bridge netfilter: br_netfilter: disable sabotage_in hook after first suppression 2023-02-22 12:50:24 +01:00
caif net: caif: Fix use-after-free in cfusbl_device_notify() 2023-03-17 08:32:51 +01:00
can can: j1939: j1939_tp_tx_dat_new(): fix out-of-bounds memory access 2023-04-20 12:07:34 +02:00
ceph libceph: clear con->out_msg on Policy::stateful_server faults 2020-11-05 11:43:34 +01:00
core net: don't let netpoll invoke NAPI if in xmit context 2023-04-20 12:07:33 +02:00
dcb net: dcb: disable softirqs in dcbnl_flush_dev() 2022-03-08 19:07:51 +01:00
dccp dccp/tcp: Avoid negative sk_forward_alloc by ipv6_pinfo.pktoptions. 2023-02-22 12:50:40 +01:00
decnet net: decnet: Fix sleeping inside in af_decnet 2021-07-28 13:30:56 +02:00
dns_resolver KEYS: Don't write out to userspace while holding key semaphore 2020-04-23 10:36:45 +02:00
dsa net: dsa: ksz: Check return value 2022-12-14 11:30:45 +01:00
ethernet net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:20:06 +01:00
hsr hsr: Avoid double remove of a node. 2023-01-18 11:41:09 +01:00
ieee802154 net: ieee802154: fix error return code in dgram_bind() 2022-11-03 23:56:54 +09:00
ife net: Fix Kconfig indentation 2019-09-26 08:56:17 +02:00
ipv4 icmp: guard against too small mtu 2023-04-20 12:07:33 +02:00
ipv6 ipv6: Fix an uninit variable access bug in __ip6_make_skb() 2023-04-20 12:07:33 +02:00
iucv treewide: Replace DECLARE_TASKLET() with DECLARE_TASKLET_OLD() 2023-04-20 12:07:32 +02:00
kcm kcm: close race conditions on sk_receive_queue 2022-11-25 17:42:21 +01:00
key af_key: Fix send_acquire race with pfkey_register 2022-12-08 11:22:57 +01:00
l2tp l2tp: Don't sleep and disable BH under writer-side sk_callback_lock 2023-02-06 07:52:38 +01:00
l3mdev l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu 2022-04-27 13:50:47 +02:00
lapb net: lapb: Copy the skb before sending a packet 2021-02-10 09:25:28 +01:00
llc llc: only change llc->dev when bind() succeeds 2022-03-28 08:46:48 +02:00
mac80211 wifi: mac80211: fix invalid drv_sta_pre_rcu_remove calls for non-uploaded sta 2023-04-20 12:07:33 +02:00
mac802154 mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() 2022-12-14 11:30:45 +01:00
mpls net: mpls: fix stale pointer if allocation fails during device rename 2023-02-22 12:50:41 +01:00
ncsi net/ncsi: check for error return from call to nla_put_u32 2022-01-05 12:37:45 +01:00
netfilter netfilter: nft_redir: correct value of inet type .maxattrs 2023-03-22 13:28:04 +01:00
netlabel netlabel: fix out-of-bounds memory accesses 2022-04-15 14:18:35 +02:00
netlink netlink: annotate data races around sk_state 2023-02-06 07:52:45 +01:00
netrom netrom: Fix use-after-free caused by accept on already connected socket 2023-02-22 12:50:24 +01:00
nfc nfc: change order inside nfc_se_io error path 2023-03-17 08:32:48 +01:00
nsh treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
openvswitch net: openvswitch: fix flow memory leak in ovs_flow_cmd_new 2023-02-22 12:50:25 +01:00
packet net/af_packet: make sure to pull mac header 2023-01-18 11:41:45 +01:00
phonet phonet: refcount leak in pep_sock_accep 2022-01-11 15:23:33 +01:00
psample net: psample: fix skb_over_panic 2019-12-04 22:30:54 +01:00
qrtr net: qrtr: fix another OOB Read in qrtr_endpoint_post 2021-09-03 10:08:12 +02:00
rds rds: rds_rm_zerocopy_callback() correct order for list_add_tail() 2023-03-11 16:43:41 +01:00
rfkill rfkill: Fix use-after-free in rfkill_resume() 2020-11-24 13:29:05 +01:00
rose net/rose: Fix to not accept on connected socket 2023-02-22 12:50:34 +01:00
rxrpc rxrpc: Fix missing unlock in rxrpc_do_sendmsg() 2023-01-18 11:41:33 +01:00
sched net_sched: prevent NULL dereference if default qdisc setup failed 2023-04-20 12:07:34 +02:00
sctp sctp: check send stream number after wait_for_sndbuf 2023-04-20 12:07:33 +02:00
smc net/smc: fix fallback failed while sendmsg with fastopen 2023-03-17 08:32:51 +01:00
strparser bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding 2021-11-17 09:48:48 +01:00
sunrpc sunrpc: only free unix grouplist after RCU settles 2023-04-20 12:07:33 +02:00
switchdev net: switchdev: do not propagate bridge updates across bridges 2021-10-27 09:54:24 +02:00
tipc tipc: call tipc_lxc_xmit without holding node_read_lock 2023-01-18 11:42:06 +01:00
tls net: tls: fix possible race condition between do_tls_getsockopt_conf() and do_tls_setsockopt_conf() 2023-04-05 11:16:36 +02:00
unix af_unix: Get user_ns from in_skb in unix_diag_get_exact(). 2022-12-14 11:30:44 +01:00
vmw_vsock net: vmw_vsock: vmci: Check memcpy_from_msg() 2023-01-18 11:41:13 +01:00
wimax wimax: no need to check return value of debugfs_create functions 2019-08-10 15:25:47 -07:00
wireless wifi: cfg80211: Partial revert "wifi: cfg80211: Fix use after free for wext" 2023-03-13 10:18:25 +01:00
x25 net/x25: Fix to not accept on connected socket 2023-02-22 12:50:26 +01:00
xdp Revert "xsk: Do not sleep in poll() when need_wakeup set" 2021-12-22 09:29:40 +01:00
xfrm xfrm: Allow transport-mode states with AF_UNSPEC selector 2023-03-22 13:28:03 +01:00
compat.c net: Return the correct errno code 2021-06-18 09:59:00 +02:00
Kconfig net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build 2020-04-01 11:02:18 +02:00
Makefile
socket.c net: Fix a data-race around sysctl_somaxconn. 2022-09-05 10:27:42 +02:00
sysctl_net.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00