android/android_kernel_asus_sm8350
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
51dde4ae5a
android_kernel_asus_sm8350/net
History
Eric Dumazet 51dde4ae5a ipv4: raw: lock the socket in raw_bind() 
[ Upstream commit 153a0d187e767c68733b8e9f46218eb1f41ab902 ]

For some reason, raw_bind() forgot to lock the socket.

BUG: KCSAN: data-race in __ip4_datagram_connect / raw_bind

write to 0xffff8881170d4308 of 4 bytes by task 5466 on cpu 0:
 raw_bind+0x1b0/0x250 net/ipv4/raw.c:739
 inet_bind+0x56/0xa0 net/ipv4/af_inet.c:443
 __sys_bind+0x14b/0x1b0 net/socket.c:1697
 __do_sys_bind net/socket.c:1708 [inline]
 __se_sys_bind net/socket.c:1706 [inline]
 __x64_sys_bind+0x3d/0x50 net/socket.c:1706
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

read to 0xffff8881170d4308 of 4 bytes by task 5468 on cpu 1:
 __ip4_datagram_connect+0xb7/0x7b0 net/ipv4/datagram.c:39
 ip4_datagram_connect+0x2a/0x40 net/ipv4/datagram.c:89
 inet_dgram_connect+0x107/0x190 net/ipv4/af_inet.c:576
 __sys_connect_file net/socket.c:1900 [inline]
 __sys_connect+0x197/0x1b0 net/socket.c:1917
 __do_sys_connect net/socket.c:1927 [inline]
 __se_sys_connect net/socket.c:1924 [inline]
 __x64_sys_connect+0x3d/0x50 net/socket.c:1924
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x44/0xd0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x44/0xae

value changed: 0x00000000 -> 0x0003007f

Reported by Kernel Concurrency Sanitizer on:
CPU: 1 PID: 5468 Comm: syz-executor.5 Not tainted 5.17.0-rc1-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011

Fixes: 1da177e4c3 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-02-01 17:24:39 +01:00
..
6lowpan 6lowpan: iphc: Fix an off-by-one check of array index 2021-09-15 09:47:31 +02:00
9p 9p/net: fix missing error check in p9_check_errors 2021-11-17 09:48:49 +01:00
802 net/802/garp: fix memleak in garp_request_join() 2021-07-31 08:19:38 +02:00
8021q net: vlan: fix underflow for the real_dev refcnt 2021-12-01 09:23:34 +01:00
appletalk appletalk: Fix skb allocation size in loopback case 2021-04-07 14:47:41 +02:00
atm atm: fix a memory leak of vcc->user_back 2020-10-01 13:17:58 +02:00
ax25 ax25: NPD bug when detaching AX25 device 2021-12-29 12:23:38 +01:00
batman-adv batman-adv: allow netlink usage in unprivileged containers 2022-01-27 09:19:41 +01:00
bluetooth Bluetooth: refactor malicious adv data check 2022-02-01 17:24:33 +01:00
bpf bpf/flow_dissector: support flags in BPF_PROG_TEST_RUN 2019-07-25 18:00:41 -07:00
bpfilter bpfilter: Specify the log level for the kmsg message 2021-07-14 16:53:33 +02:00
bridge netfilter: bridge: add support for pppoe filtering 2022-01-27 09:19:31 +01:00
caif net-caif: avoid user-triggerable WARN_ON(1) 2021-09-22 12:26:40 +02:00
can can: j1939: j1939_tp_cmd_recv(): check the dst address of TP.CM_BAM 2021-12-08 09:01:08 +01:00
ceph libceph: clear con->out_msg on Policy::stateful_server faults 2020-11-05 11:43:34 +01:00
core net-procfs: show net devices bound packet types 2022-02-01 17:24:37 +01:00
dcb net: dcb: Accept RTM_GETDCB messages carrying set-like DCB commands 2021-01-23 15:57:59 +01:00
dccp dccp: don't duplicate ccid when cloning dccp sock 2021-09-22 12:26:40 +02:00
decnet net: decnet: Fix sleeping inside in af_decnet 2021-07-28 13:30:56 +02:00
dns_resolver KEYS: Don't write out to userspace while holding key semaphore 2020-04-23 10:36:45 +02:00
dsa net: dsa: destroy the phylink instance on any error in dsa_slave_phy_setup 2021-09-22 12:26:42 +02:00
ethernet net: add annotations on hh->hh_len lockless accesses 2020-01-09 10:20:06 +01:00
hsr hsr: use netdev_err() instead of WARN_ONCE() 2021-05-14 09:44:10 +02:00
ieee802154 net: Fix memory leak in ieee802154_raw_deliver 2021-08-18 08:57:00 +02:00
ife net: Fix Kconfig indentation 2019-09-26 08:56:17 +02:00
ipv4 ipv4: raw: lock the socket in raw_bind() 2022-02-01 17:24:39 +01:00
ipv6 ipv6: annotate accesses to fn->fn_sernum 2022-02-01 17:24:38 +01:00
iucv net/af_iucv: remove WARN_ONCE on malformed RX packets 2021-03-07 12:20:42 +01:00
kcm kcm: disable preemption in kcm_parse_func_strparser() 2019-09-27 10:27:14 +02:00
key af_key: relax availability checks for skb size calculation 2021-02-13 13:52:54 +01:00
l2tp net/l2tp: Fix reference count leak in l2tp_udp_recv_core 2021-09-22 12:26:41 +02:00
l3mdev ipv6: convert major tx path to use RT6_LOOKUP_F_DST_NOREF 2019-06-23 13:24:17 -07:00
lapb net: lapb: Copy the skb before sending a packet 2021-02-10 09:25:28 +01:00
llc net: llc: fix skb_over_panic 2021-08-04 12:27:39 +02:00
mac80211 mac80211: allow non-standard VHT MCS-10/11 2022-01-27 09:19:46 +01:00
mac802154 net: mac802154: Fix general protection fault 2021-04-14 08:24:18 +02:00
mpls net: mpls: Fix notifications when deleting a device 2021-12-08 09:01:12 +01:00
ncsi net/ncsi: check for error return from call to nla_put_u32 2022-01-05 12:37:45 +01:00
netfilter netfilter: conntrack: don't increment invalid counter on NF_REPEAT 2022-02-01 17:24:38 +01:00
netlabel net: fix NULL pointer reference in cipso_v4_doi_free 2021-09-22 12:26:36 +02:00
netlink net: netlink: af_netlink: Prevent empty skb by adding a check on len. 2021-12-17 10:12:23 +01:00
netrom netrom: Decrease sock refcount when sock timers expire 2021-07-28 13:30:56 +02:00
nfc nfc: llcp: fix NULL error pointer dereference on sendmsg() after failed bind() 2022-01-27 09:19:26 +01:00
nsh treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 500 2019-06-19 17:09:55 +02:00
openvswitch ovs: clear skb->tstamp in forwarding path 2021-08-26 08:36:19 -04:00
packet net: fix information leakage in /proc/net/ptype 2022-02-01 17:24:37 +01:00
phonet phonet: refcount leak in pep_sock_accep 2022-01-11 15:23:33 +01:00
psample net: psample: fix skb_over_panic 2019-12-04 22:30:54 +01:00
qrtr net: qrtr: fix another OOB Read in qrtr_endpoint_post 2021-09-03 10:08:12 +02:00
rds rds: memory leak in __rds_conn_create() 2021-12-22 09:29:37 +01:00
rfkill rfkill: Fix use-after-free in rfkill_resume() 2020-11-24 13:29:05 +01:00
rose rose: Fix Null pointer dereference in rose_send_frame() 2020-12-08 10:40:23 +01:00
rxrpc rxrpc: Adjust retransmission backoff 2022-02-01 17:24:38 +01:00
sched net_sched: restore "mpu xxx" handling 2022-01-27 09:19:55 +01:00
sctp sctp: use call_rcu to free endpoint 2022-01-05 12:37:44 +01:00
smc net/smc: Prevent smc_release() from long blocking 2021-12-22 09:29:38 +01:00
strparser bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding 2021-11-17 09:48:48 +01:00
sunrpc fsnotify: fix fsnotify hooks in pseudo filesystems 2022-02-01 17:24:34 +01:00
switchdev net: switchdev: do not propagate bridge updates across bridges 2021-10-27 09:54:24 +02:00
tipc tipc: increase timeout in tipc_sk_enqueue() 2021-09-22 12:26:41 +02:00
tls net/tls: Fix authentication failure in CCM mode 2021-12-08 09:01:14 +01:00
unix af_unix: annote lockless accesses to unix_tot_inflight & gc_in_progress 2022-01-27 09:19:53 +01:00
vmw_vsock vsock: prevent unnecessary refcnt inc for nonblocking connect 2021-11-17 09:48:48 +01:00
wimax wimax: no need to check return value of debugfs_create functions 2019-08-10 15:25:47 -07:00
wireless cfg80211: call cfg80211_stop_ap when switch from P2P_GO type 2021-11-26 10:47:22 +01:00
x25 net/x25: Return the correct errno code 2021-06-18 09:59:00 +02:00
xdp Revert "xsk: Do not sleep in poll() when need_wakeup set" 2021-12-22 09:29:40 +01:00
xfrm xfrm: Don't accidentally set RTO_ONLINK in decode_session4() 2022-01-27 09:19:54 +01:00
compat.c net: Return the correct errno code 2021-06-18 09:59:00 +02:00
Kconfig net: Fix CONFIG_NET_CLS_ACT=n and CONFIG_NFT_FWD_NETDEV={y, m} build 2020-04-01 11:02:18 +02:00
Makefile
socket.c net: don't unconditionally copy_from_user a struct ifreq for socket ioctls 2021-09-03 10:08:16 +02:00
sysctl_net.c treewide: Add SPDX license identifier for missed files 2019-05-21 10:50:45 +02:00