linux/net/smc
Wen Gu 0558226ceb net/smc: Fix slab-out-of-bounds issue in fallback
syzbot reported a slab-out-of-bounds/use-after-free issue,
which was caused by accessing an already freed smc sock in
fallback-specific callback functions of clcsock.

This patch fixes the issue by restoring fallback-specific
callback functions to original ones and resetting clcsock
sk_user_data to NULL before freeing smc sock.

Meanwhile, this patch introduces sk_callback_lock to make
the access and assignment to sk_user_data mutually exclusive.

Reported-by: syzbot+b425899ed22c6943e00b@syzkaller.appspotmail.com
Fixes: 341adeec9a ("net/smc: Forward wakeup to smc socket waitqueue after fallback")
Link: https://lore.kernel.org/r/00000000000013ca8105d7ae3ada@google.com/
Signed-off-by: Wen Gu <guwen@linux.alibaba.com>
Acked-by: Karsten Graul <kgraul@linux.ibm.com>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-04-25 11:03:48 -07:00
..
af_smc.c net/smc: Fix slab-out-of-bounds issue in fallback 2022-04-25 11:03:48 -07:00
Kconfig treewide: replace '---help---' in Kconfig files with 'help' 2020-06-14 01:57:21 +09:00
Makefile net/smc: fix compile warning for smc_sysctl 2022-03-07 11:59:17 +00:00
smc_cdc.c net/smc: don't send in the BH context if sock_owned_by_user 2022-03-01 14:25:12 +00:00
smc_cdc.h net/smc: fix kernel panic caused by race of smc_sock 2021-12-28 12:42:45 +00:00
smc_clc.c net/smc: use memcpy instead of snprintf to avoid out of bounds read 2022-04-11 18:28:02 -07:00
smc_clc.h net/smc: add v2 format of CLC decline message 2021-10-16 14:58:13 +01:00
smc_close.c net/smc: Fix slab-out-of-bounds issue in fallback 2022-04-25 11:03:48 -07:00
smc_close.h net/smc: remove close abort worker 2019-10-22 11:23:44 -07:00
smc_core.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-03-03 11:55:12 -08:00
smc_core.h net/smc: Resolve the race between SMC-R link access and clear 2022-01-13 13:14:53 +00:00
smc_diag.c Partially revert "net/smc: Add netlink net namespace support" 2022-02-02 07:42:41 -08:00
smc_ib.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next 2021-12-31 14:35:40 +00:00
smc_ib.h net/smc: Introduce net namespace support for linkgroup 2022-01-02 12:07:39 +00:00
smc_ism.c net: Don't include filter.h from net/sock.h 2021-12-29 08:48:14 -08:00
smc_ism.h net/smc: keep static copy of system EID 2021-09-14 12:49:10 +01:00
smc_llc.c net/smc: Print net namespace in log 2022-01-02 12:07:39 +00:00
smc_llc.h net/smc: extend LLC layer for SMC-Rv2 2021-10-16 14:58:13 +01:00
smc_netlink.c net/smc: Add global configure for handshake limitation by netlink 2022-02-11 11:14:58 +00:00
smc_netlink.h net/smc: add support for user defined EIDs 2021-09-14 12:49:10 +01:00
smc_netns.h net/smc: introduce list of pnetids for Ethernet devices 2020-09-28 15:19:03 -07:00
smc_pnet.c net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() 2022-04-11 18:28:03 -07:00
smc_pnet.h net/smc: Use a mutex for locking "struct smc_pnettable" 2022-02-24 09:09:33 -08:00
smc_rx.c net/smc: Introduce tracepoints for tx and rx msg 2021-11-01 13:39:14 +00:00
smc_rx.h smc: add support for splice() 2018-05-04 11:45:06 -04:00
smc_stats.c net/smc: Fix ENODATA tests in smc_nl_get_fback_stats() 2021-06-21 12:16:58 -07:00
smc_stats.h net/smc: Make SMC statistics network namespace aware 2021-06-16 12:54:02 -07:00
smc_sysctl.c net/smc: fix a memory leak in smc_sysctl_net_exit() 2022-03-26 14:17:01 -07:00
smc_sysctl.h net/smc: fix -Wmissing-prototypes warning when CONFIG_SYSCTL not set 2022-03-09 20:02:35 -08:00
smc_tracepoint.c net/smc: Introduce tracepoint for smcr link down 2021-11-01 13:39:14 +00:00
smc_tracepoint.h net/smc: Add net namespace for tracepoints 2022-01-02 12:07:39 +00:00
smc_tx.c net: smc: fix different types in min() 2022-03-01 16:43:27 -08:00
smc_tx.h net/smc: Cork when sendpage with MSG_SENDPAGE_NOTLAST flag 2022-01-31 15:08:20 +00:00
smc_wr.c Revert "net/smc: don't req_notify until all CQEs drained" 2022-03-06 10:57:12 +00:00
smc_wr.h net/smc: Remove unused function declaration 2022-01-15 22:57:21 +00:00
smc.h net/smc: Only save the original clcsock callback functions 2022-04-25 11:03:48 -07:00