leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
mainlining shenanigans
824,343 Commits 2 Branches 0 Tags 5.1 GiB
C 97.7%
Assembly 1.1%
Shell 0.4%
Makefile 0.3%
Python 0.2%
Other 0.1%
9926cb5f8b
Go to file
Xin Long 9926cb5f8b tipc: change to check tipc_own_id to return in tipc_net_stop 
When running a syz script, a panic occurred:

[  156.088228] BUG: KASAN: use-after-free in tipc_disc_timeout+0x9c9/0xb20 [tipc]
[  156.094315] Call Trace:
[  156.094844]  <IRQ>
[  156.095306]  dump_stack+0x7c/0xc0
[  156.097346]  print_address_description+0x65/0x22e
[  156.100445]  kasan_report.cold.3+0x37/0x7a
[  156.102402]  tipc_disc_timeout+0x9c9/0xb20 [tipc]
[  156.106517]  call_timer_fn+0x19a/0x610
[  156.112749]  run_timer_softirq+0xb51/0x1090

It was caused by the netns freed without deleting the discoverer timer,
while later on the netns would be accessed in the timer handler.

The timer should have been deleted by tipc_net_stop() when cleaning up a
netns. However, tipc has been able to enable a bearer and start d->timer
without the local node_addr set since Commit 52dfae5c85 ("tipc: obtain
node identity from interface by default"), which caused the timer not to
be deleted in tipc_net_stop() then.

So fix it in tipc_net_stop() by changing to check local node_id instead
of local node_addr, as Jon suggested.

While at it, remove the calling of tipc_nametbl_withdraw() there, since
tipc_nametbl_stop() will take of the nametbl's freeing after.

Fixes: 52dfae5c85 ("tipc: obtain node identity from interface by default")
Reported-by: syzbot+a25307ad099309f1c2b9@syzkaller.appspotmail.com
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Acked-by: Ying Xue <ying.xue@windriver.com>
Acked-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-03-26 11:21:20 -07:00
arch Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 2019-03-16 12:20:08 -07:00
block mm: refactor readahead defines in mm.h 2019-03-12 10:04:01 -07:00
certs
crypto lib/lzo: separate lzo-rle from lzo 2019-03-07 18:32:03 -08:00
Documentation dt-bindings: net: dsa: qca8k: support internal mdio-bus 2019-03-26 10:47:10 -07:00
drivers net: usb: aqc111: Extend HWID table by QNAP device 2019-03-26 11:19:42 -07:00
fs filesystem-dax for 5.1 2019-03-13 09:37:09 -07:00
include net/sched: let actions use RCU to access 'goto_chain' 2019-03-21 13:26:42 -07:00
init init/main: add checks for the return value of memblock_alloc*() 2019-03-12 10:04:02 -07:00
ipc Merge branch 'work.mount' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-03-12 14:08:19 -07:00
kernel bpf: verifier: propagate liveness on all frames 2019-03-21 19:57:02 -07:00
lib rhashtable: Still do rehash when we get EEXIST 2019-03-21 13:57:28 -07:00
LICENSES
mm filemap: pass vm_fault to the mmap ra helpers 2019-03-14 14:36:20 -07:00
net tipc: change to check tipc_own_id to return in tipc_net_stop 2019-03-26 11:21:20 -07:00
samples Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-03-11 08:54:01 -07:00
scripts Kconfig updates for v5.1 2019-03-13 10:06:28 -07:00
security selinux/stable-5.1 PR 20190312 2019-03-13 11:10:42 -07:00
sound Char/Misc driver patches for 5.1-rc1 2019-03-06 14:18:59 -08:00
tools Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf 2019-03-24 23:45:35 -04:00
usr
virt ACPI updates for 5.1-rc1 2019-03-06 13:33:11 -08:00
.clang-format Merge branch 'work.iov_iter' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-03-12 13:43:42 -07:00
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore
.mailmap
COPYING
CREDITS Char/Misc driver patches for 5.1-rc1 2019-03-06 14:18:59 -08:00
Kbuild Kbuild updates for v5.1 2019-03-10 17:48:21 -07:00
Kconfig
MAINTAINERS Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-03-14 09:28:12 -07:00
Makefile Kbuild updates for v5.1 2019-03-10 17:48:21 -07:00
README

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.