]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/commitdiff
projects / thirdparty / kernel / stable-queue.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c864d42)
5.4-stable patches
authorGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 23 Aug 2022 07:11:49 +0000 (09:11 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Tue, 23 Aug 2022 07:11:49 +0000 (09:11 +0200)
added patches:
can-j1939-j1939_session_destroy-fix-memory-leak-of-skbs.patch
can-j1939-j1939_sk_queue_activate_next_locked-replace-warn_on_once-with-netdev_warn_once.patch

queue-5.4/can-j1939-j1939_session_destroy-fix-memory-leak-of-skbs.patch [new file with mode: 0644] patch | blob
queue-5.4/can-j1939-j1939_sk_queue_activate_next_locked-replace-warn_on_once-with-netdev_warn_once.patch [new file with mode: 0644] patch | blob
queue-5.4/series patch | blob | blame | history

diff --git a/queue-5.4/can-j1939-j1939_session_destroy-fix-memory-leak-of-skbs.patch b/queue-5.4/can-j1939-j1939_session_destroy-fix-memory-leak-of-skbs.patch
new file mode 100644 (file)
index 0000000..2d98a26
--- /dev/null
+++ b/queue-5.4/can-j1939-j1939_session_destroy-fix-memory-leak-of-skbs.patch
@@ -0,0 +1,55 @@
+From 8c21c54a53ab21842f5050fa090f26b03c0313d6 Mon Sep 17 00:00:00 2001
+From: Fedor Pchelkin <pchelkin@ispras.ru>
+Date: Fri, 5 Aug 2022 18:02:16 +0300
+Subject: can: j1939: j1939_session_destroy(): fix memory leak of skbs
+
+From: Fedor Pchelkin <pchelkin@ispras.ru>
+
+commit 8c21c54a53ab21842f5050fa090f26b03c0313d6 upstream.
+
+We need to drop skb references taken in j1939_session_skb_queue() when
+destroying a session in j1939_session_destroy(). Otherwise those skbs
+would be lost.
+
+Link to Syzkaller info and repro: https://forge.ispras.ru/issues/11743.
+
+Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
+
+V1: https://lore.kernel.org/all/20220708175949.539064-1-pchelkin@ispras.ru
+
+Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
+Suggested-by: Oleksij Rempel <o.rempel@pengutronix.de>
+Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
+Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
+Acked-by: Oleksij Rempel <o.rempel@pengutronix.de>
+Link: https://lore.kernel.org/all/20220805150216.66313-1-pchelkin@ispras.ru
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/can/j1939/transport.c |    8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+--- a/net/can/j1939/transport.c
++++ b/net/can/j1939/transport.c
+@@ -260,6 +260,8 @@ static void __j1939_session_drop(struct
+ static void j1939_session_destroy(struct j1939_session *session)
+ {
++      struct sk_buff *skb;
++
+       if (session->err)
+               j1939_sk_errqueue(session, J1939_ERRQUEUE_ABORT);
+       else
+@@ -270,7 +272,11 @@ static void j1939_session_destroy(struct
+       WARN_ON_ONCE(!list_empty(&session->sk_session_queue_entry));
+       WARN_ON_ONCE(!list_empty(&session->active_session_list_entry));
+-      skb_queue_purge(&session->skb_queue);
++      while ((skb = skb_dequeue(&session->skb_queue)) != NULL) {
++              /* drop ref taken in j1939_session_skb_queue() */
++              skb_unref(skb);
++              kfree_skb(skb);
++      }
+       __j1939_session_drop(session);
+       j1939_priv_put(session->priv);
+       kfree(session);
diff --git a/queue-5.4/can-j1939-j1939_sk_queue_activate_next_locked-replace-warn_on_once-with-netdev_warn_once.patch b/queue-5.4/can-j1939-j1939_sk_queue_activate_next_locked-replace-warn_on_once-with-netdev_warn_once.patch
new file mode 100644 (file)
index 0000000..9930643
--- /dev/null
+++ b/queue-5.4/can-j1939-j1939_sk_queue_activate_next_locked-replace-warn_on_once-with-netdev_warn_once.patch
@@ -0,0 +1,43 @@
+From 8ef49f7f8244424adcf4a546dba4cbbeb0b09c09 Mon Sep 17 00:00:00 2001
+From: Fedor Pchelkin <pchelkin@ispras.ru>
+Date: Fri, 29 Jul 2022 17:36:55 +0300
+Subject: can: j1939: j1939_sk_queue_activate_next_locked(): replace WARN_ON_ONCE with netdev_warn_once()
+
+From: Fedor Pchelkin <pchelkin@ispras.ru>
+
+commit 8ef49f7f8244424adcf4a546dba4cbbeb0b09c09 upstream.
+
+We should warn user-space that it is doing something wrong when trying
+to activate sessions with identical parameters but WARN_ON_ONCE macro
+can not be used here as it serves a different purpose.
+
+So it would be good to replace it with netdev_warn_once() message.
+
+Found by Linux Verification Center (linuxtesting.org) with Syzkaller.
+
+Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
+Signed-off-by: Fedor Pchelkin <pchelkin@ispras.ru>
+Signed-off-by: Alexey Khoroshilov <khoroshilov@ispras.ru>
+Acked-by: Oleksij Rempel <o.rempel@pengutronix.de>
+Link: https://lore.kernel.org/all/20220729143655.1108297-1-pchelkin@ispras.ru
+[mkl: fix indention]
+Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ net/can/j1939/socket.c |    5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+--- a/net/can/j1939/socket.c
++++ b/net/can/j1939/socket.c
+@@ -178,7 +178,10 @@ activate_next:
+       if (!first)
+               return;
+-      if (WARN_ON_ONCE(j1939_session_activate(first))) {
++      if (j1939_session_activate(first)) {
++              netdev_warn_once(first->priv->ndev,
++                               "%s: 0x%p: Identical session is already activated.\n",
++                               __func__, first);
+               first->err = -EBUSY;
+               goto activate_next;
+       } else {
diff --git a/queue-5.4/series b/queue-5.4/series
index cee218b04ad07cd1910c0845069cbe9b339a3aa4..dc5abb869b20f21429226507511e7b5fa2ffef48 100644 (file)
--- a/queue-5.4/series
+++ b/queue-5.4/series
@@ -385,3 +385,5 @@ powerpc-64-init-jump-labels-before-parse_early_param.patch
 video-fbdev-i740fb-check-the-argument-of-i740_calc_v.patch
 mips-tlbex-explicitly-compare-_page_no_exec-against-.patch
 tracing-probes-have-kprobes-and-uprobes-use-comm-too.patch
+can-j1939-j1939_sk_queue_activate_next_locked-replace-warn_on_once-with-netdev_warn_once.patch
+can-j1939-j1939_session_destroy-fix-memory-leak-of-skbs.patch
Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git