4.19-stable patches

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Mon, 14 Oct 2024 12:08:05 +0000 (14:08 +0200)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Mon, 14 Oct 2024 12:08:05 +0000 (14:08 +0200)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 14 Oct 2024 12:08:05 +0000 (14:08 +0200)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 14 Oct 2024 12:08:05 +0000 (14:08 +0200)
diff --git a/queue-4.19/net-fix-an-unsafe-loop-on-the-list.patch b/queue-4.19/net-fix-an-unsafe-loop-on-the-list.patch

new file mode 100644 (file)

index 0000000..d53e6db
--- /dev/null
+++ b/queue-4.19/net-fix-an-unsafe-loop-on-the-list.patch
@@ -0,0 +1,60 @@
+From 1dae9f1187189bc09ff6d25ca97ead711f7e26f9 Mon Sep 17 00:00:00 2001
+From: Anastasia Kovaleva <a.kovaleva@yadro.com>
+Date: Thu, 3 Oct 2024 13:44:31 +0300
+Subject: net: Fix an unsafe loop on the list
+
+From: Anastasia Kovaleva <a.kovaleva@yadro.com>
+
+commit 1dae9f1187189bc09ff6d25ca97ead711f7e26f9 upstream.
+
+The kernel may crash when deleting a genetlink family if there are still
+listeners for that family:
+
+Oops: Kernel access of bad area, sig: 11 [#1]
+  ...
+  NIP [c000000000c080bc] netlink_update_socket_mc+0x3c/0xc0
+  LR [c000000000c0f764] __netlink_clear_multicast_users+0x74/0xc0
+  Call Trace:
+__netlink_clear_multicast_users+0x74/0xc0
+genl_unregister_family+0xd4/0x2d0
+
+Change the unsafe loop on the list to a safe one, because inside the
+loop there is an element removal from this list.
+
+Fixes: b8273570f802 ("genetlink: fix netns vs. netlink table locking (2)")
+Cc: stable@vger.kernel.org
+Signed-off-by: Anastasia Kovaleva <a.kovaleva@yadro.com>
+Reviewed-by: Dmitry Bogdanov <d.bogdanov@yadro.com>
+Reviewed-by: Kuniyuki Iwashima <kuniyu@amazon.com>
+Link: https://patch.msgid.link/20241003104431.12391-1-a.kovaleva@yadro.com
+Signed-off-by: Jakub Kicinski <kuba@kernel.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+---
+ include/net/sock.h       |    2 ++
+ net/netlink/af_netlink.c |    3 ++-
+ 2 files changed, 4 insertions(+), 1 deletion(-)
+
+--- a/include/net/sock.h
++++ b/include/net/sock.h
+@@ -764,6 +764,8 @@ static inline void sk_add_bind_node(stru
+       hlist_for_each_entry_safe(__sk, tmp, list, sk_node)
+ #define sk_for_each_bound(__sk, list) \
+       hlist_for_each_entry(__sk, list, sk_bind_node)
++#define sk_for_each_bound_safe(__sk, tmp, list) \
++      hlist_for_each_entry_safe(__sk, tmp, list, sk_bind_node)
+ 
+ /**
+  * sk_for_each_entry_offset_rcu - iterate over a list at a given struct offset
+--- a/net/netlink/af_netlink.c
++++ b/net/netlink/af_netlink.c
+@@ -2145,8 +2145,9 @@ void __netlink_clear_multicast_users(str
+ {
+       struct sock *sk;
+       struct netlink_table *tbl = &nl_table[ksk->sk_protocol];
++      struct hlist_node *tmp;
+ 
+-      sk_for_each_bound(sk, &tbl->mc_list)
++      sk_for_each_bound_safe(sk, tmp, &tbl->mc_list)
+               netlink_update_socket_mc(nlk_sk(sk), group, 0);
+ }
+ 
diff --git a/queue-4.19/series b/queue-4.19/series

index 160d05b030f70b7c83d5a637f60184a419cb561a..d2482fdfd8932d1ba6b1aef41cfec87cfb96aef8 100644 (file)
--- a/queue-4.19/series
+++ b/queue-4.19/series
@@ -265,3 +265,4 @@ hid-plantronics-workaround-for-an-unexcepted-opposite-volume-key.patch
  revert-usb-yurex-replace-snprintf-with-the-safer-scnprintf-variant.patch
  usb-xhci-fix-problem-with-xhci-resume-from-suspend.patch
  usb-storage-ignore-bogus-device-raised-by-jieli-br21-usb-sound-chip.patch
+net-fix-an-unsafe-loop-on-the-list.patch
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 14 Oct 2024 12:08:05 +0000 (14:08 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 14 Oct 2024 12:08:05 +0000 (14:08 +0200)
queue-4.19/net-fix-an-unsafe-loop-on-the-list.patch	[new file with mode: 0644]	patch \| blob
queue-4.19/series		patch \| blob \| blame \| history