+++ /dev/null
-From c47cc304990a2813995b1a92bbc11d0bb9a19ea9 Mon Sep 17 00:00:00 2001
-From: Pavel Skripkin <paskripkin@gmail.com>
-Date: Wed, 2 Jun 2021 22:26:40 +0300
-Subject: net: kcm: fix memory leak in kcm_sendmsg
-
-From: Pavel Skripkin <paskripkin@gmail.com>
-
-commit c47cc304990a2813995b1a92bbc11d0bb9a19ea9 upstream.
-
-Syzbot reported memory leak in kcm_sendmsg()[1].
-The problem was in non-freed frag_list in case of error.
-
-In the while loop:
-
- if (head == skb)
- skb_shinfo(head)->frag_list = tskb;
- else
- skb->next = tskb;
-
-frag_list filled with skbs, but nothing was freeing them.
-
-backtrace:
- [<0000000094c02615>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
- [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline]
- [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967 [1]
- [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline]
- [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672
-
-Reported-and-tested-by: syzbot+b039f5699bd82e1fb011@syzkaller.appspotmail.com
-Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
-Cc: stable@vger.kernel.org
-Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/kcm/kcmsock.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/net/kcm/kcmsock.c
-+++ b/net/kcm/kcmsock.c
-@@ -1067,6 +1067,11 @@ out_error:
- goto partial_message;
- }
-
-+ if (skb_has_frag_list(head)) {
-+ kfree_skb_list(skb_shinfo(head)->frag_list);
-+ skb_shinfo(head)->frag_list = NULL;
-+ }
-+
- if (head != kcm->seq_skb)
- kfree_skb(head);
-
ieee802154-fix-error-return-code-in-ieee802154_llsec.patch
bluetooth-fix-the-erroneous-flush_work-order.patch
bluetooth-use-correct-lock-to-prevent-uaf-of-hdev-object.patch
-net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
net-caif-added-cfserl_release-function.patch
net-caif-add-proper-error-handling.patch
net-caif-fix-memory-leak-in-caif_device_notify.patch
+++ /dev/null
-From c47cc304990a2813995b1a92bbc11d0bb9a19ea9 Mon Sep 17 00:00:00 2001
-From: Pavel Skripkin <paskripkin@gmail.com>
-Date: Wed, 2 Jun 2021 22:26:40 +0300
-Subject: net: kcm: fix memory leak in kcm_sendmsg
-
-From: Pavel Skripkin <paskripkin@gmail.com>
-
-commit c47cc304990a2813995b1a92bbc11d0bb9a19ea9 upstream.
-
-Syzbot reported memory leak in kcm_sendmsg()[1].
-The problem was in non-freed frag_list in case of error.
-
-In the while loop:
-
- if (head == skb)
- skb_shinfo(head)->frag_list = tskb;
- else
- skb->next = tskb;
-
-frag_list filled with skbs, but nothing was freeing them.
-
-backtrace:
- [<0000000094c02615>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
- [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline]
- [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967 [1]
- [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline]
- [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672
-
-Reported-and-tested-by: syzbot+b039f5699bd82e1fb011@syzkaller.appspotmail.com
-Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
-Cc: stable@vger.kernel.org
-Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/kcm/kcmsock.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/net/kcm/kcmsock.c
-+++ b/net/kcm/kcmsock.c
-@@ -1067,6 +1067,11 @@ out_error:
- goto partial_message;
- }
-
-+ if (skb_has_frag_list(head)) {
-+ kfree_skb_list(skb_shinfo(head)->frag_list);
-+ skb_shinfo(head)->frag_list = NULL;
-+ }
-+
- if (head != kcm->seq_skb)
- kfree_skb(head);
-
tipc-fix-unique-bearer-names-sanity-check.patch
bluetooth-fix-the-erroneous-flush_work-order.patch
bluetooth-use-correct-lock-to-prevent-uaf-of-hdev-object.patch
-net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
net-caif-added-cfserl_release-function.patch
net-caif-add-proper-error-handling.patch
net-caif-fix-memory-leak-in-caif_device_notify.patch
+++ /dev/null
-From c47cc304990a2813995b1a92bbc11d0bb9a19ea9 Mon Sep 17 00:00:00 2001
-From: Pavel Skripkin <paskripkin@gmail.com>
-Date: Wed, 2 Jun 2021 22:26:40 +0300
-Subject: net: kcm: fix memory leak in kcm_sendmsg
-
-From: Pavel Skripkin <paskripkin@gmail.com>
-
-commit c47cc304990a2813995b1a92bbc11d0bb9a19ea9 upstream.
-
-Syzbot reported memory leak in kcm_sendmsg()[1].
-The problem was in non-freed frag_list in case of error.
-
-In the while loop:
-
- if (head == skb)
- skb_shinfo(head)->frag_list = tskb;
- else
- skb->next = tskb;
-
-frag_list filled with skbs, but nothing was freeing them.
-
-backtrace:
- [<0000000094c02615>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
- [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline]
- [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967 [1]
- [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline]
- [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672
-
-Reported-and-tested-by: syzbot+b039f5699bd82e1fb011@syzkaller.appspotmail.com
-Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
-Cc: stable@vger.kernel.org
-Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/kcm/kcmsock.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/net/kcm/kcmsock.c
-+++ b/net/kcm/kcmsock.c
-@@ -1065,6 +1065,11 @@ out_error:
- goto partial_message;
- }
-
-+ if (skb_has_frag_list(head)) {
-+ kfree_skb_list(skb_shinfo(head)->frag_list);
-+ skb_shinfo(head)->frag_list = NULL;
-+ }
-+
- if (head != kcm->seq_skb)
- kfree_skb(head);
-
ieee802154-fix-error-return-code-in-ieee802154_llsec.patch
bluetooth-fix-the-erroneous-flush_work-order.patch
bluetooth-use-correct-lock-to-prevent-uaf-of-hdev-object.patch
-net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
net-caif-added-cfserl_release-function.patch
net-caif-add-proper-error-handling.patch
net-caif-fix-memory-leak-in-caif_device_notify.patch
+++ /dev/null
-From c47cc304990a2813995b1a92bbc11d0bb9a19ea9 Mon Sep 17 00:00:00 2001
-From: Pavel Skripkin <paskripkin@gmail.com>
-Date: Wed, 2 Jun 2021 22:26:40 +0300
-Subject: net: kcm: fix memory leak in kcm_sendmsg
-
-From: Pavel Skripkin <paskripkin@gmail.com>
-
-commit c47cc304990a2813995b1a92bbc11d0bb9a19ea9 upstream.
-
-Syzbot reported memory leak in kcm_sendmsg()[1].
-The problem was in non-freed frag_list in case of error.
-
-In the while loop:
-
- if (head == skb)
- skb_shinfo(head)->frag_list = tskb;
- else
- skb->next = tskb;
-
-frag_list filled with skbs, but nothing was freeing them.
-
-backtrace:
- [<0000000094c02615>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
- [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline]
- [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967 [1]
- [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline]
- [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672
-
-Reported-and-tested-by: syzbot+b039f5699bd82e1fb011@syzkaller.appspotmail.com
-Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
-Cc: stable@vger.kernel.org
-Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/kcm/kcmsock.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/net/kcm/kcmsock.c
-+++ b/net/kcm/kcmsock.c
-@@ -1066,6 +1066,11 @@ out_error:
- goto partial_message;
- }
-
-+ if (skb_has_frag_list(head)) {
-+ kfree_skb_list(skb_shinfo(head)->frag_list);
-+ skb_shinfo(head)->frag_list = NULL;
-+ }
-+
- if (head != kcm->seq_skb)
- kfree_skb(head);
-
wireguard-allowedips-remove-nodes-in-o-1.patch
wireguard-allowedips-allocate-nodes-in-kmem_cache.patch
wireguard-allowedips-free-empty-intermediate-nodes-when-removing-single-node.patch
-net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
net-caif-added-cfserl_release-function.patch
net-caif-add-proper-error-handling.patch
net-caif-fix-memory-leak-in-caif_device_notify.patch
+++ /dev/null
-From c47cc304990a2813995b1a92bbc11d0bb9a19ea9 Mon Sep 17 00:00:00 2001
-From: Pavel Skripkin <paskripkin@gmail.com>
-Date: Wed, 2 Jun 2021 22:26:40 +0300
-Subject: net: kcm: fix memory leak in kcm_sendmsg
-
-From: Pavel Skripkin <paskripkin@gmail.com>
-
-commit c47cc304990a2813995b1a92bbc11d0bb9a19ea9 upstream.
-
-Syzbot reported memory leak in kcm_sendmsg()[1].
-The problem was in non-freed frag_list in case of error.
-
-In the while loop:
-
- if (head == skb)
- skb_shinfo(head)->frag_list = tskb;
- else
- skb->next = tskb;
-
-frag_list filled with skbs, but nothing was freeing them.
-
-backtrace:
- [<0000000094c02615>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
- [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline]
- [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967 [1]
- [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline]
- [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672
-
-Reported-and-tested-by: syzbot+b039f5699bd82e1fb011@syzkaller.appspotmail.com
-Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
-Cc: stable@vger.kernel.org
-Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/kcm/kcmsock.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/net/kcm/kcmsock.c
-+++ b/net/kcm/kcmsock.c
-@@ -1066,6 +1066,11 @@ out_error:
- goto partial_message;
- }
-
-+ if (skb_has_frag_list(head)) {
-+ kfree_skb_list(skb_shinfo(head)->frag_list);
-+ skb_shinfo(head)->frag_list = NULL;
-+ }
-+
- if (head != kcm->seq_skb)
- kfree_skb(head);
-
wireguard-allowedips-remove-nodes-in-o-1.patch
wireguard-allowedips-allocate-nodes-in-kmem_cache.patch
wireguard-allowedips-free-empty-intermediate-nodes-when-removing-single-node.patch
-net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
net-caif-added-cfserl_release-function.patch
net-caif-add-proper-error-handling.patch
net-caif-fix-memory-leak-in-caif_device_notify.patch
+++ /dev/null
-From c47cc304990a2813995b1a92bbc11d0bb9a19ea9 Mon Sep 17 00:00:00 2001
-From: Pavel Skripkin <paskripkin@gmail.com>
-Date: Wed, 2 Jun 2021 22:26:40 +0300
-Subject: net: kcm: fix memory leak in kcm_sendmsg
-
-From: Pavel Skripkin <paskripkin@gmail.com>
-
-commit c47cc304990a2813995b1a92bbc11d0bb9a19ea9 upstream.
-
-Syzbot reported memory leak in kcm_sendmsg()[1].
-The problem was in non-freed frag_list in case of error.
-
-In the while loop:
-
- if (head == skb)
- skb_shinfo(head)->frag_list = tskb;
- else
- skb->next = tskb;
-
-frag_list filled with skbs, but nothing was freeing them.
-
-backtrace:
- [<0000000094c02615>] __alloc_skb+0x5e/0x250 net/core/skbuff.c:198
- [<00000000e5386cbd>] alloc_skb include/linux/skbuff.h:1083 [inline]
- [<00000000e5386cbd>] kcm_sendmsg+0x3b6/0xa50 net/kcm/kcmsock.c:967 [1]
- [<00000000f1613a8a>] sock_sendmsg_nosec net/socket.c:652 [inline]
- [<00000000f1613a8a>] sock_sendmsg+0x4c/0x60 net/socket.c:672
-
-Reported-and-tested-by: syzbot+b039f5699bd82e1fb011@syzkaller.appspotmail.com
-Fixes: ab7ac4eb9832 ("kcm: Kernel Connection Multiplexor module")
-Cc: stable@vger.kernel.org
-Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
-Signed-off-by: David S. Miller <davem@davemloft.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- net/kcm/kcmsock.c | 5 +++++
- 1 file changed, 5 insertions(+)
-
---- a/net/kcm/kcmsock.c
-+++ b/net/kcm/kcmsock.c
-@@ -1068,6 +1068,11 @@ out_error:
- goto partial_message;
- }
-
-+ if (skb_has_frag_list(head)) {
-+ kfree_skb_list(skb_shinfo(head)->frag_list);
-+ skb_shinfo(head)->frag_list = NULL;
-+ }
-+
- if (head != kcm->seq_skb)
- kfree_skb(head);
-
tipc-fix-unique-bearer-names-sanity-check.patch
bluetooth-fix-the-erroneous-flush_work-order.patch
bluetooth-use-correct-lock-to-prevent-uaf-of-hdev-object.patch
-net-kcm-fix-memory-leak-in-kcm_sendmsg.patch
net-caif-added-cfserl_release-function.patch
net-caif-add-proper-error-handling.patch
net-caif-fix-memory-leak-in-caif_device_notify.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
