From: Greg Kroah-Hartman Date: Tue, 12 Nov 2024 08:43:44 +0000 (+0100) Subject: 6.11-stable patches X-Git-Tag: v5.15.172~7 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=4faff4c52a7ebfd78d76a3eb7f6dca7c08b0f275;p=thirdparty%2Fkernel%2Fstable-queue.git 6.11-stable patches added patches: hv_sock-initializing-vsk-trans-to-null-to-prevent-a-dangling-pointer.patch vsock-virtio-initialization-of-the-dangling-pointer-occurring-in-vsk-trans.patch --- diff --git a/queue-6.11/hv_sock-initializing-vsk-trans-to-null-to-prevent-a-dangling-pointer.patch b/queue-6.11/hv_sock-initializing-vsk-trans-to-null-to-prevent-a-dangling-pointer.patch new file mode 100644 index 00000000000..235c0a8ee15 --- /dev/null +++ b/queue-6.11/hv_sock-initializing-vsk-trans-to-null-to-prevent-a-dangling-pointer.patch @@ -0,0 +1,33 @@ +From e629295bd60abf4da1db85b82819ca6a4f6c1e79 Mon Sep 17 00:00:00 2001 +From: Hyunwoo Kim +Date: Wed, 6 Nov 2024 04:36:04 -0500 +Subject: hv_sock: Initializing vsk->trans to NULL to prevent a dangling pointer + +From: Hyunwoo Kim + +commit e629295bd60abf4da1db85b82819ca6a4f6c1e79 upstream. + +When hvs is released, there is a possibility that vsk->trans may not +be initialized to NULL, which could lead to a dangling pointer. +This issue is resolved by initializing vsk->trans to NULL. + +Signed-off-by: Hyunwoo Kim +Reviewed-by: Stefano Garzarella +Acked-by: Michael S. Tsirkin +Link: https://patch.msgid.link/Zys4hCj61V+mQfX2@v4bel-B760M-AORUS-ELITE-AX +Signed-off-by: Jakub Kicinski +Signed-off-by: Greg Kroah-Hartman +--- + net/vmw_vsock/hyperv_transport.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/vmw_vsock/hyperv_transport.c ++++ b/net/vmw_vsock/hyperv_transport.c +@@ -549,6 +549,7 @@ static void hvs_destruct(struct vsock_so + vmbus_hvsock_device_unregister(chan); + + kfree(hvs); ++ vsk->trans = NULL; + } + + static int hvs_dgram_bind(struct vsock_sock *vsk, struct sockaddr_vm *addr) diff --git a/queue-6.11/series b/queue-6.11/series index 3c9457c7c9f..f8acd2a6892 100644 --- a/queue-6.11/series +++ b/queue-6.11/series @@ -180,3 +180,5 @@ drm-xe-ufence-flush-xe-ordered_wq-in-case-of-ufence-.patch drm-xe-guc-tlb-flush-g2h-worker-in-case-of-tlb-timeo.patch asoc-amd-yc-fix-internal-mic-on-xiaomi-book-pro-14-2022.patch xtensa-emulate-one-byte-cmpxchg.patch +hv_sock-initializing-vsk-trans-to-null-to-prevent-a-dangling-pointer.patch +vsock-virtio-initialization-of-the-dangling-pointer-occurring-in-vsk-trans.patch diff --git a/queue-6.11/vsock-virtio-initialization-of-the-dangling-pointer-occurring-in-vsk-trans.patch b/queue-6.11/vsock-virtio-initialization-of-the-dangling-pointer-occurring-in-vsk-trans.patch new file mode 100644 index 00000000000..5a2b308d060 --- /dev/null +++ b/queue-6.11/vsock-virtio-initialization-of-the-dangling-pointer-occurring-in-vsk-trans.patch @@ -0,0 +1,35 @@ +From 6ca575374dd9a507cdd16dfa0e78c2e9e20bd05f Mon Sep 17 00:00:00 2001 +From: Hyunwoo Kim +Date: Tue, 22 Oct 2024 09:32:56 +0200 +Subject: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans + +From: Hyunwoo Kim + +commit 6ca575374dd9a507cdd16dfa0e78c2e9e20bd05f upstream. + +During loopback communication, a dangling pointer can be created in +vsk->trans, potentially leading to a Use-After-Free condition. This +issue is resolved by initializing vsk->trans to NULL. + +Cc: stable +Fixes: 06a8fc78367d ("VSOCK: Introduce virtio_vsock_common.ko") +Signed-off-by: Hyunwoo Kim +Signed-off-by: Wongi Lee +Signed-off-by: Greg Kroah-Hartman +Message-Id: <2024102245-strive-crib-c8d3@gregkh> +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Greg Kroah-Hartman +--- + net/vmw_vsock/virtio_transport_common.c | 1 + + 1 file changed, 1 insertion(+) + +--- a/net/vmw_vsock/virtio_transport_common.c ++++ b/net/vmw_vsock/virtio_transport_common.c +@@ -1087,6 +1087,7 @@ void virtio_transport_destruct(struct vs + struct virtio_vsock_sock *vvs = vsk->trans; + + kfree(vvs); ++ vsk->trans = NULL; + } + EXPORT_SYMBOL_GPL(virtio_transport_destruct); +