Gh0st
/
linux
mirror of https://github.com/torvalds/linux.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
linux/include/net
History
Sven Stegemann 52565a9352 net: kcm: Fix race condition in kcm_unattach() 
syzbot found a race condition when kcm_unattach(psock)
and kcm_release(kcm) are executed at the same time.

kcm_unattach() is missing a check of the flag
kcm->tx_stopped before calling queue_work().

If the kcm has a reserved psock, kcm_unattach() might get executed
between cancel_work_sync() and unreserve_psock() in kcm_release(),
requeuing kcm->tx_work right before kcm gets freed in kcm_done().

Remove kcm->tx_stopped and replace it by the less
error-prone disable_work_sync().

Fixes: ab7ac4eb98 ("kcm: Kernel Connection Multiplexor module")
Reported-by: syzbot+e62c9db591c30e174662@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=e62c9db591c30e174662
Reported-by: syzbot+d199b52665b6c3069b94@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=d199b52665b6c3069b94
Reported-by: syzbot+be6b1fdfeae512726b4e@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=be6b1fdfeae512726b4e
Signed-off-by: Sven Stegemann <sven@stegemann.de>
Link: https://patch.msgid.link/20250812191810.27777-1-sven@stegemann.de
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
 		2025-08-13 18:18:33 -07:00
..
9p
bluetooth Bluetooth: Add PA_LINK to distinguish BIG sync and PA sync connections 2025-07-23 10:35:14 -04:00
caif
iucv
libeth libeth: xdp: access ->pp through netmem_desc instead of page 2025-07-23 17:46:56 -07:00
mana net: mana: Handle Reset Request from MANA NIC 2025-07-01 19:17:53 -07:00
netfilter netfilter: nft_set: remove indirection from update API call 2025-07-25 18:40:23 +02:00
netns net: mctp: Use hashtable for binds 2025-07-15 12:08:39 +02:00
nfc
page_pool net: page_pool: allow enabling recycling late, fix false positive warning 2025-08-08 12:54:42 -07:00
phonet
sctp sctp: Replace sockaddr with sockaddr_inet in sctp_addr union 2025-07-25 15:29:58 -07:00
tc_act net_sched: act_skbedit: use RCU in tcf_skbedit_dump() 2025-07-11 16:01:17 -07:00
6lowpan.h
Space.h
act_api.h net_sched: act: annotate data-races in tcf_lastuse_update() and tcf_tm_dump() 2025-07-11 16:01:15 -07:00
addrconf.h
af_ieee802154.h
af_rxrpc.h rxrpc: Remove deadcode 2025-04-24 17:03:45 -07:00
af_unix.h af_unix: Introduce SO_INQ. 2025-07-08 18:05:25 -07:00
af_vsock.h vsock: fix `vsock_proto` declaration 2025-07-07 16:55:54 -07:00
ah.h
aligned_data.h udp: move udp_memory_allocated into net_aligned_data 2025-07-02 14:22:02 -07:00
amt.h
arp.h
atmclip.h
ax25.h
ax88796.h
bareudp.h
bond_3ad.h
bond_alb.h
bond_options.h net: bonding: add broadcast_neighbor option for 802.3ad 2025-07-08 10:59:41 +02:00
bonding.h net: bonding: add broadcast_neighbor option for 802.3ad 2025-07-08 10:59:41 +02:00
bpf_sk_storage.h
busy_poll.h
calipso.h
cfg80211-wext.h
cfg80211.h wifi: cfg80211/mac80211: report link ID for unexpected frames 2025-07-21 19:40:59 +02:00
cfg802154.h
checksum.h net: Fix checksum update for ILA adj-transport 2025-05-30 19:53:51 -07:00
cipso_ipv4.h
cls_cgroup.h
codel.h
codel_impl.h
codel_qdisc.h
compat.h
datalink.h
dcbevent.h
dcbnl.h
devlink.h devlink: let driver opt out of automatic phys_port_name generation 2025-08-12 13:23:39 -07:00
dropreason-core.h sched: Add enqueue/dequeue of dualpi2 qdisc 2025-07-23 17:52:07 -07:00
dropreason.h
dsa.h net: dsa: tag_brcm: add support for legacy FCS tags 2025-06-17 17:52:01 -07:00
dsa_stubs.h
dscp.h
dsfield.h
dst.h net: Add locking to protect skb->dev access in ip_output 2025-08-01 15:17:52 -07:00
dst_cache.h
dst_metadata.h
dst_ops.h
eee.h
erspan.h
esp.h
espintcp.h
ethoc.h
failover.h
fib_notifier.h
fib_rules.h net: fib_rules: Fix iif / oif matching on L3 master device 2025-04-15 17:54:56 -07:00
firewire.h
flow.h ip: load balance tcp connections to single dst addr and port 2025-04-29 16:22:25 +02:00
flow_dissector.h
flow_offload.h
fou.h
fq.h
fq_impl.h
garp.h
gen_stats.h
genetlink.h
geneve.h
gre.h
gro.h net: Create separate gro_flush_normal function 2025-07-24 18:34:55 -07:00
gro_cells.h
gso.h
gtp.h
gue.h
handshake.h
hotdata.h
hwbm.h
icmp.h
ieee8021q.h
ieee80211_radiotap.h
ieee802154_netdev.h
if_inet6.h
ife.h
inet6_connection_sock.h
inet6_hashtables.h ipv6: adopt skb_dst_dev() and skb_dst_dev_net[_rcu]() helpers 2025-07-02 14:32:30 -07:00
inet_common.h
inet_connection_sock.h
inet_dscp.h
inet_ecn.h
inet_frag.h
inet_hashtables.h ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] 2025-07-02 14:32:30 -07:00
inet_sock.h
inet_timewait_sock.h
inetpeer.h
ioam6.h
ip.h ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] 2025-07-02 14:32:30 -07:00
ip6_checksum.h
ip6_fib.h ipv6: Defer fib6_purge_rt() in fib6_add_rt2node() to fib6_add(). 2025-04-24 09:29:56 +02:00
ip6_route.h ipv6: adopt dst_dev() helper 2025-07-02 14:32:30 -07:00
ip6_tunnel.h ipv6: adopt skb_dst_dev() and skb_dst_dev_net[_rcu]() helpers 2025-07-02 14:32:30 -07:00
ip_fib.h ipv4: prefer multipath nexthop that matches source address 2025-04-29 16:22:25 +02:00
ip_tunnels.h net: ipv4: Add a flags argument to iptunnel_xmit(), udp_tunnel_xmit_skb() 2025-06-17 18:18:44 -07:00
ip_vs.h ipvs: Fix estimator kthreads preferred affinity 2025-08-13 08:34:33 +02:00
ipcomp.h
ipconfig.h
ipv6.h
ipv6_frag.h
ipv6_stubs.h
iw_handler.h
kcm.h net: kcm: Fix race condition in kcm_unattach() 2025-08-13 18:18:33 -07:00
l3mdev.h net: fib_rules: Fix iif / oif matching on L3 master device 2025-04-15 17:54:56 -07:00
lag.h
lapb.h
llc.h
llc_c_ac.h
llc_c_ev.h
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
lwtunnel.h net: dst: annotate data-races around dst->output 2025-07-02 14:32:30 -07:00
mac80211.h wifi: mac80211: don't require cipher and keylen in gtk rekey 2025-07-22 10:43:19 +02:00
mac802154.h
macsec.h
mctp.h net: mctp: Allow limiting binds to a peer address 2025-07-15 12:08:39 +02:00
mctpdevice.h
mip6.h
mld.h
mpls.h
mpls_iptunnel.h
mptcp.h mptcp: sched: remove mptcp_sched_data 2025-04-15 08:21:46 -07:00
mrp.h
ncsi.h
ndisc.h net: replace ND_PRINTK with dynamic debug 2025-07-10 15:27:32 -07:00
neighbour.h neighbour: Update pneigh_entry in pneigh_create(). 2025-07-17 16:25:22 -07:00
neighbour_tables.h
net_debug.h
net_failover.h
net_namespace.h net: Remove ->exit_batch_rtnl(). 2025-04-14 17:08:45 -07:00
net_ratelimit.h
net_shaper.h
net_trackers.h
netdev_lock.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-05-22 09:42:41 -07:00
netdev_netlink.h
netdev_queues.h queue_api: add subqueue variant netif_subqueue_sent 2025-06-10 15:27:18 -07:00
netdev_rx_queue.h
netevent.h
netkit.h
netlabel.h
netlink.h netlink: introduce type-checking attribute iteration for nlmsg 2025-07-02 15:39:04 -07:00
netmem.h netmem, mlx4: access ->pp_ref_count through netmem_desc instead of page 2025-07-23 17:46:54 -07:00
netprio_cgroup.h
netrom.h
nexthop.h ipv6: Protect nh->f6i_list with spinlock and flag. 2025-04-24 09:29:56 +02:00
nl802154.h
nsh.h
pfcp.h net: pfcp: fix typo in message_priority field name 2025-06-13 18:17:08 -07:00
pie.h
ping.h
pkt_cls.h
pkt_sched.h net/sched: sch_qfq: Fix null-deref in agg_dequeue 2025-07-10 11:08:35 +02:00
pptp.h
proto_memory.h
protocol.h
psample.h
psnap.h
raw.h
rawv6.h
red.h
regulatory.h
request_sock.h tcp: remove inet_rtx_syn_ack() 2025-06-27 15:34:19 -07:00
rose.h
route.h ipv4: adopt dst_dev, skb_dst_dev and skb_dst_dev_net[_rcu] 2025-07-02 14:32:30 -07:00
rpl.h
rps.h net: rfs: add sock_rps_delete_flow() helper 2025-05-16 16:03:48 -07:00
rsi_91x.h
rstreason.h net: Retire DCCP socket. 2025-04-11 18:58:10 -07:00
rtnetlink.h
rtnh.h
sch_generic.h net_sched: remove qdisc_tree_flush_backlog() 2025-06-12 08:05:50 -07:00
scm.h af_unix/scm: fix whitespace errors 2025-07-04 09:32:35 +02:00
secure_seq.h net: Retire DCCP socket. 2025-04-11 18:58:10 -07:00
seg6.h
seg6_hmac.h
seg6_local.h
selftests.h
slhc_vj.h
smc.h
snmp.h
sock.h tcp: add const to tcp_try_rmem_schedule() and sk_rmem_schedule() skb 2025-07-14 18:41:43 -07:00
sock_reuseport.h
stp.h
strparser.h strparser: Remove unused __strp_unpause 2025-05-05 16:48:12 -07:00
switchdev.h
tc_wrapper.h
tcp.h Kbuild updates for v6.17 2025-08-06 07:32:52 +03:00
tcp_ao.h
tcp_states.h
tcx.h bpf: Remove location field in tcx_link 2025-07-11 11:00:57 -07:00
timewait_sock.h
tipc.h
tls.h
tls_prot.h
tls_toe.h
transp_v6.h
tso.h
tun_proto.h
udp.h net: drop UFO packets in udp_rcv_segment() 2025-08-01 15:14:51 -07:00
udp_tunnel.h udp_tunnel: fix deadlock in udp_tunnel_nic_set_port_priv() 2025-06-24 16:31:36 -07:00
udplite.h
vsock_addr.h
vxlan.h vxlan: Support MC routing in the underlay 2025-06-17 18:18:46 -07:00
wext.h
x25.h net/x25: Remove unused x25_terminate_link() 2025-07-14 17:19:13 -07:00
x25device.h
xdp.h xdp: create locked/unlocked instances of xdp redirect target setters 2025-04-22 19:57:56 -07:00
xdp_priv.h
xdp_sock.h net: xsk: introduce XDP_MAX_TX_SKB_BUDGET setsockopt 2025-07-10 14:48:29 +02:00
xdp_sock_drv.h
xfrm.h Revert "xfrm: destroy xfrm_state synchronously on net exit path" 2025-07-08 13:28:29 +02:00
xsk_buff_pool.h xsk: Fix offset calculation in unaligned mode 2025-04-24 17:11:52 -07:00