microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/drivers
История
Jason Wang daf0ca743b tuntap: fix use after free during release 
commit 7063efd33b upstream.

After commit b196d88aba ("tun: fix use after free for ptr_ring") we
need clean up tx ring during release(). But unfortunately, it tries to
do the cleanup blindly after socket were destroyed which will lead
another use-after-free. Fix this by doing the cleanup before dropping
the last reference of the socket in __tun_detach().

Backport Note :-
Upstream commit moves the ptr_ring_cleanup call from tun_chr_close to
__tun_detach. Upstream applied that patch after replacing skb_array with
ptr_ring. This patch moves the skb_array_cleanup call from
tun_chr_close to __tun_detach.

Reported-by: Andrei Vagin <avagin@virtuozzo.com>
Acked-by: Andrei Vagin <avagin@virtuozzo.com>
Fixes: b196d88aba ("tun: fix use after free for ptr_ring")
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Zubin Mithra <zsm@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2018-09-19 22:43:48 +02:00
..
accessibility
acpi ACPI / scan: Initialize status to ACPI_STA_DEFAULT 2018-09-15 09:45:30 +02:00
amba
android android: binder: fix the race mmap and alloc_new_buf_locked 2018-09-19 22:43:35 +02:00
ata ata: libahci: Correct setting of DEVSLP register 2018-09-19 22:43:41 +02:00
atm
auxdisplay
base
bcma
block pktcdvd: Fix possible Spectre-v1 for pkt_devs 2018-09-19 22:43:43 +02:00
bluetooth Bluetooth: h5: Fix missing dependency on BT_HCIUART_SERDEV 2018-09-19 22:43:38 +02:00
bus
cdrom
char tpm/tpm_i2c_infineon: switch to i2c_lock_bus(..., I2C_LOCK_SEGMENT) 2018-09-19 22:43:43 +02:00
clk clk: rockchip: Add pclk_rkpwm_pmu to PMU critical clocks in rk3399 2018-09-15 09:45:32 +02:00
clocksource
connector
cpufreq cpufreq: governor: Avoid accessing invalid governor_data 2018-09-09 19:55:58 +02:00
cpuidle
crypto crypto: caam/qi - fix error path in xts setkey 2018-09-09 19:56:02 +02:00
dax
dca
devfreq
dio
dma
dma-buf
edac
eisa
extcon
firewire
firmware firmware: vpd: Fix section enabled flag on vpd_section_destroy 2018-09-19 22:43:40 +02:00
fmc
fpga
fsi
gpio gpio: ml-ioh: Fix buffer underwrite on probe error path 2018-09-19 22:43:42 +02:00
gpu drm/i915: set DP Main Stream Attribute for color range on DDI platforms 2018-09-19 22:43:45 +02:00
hid HID: add quirk for another PIXART OEM mouse used by HP 2018-09-15 09:45:35 +02:00
hsi
hv Drivers: hv: vmbus: Cleanup synic memory free path 2018-09-19 22:43:40 +02:00
hwmon
hwspinlock
hwtracing
i2c i2c: aspeed: Add an explicit type casting for *get_clk_reg_val 2018-09-19 22:43:38 +02:00
ide
idle
iio
infiniband RDMA/cma: Do not ignore net namespace for unbound cm_id 2018-09-19 22:43:45 +02:00
input Input: atmel_mxt_ts - only use first T9 instance 2018-09-19 22:43:43 +02:00
iommu iommu/ipmmu-vmsa: Fix allocation in atomic context 2018-09-19 22:43:44 +02:00
ipack
irqchip irqchip/bcm7038-l1: Hide cpu offline callback when building for !SMP 2018-09-15 09:45:29 +02:00
isdn
leds
lightnvm lightnvm: pblk: free padded entries in write buffer 2018-09-15 09:45:35 +02:00
macintosh macintosh/via-pmu: Add missing mmio accessors 2018-09-19 22:43:41 +02:00
mailbox
mcb
md dm cache: only allow a single io_mode cache feature to be requested 2018-09-19 22:43:43 +02:00
media media: helene: fix xtal frequency setting at power on 2018-09-19 22:43:44 +02:00
memory
memstick
message
mfd mfd: ti_am335x_tscadc: Fix struct clk memory leak 2018-09-19 22:43:44 +02:00
misc misc: ti-st: Fix memory leak in the error path of probe() 2018-09-19 22:43:39 +02:00
mmc
mtd mtd: ubi: wl: Fix error return code in ubi_wl_init() 2018-09-19 22:43:48 +02:00
mux
net tuntap: fix use after free during release 2018-09-19 22:43:48 +02:00
nfc
ntb
nubus
nvdimm libnvdimm: fix ars_status output length calculation 2018-09-09 19:56:01 +02:00
nvme
nvmem
of
oprofile
parisc
parport
pci switchtec: Fix Spectre v1 vulnerability 2018-09-19 22:43:37 +02:00
pcmcia
perf
phy
pinctrl pinctrl/amd: only handle irq if it is pending and unmasked 2018-09-19 22:43:42 +02:00
platform platform/x86: asus-nb-wmi: Add keymap entry for lid flip action on UX360 2018-09-15 09:45:28 +02:00
pnp
power
powercap
pps
ps3
ptp
pwm pwm: meson: Fix mux clock names 2018-09-15 09:45:27 +02:00
rapidio
ras
regulator
remoteproc
reset
rpmsg rpmsg: core: add support to power domains for devices 2018-09-19 22:43:41 +02:00
rtc rtc: omap: fix potential crash on power off 2018-09-09 19:55:57 +02:00
s390 s390/dasd: fix panic for failed online processing 2018-09-15 09:45:30 +02:00
sbus
scsi scsi: 3ware: fix return 0 on the error path of probe 2018-09-19 22:43:42 +02:00
sfi
sh
sn
soc
spi
spmi
ssb
staging irda: Only insert new objects into the global database via setsockopt 2018-09-15 09:45:36 +02:00
target scsi: target: fix __transport_register_session locking 2018-09-19 22:43:39 +02:00
tc
tee
thermal
thunderbolt
tty tty: rocket: Fix possible buffer overwrite on register_PCI 2018-09-19 22:43:40 +02:00
uio uio: potential double frees if __uio_register_device() fails 2018-09-19 22:43:40 +02:00
usb usb: dwc3: core: Fix ULPI PHYs and prevent phy_get/ulpi_init during suspend/resume 2018-09-15 09:45:35 +02:00
uwb
vfio
vhost vhost: correctly check the iova range when waking virtqueue 2018-09-15 09:45:25 +02:00
video fb: fix lost console when the user unplugs a USB adapter 2018-09-09 19:56:01 +02:00
virt
virtio virtio: pci-legacy: Validate queue pfn 2018-09-15 09:45:27 +02:00
vlynq
vme
w1
watchdog
xen xen/balloon: fix balloon initialization for PVH Dom0 2018-09-15 09:45:30 +02:00
zorro
Kconfig
Makefile