WSL2-Linux-Kernel/net/batman-adv
Vladislav Efanov 5db4229b14 batman-adv: Broken sync while rescheduling delayed work
commit abac3ac97f upstream.

Syzkaller got a lot of crashes like:
KASAN: use-after-free Write in *_timers*

All of these crashes point to the same memory area:

The buggy address belongs to the object at ffff88801f870000
 which belongs to the cache kmalloc-8k of size 8192
The buggy address is located 5320 bytes inside of
 8192-byte region [ffff88801f870000, ffff88801f872000)

This area belongs to :
        batadv_priv->batadv_priv_dat->delayed_work->timer_list

The reason for these issues is the lack of synchronization. Delayed
work (batadv_dat_purge) schedules new timer/work while the device
is being deleted. As the result new timer/delayed work is set after
cancel_delayed_work_sync() was called. So after the device is freed
the timer list contains pointer to already freed memory.

Found by Linux Verification Center (linuxtesting.org) with syzkaller.

Cc: stable@kernel.org
Fixes: 2f1dfbe185 ("batman-adv: Distributed ARP Table - implement local storage")
Signed-off-by: Vladislav Efanov <VEfanov@ispras.ru>
Acked-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-06-14 11:13:04 +02:00
..
Kconfig This feature/cleanup patchset is an updated version of the pull request 2021-02-08 11:32:40 -08:00
Makefile batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
bat_algo.c batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
bat_algo.h batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
bat_iv_ogm.c batman-adv: Drop NULL check before dropping references 2021-08-08 20:21:40 +02:00
bat_iv_ogm.h batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
bat_v.c batman-adv: Drop NULL check before dropping references 2021-08-08 20:21:40 +02:00
bat_v.h batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
bat_v_elp.c batman-adv: Drop NULL check before dropping references 2021-08-08 20:21:40 +02:00
bat_v_elp.h batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
bat_v_ogm.c batman-adv: Drop NULL check before dropping references 2021-08-08 20:21:40 +02:00
bat_v_ogm.h batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
bitarray.c batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
bitarray.h batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
bridge_loop_avoidance.c batman-adv: Use netif_rx_any_context() any. 2022-07-29 17:25:07 +02:00
bridge_loop_avoidance.h batman-adv: Remove the repeated declaration 2021-05-30 13:38:27 +02:00
distributed-arp-table.c batman-adv: Broken sync while rescheduling delayed work 2023-06-14 11:13:04 +02:00
distributed-arp-table.h batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
fragmentation.c batman-adv: Don't skb_split skbuffs with frag_list 2022-05-18 10:26:47 +02:00
fragmentation.h batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
gateway_client.c batman-adv: Drop NULL check before dropping references 2021-08-08 20:21:40 +02:00
gateway_client.h batman-adv: Check ptr for NULL before reducing its refcnt 2021-08-08 20:21:40 +02:00
gateway_common.c batman-adv: Switch to kstrtox.h for kstrtou64 2021-08-08 20:05:46 +02:00
gateway_common.h batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
hard-interface.c batman-adv: Don't expect inter-netns unique iflink indices 2022-03-08 19:12:45 +01:00
hard-interface.h batman-adv: Check ptr for NULL before reducing its refcnt 2021-08-08 20:21:40 +02:00
hash.c batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
hash.h batman-adv: Fix spelling mistakes 2021-06-02 08:46:03 +02:00
log.c isystem: ship and use stdarg.h 2021-08-19 09:02:55 +09:00
log.h batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
main.c net: batman-adv: fix error handling 2021-10-26 14:47:12 +01:00
main.h batman-adv: Start new development cycle 2021-08-08 20:05:46 +02:00
multicast.c ipv6: make mc_forwarding atomic 2022-04-13 20:59:03 +02:00
multicast.h batman-adv: mcast: don't send link-local multicast to mcast routers 2022-01-11 15:35:14 +01:00
netlink.c batman-adv: allow netlink usage in unprivileged containers 2022-01-27 11:04:25 +01:00
netlink.h batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
network-coding.c net: batman-adv: fix error handling 2021-10-26 14:47:12 +01:00
network-coding.h batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
originator.c batman-adv: Drop NULL check before dropping references 2021-08-08 20:21:40 +02:00
originator.h batman-adv: Check ptr for NULL before reducing its refcnt 2021-08-08 20:21:40 +02:00
routing.c batman-adv: Drop NULL check before dropping references 2021-08-08 20:21:40 +02:00
routing.h batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
send.c batman-adv: bcast: remove remaining skb-copy calls 2021-08-18 18:39:00 +02:00
send.h batman-adv: bcast: queue per interface, if needed 2021-05-17 12:00:44 +02:00
soft-interface.c batman-adv: mcast: don't send link-local multicast to mcast routers 2022-01-11 15:35:14 +01:00
soft-interface.h batman-adv: Check ptr for NULL before reducing its refcnt 2021-08-08 20:21:40 +02:00
tp_meter.c batman-adv: Drop NULL check before dropping references 2021-08-08 20:21:40 +02:00
tp_meter.h batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
trace.c batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
trace.h batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
translation-table.c net: batman-adv: fix error handling 2021-10-26 14:47:12 +01:00
translation-table.h batman-adv: Check ptr for NULL before reducing its refcnt 2021-08-08 20:21:40 +02:00
tvlv.c batman-adv: Drop NULL check before dropping references 2021-08-08 20:21:40 +02:00
tvlv.h batman-adv: Drop publication years from copyright info 2021-02-06 09:22:10 +01:00
types.h batman-adv: Fix order of kernel doc in batadv_priv 2021-03-23 21:49:14 +01:00