microsoft
/
WSL2-Linux-Kernel
зеркало из https://github.com/microsoft/WSL2-Linux-Kernel.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
WSL2-Linux-Kernel/drivers
История
Eric Dumazet 2bef4d1fb8 wifi: mac80211_hwsim: fix potential NULL deref in hwsim_pmsr_report_nl() 
syzbot reported a NULL dereference caused by a missing check
in hwsim_pmsr_report_nl(), and bisected the issue to cited commit.

v2: test the nlattr before using nla_data() on it (Simon Horman)

general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
CPU: 0 PID: 5084 Comm: syz-executor104 Not tainted 6.3.0-rc4-next-20230331-syzkaller #0
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/02/2023
RIP: 0010:jhash+0x339/0x610 include/linux/jhash.h:95
Code: 83 fd 01 0f 84 5f ff ff ff eb de 83 fd 05 74 3a e8 ac f5 71 fd 48 8d 7b 05 48 b8 00 00 00 00 00 fc ff df 48 89 fa 48 c1 ea 03 <0f> b6 04 02 48 89 fa 83 e2 07 38 d0 7f 08 84 c0 0f 85 96 02 00 00
RSP: 0018:ffffc90003abf298 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 0000000000000004 RCX: 0000000000000000
RDX: 0000000000000001 RSI: ffffffff84111ba4 RDI: 0000000000000009
RBP: 0000000000000006 R08: 0000000000000005 R09: 000000000000000c
R10: 0000000000000006 R11: 0000000000000000 R12: 000000004d2c27cd
R13: 000000002bd9e6c2 R14: 000000002bd9e6c2 R15: 000000002bd9e6c2
FS: 0000555556847300(0000) GS:ffff8880b9800000(0000) knlGS:0000000000000000
CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000045ad50 CR3: 0000000078aa6000 CR4: 00000000003506f0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
Call Trace:
<TASK>
rht_key_hashfn include/linux/rhashtable.h:159 [inline]
__rhashtable_lookup include/linux/rhashtable.h:604 [inline]
rhashtable_lookup include/linux/rhashtable.h:646 [inline]
rhashtable_lookup_fast include/linux/rhashtable.h:672 [inline]
get_hwsim_data_ref_from_addr+0xb9/0x600 drivers/net/wireless/virtual/mac80211_hwsim.c:757
hwsim_pmsr_report_nl+0xe7/0xd50 drivers/net/wireless/virtual/mac80211_hwsim.c:3764
genl_family_rcv_msg_doit.isra.0+0x1e6/0x2d0 net/netlink/genetlink.c:968
genl_family_rcv_msg net/netlink/genetlink.c:1048 [inline]
genl_rcv_msg+0x4ff/0x7e0 net/netlink/genetlink.c:1065
netlink_rcv_skb+0x165/0x440 net/netlink/af_netlink.c:2572
genl_rcv+0x28/0x40 net/netlink/genetlink.c:1076
netlink_unicast_kernel net/netlink/af_netlink.c:1339 [inline]
netlink_unicast+0x547/0x7f0 net/netlink/af_netlink.c:1365
netlink_sendmsg+0x925/0xe30 net/netlink/af_netlink.c:1942
sock_sendmsg_nosec net/socket.c:724 [inline]
sock_sendmsg+0xde/0x190 net/socket.c:747
____sys_sendmsg+0x71c/0x900 net/socket.c:2501
___sys_sendmsg+0x110/0x1b0 net/socket.c:2555
__sys_sendmsg+0xf7/0x1c0 net/socket.c:2584
do_syscall_x64 arch/x86/entry/common.c:50 [inline]
do_syscall_64+0x39/0xb0 arch/x86/entry/common.c:80
entry_SYSCALL_64_after_hwframe+0x63/0xcd

Fixes: 2af3b2a631 ("mac80211_hwsim: add PMSR report support via virtio")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Jaewan Kim <jaewan@google.com>
Cc: Johannes Berg <johannes.berg@intel.com>
Reviewed-by: Simon Horman <simon.horman@corigine.com>
Reviewed-by: Jaewan Kim <jaewan@google.com>
Link: https://lore.kernel.org/r/20230404171658.917361-1-edumazet@google.com
Signed-off-by: Johannes Berg <johannes.berg@intel.com>
 		2023-04-11 15:36:38 +02:00
..
accel accel/ivpu: Fix IPC buffer header status field value 2023-03-24 10:52:20 +01:00
accessibility
acpi Thermal control fixes for 6.3-rc4 2023-03-24 13:45:58 -07:00
amba
android Char/Misc and other driver subsystem changes for 6.3-rc1 2023-02-24 12:47:33 -08:00
ata ata: pata_parport: fix memory leaks 2023-03-16 16:54:38 +09:00
atm atm: idt77252: fix kmemleak when rmmod idt77252 2023-03-21 20:19:28 -07:00
auxdisplay
base A set of updates for the interrupt susbsystem: 2023-03-05 11:19:16 -08:00
bcma bcma: remove unused mips_read32 function 2023-03-31 18:04:59 +03:00
block block/io_uring: pass in issue_flags for uring_cmd task_work handling 2023-03-20 20:01:25 -06:00
bluetooth Bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work 2023-03-23 13:09:38 -07:00
bus bus: imx-weim: fix branch condition evaluates to a garbage value 2023-03-14 11:43:51 +08:00
cdrom
char tpm: disable hwrng for fTPM on some AMD designs 2023-03-12 23:28:10 +02:00
clk clk: k210: remove an implicit 64-bit division 2023-03-06 14:41:20 -08:00
clocksource
comedi
connector
counter
cpufreq More power management updates for 6.3-rc1 2023-03-03 10:30:58 -08:00
cpuidle cpuidle: psci: Iterate backwards over list in psci_pd_remove() 2023-03-07 14:04:13 +01:00
crypto This push fixes a regression in the caam driver. 2023-03-05 11:32:30 -08:00
cxl cxl for v6.3 2023-02-25 09:19:23 -08:00
dax cxl for v6.3 2023-02-25 09:19:23 -08:00
dca
devfreq
dio
dma dmaengine updates for v6.3 2023-02-24 17:18:54 -08:00
dma-buf
edac
eisa
extcon
firewire Driver core changes for 6.3-rc1 2023-02-24 12:58:55 -08:00
firmware ARM: SoC fixes for 6.3, part 2 2023-03-24 15:38:13 -07:00
fpga Driver core changes for 6.3-rc1 2023-02-24 12:58:55 -08:00
fsi
gnss
gpio ACPI: x86: Introduce an acpi_quirk_skip_gpio_event_handlers() helper 2023-03-07 14:15:10 +01:00
gpu Merge branch 'etnaviv/fixes' of https://git.pengutronix.de/git/lst/linux into drm-fixes 2023-03-30 20:15:07 +02:00
greybus
hid for-linus-2023030901 2023-03-09 10:17:23 -08:00
hsi Driver core changes for 6.3-rc1 2023-02-24 12:58:55 -08:00
hte
hv Driver core changes for 6.3-rc1 2023-02-24 12:58:55 -08:00
hwmon hwmon (it87): Fix voltage scaling for chips with 10.9mV ADCs 2023-03-21 19:14:55 -07:00
hwspinlock
hwtracing Driver core changes for 6.3-rc1 2023-02-24 12:58:55 -08:00
i2c i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() 2023-03-16 21:15:43 +01:00
i3c I3C for 6.3 2023-02-28 16:05:01 -08:00
idle
iio Char/Misc and other driver subsystem changes for 6.3-rc1 2023-02-24 12:47:33 -08:00
infiniband v6.3 RDMA pull request 2023-02-24 15:11:03 -08:00
input ARM: SoC drivers for 6.3 2023-02-27 10:04:49 -08:00
interconnect interconnect: exynos: drop redundant link destroy 2023-03-13 21:13:48 +02:00
iommu ARM: SoC drivers for 6.3 2023-02-27 10:04:49 -08:00
ipack Driver core changes for 6.3-rc1 2023-02-24 12:58:55 -08:00
irqchip ARM: 2023-02-25 11:30:21 -08:00
isdn mISDN: remove unused vpm_read_address and cpld_read_reg functions 2023-03-24 19:09:57 -07:00
leds - Remove Drivers 2023-02-23 15:09:31 -08:00
macintosh powerpc updates for 6.3 2023-02-25 11:00:06 -08:00
mailbox mailbox: qcom-apcs-ipc: add IPQ5332 APSS clock support 2023-02-23 14:47:13 -06:00
mcb
md dm: fix __send_duplicate_bios() to always allow for splitting IO 2023-03-30 15:54:32 -04:00
media media: m5mols: fix off-by-one loop termination error 2023-03-18 11:07:15 -07:00
memory memory: tegra30-emc: fix interconnect registration race 2023-03-13 21:13:49 +02:00
memstick MMC core: 2023-02-27 09:47:26 -08:00
message
mfd mfd: ocelot: add ocelot-serdes capability 2023-03-20 09:08:48 +00:00
misc misc: ad525x_dpot-i2c: Convert to i2c's .probe_new() 2023-03-09 21:58:45 +01:00
mmc mmc: dw_mmc-starfive: Fix initialization of prev_err 2023-03-09 15:33:51 +01:00
most
mtd Raw NAND controller driver fixes: 2023-03-27 09:41:17 -07:00
mux
net wifi: mac80211_hwsim: fix potential NULL deref in hwsim_pmsr_report_nl() 2023-04-11 15:36:38 +02:00
nfc Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-03-17 16:29:25 -07:00
ntb
nubus
nvdimm virtio,vhost,vdpa: features, fixes 2023-02-25 11:48:02 -08:00
nvme nvme: send Identify with CNS 06h only to I/O controllers 2023-03-22 09:17:52 +01:00
nvmem nvmem: core: return -ENOENT if nvmem cell is not found 2023-03-10 10:55:49 +01:00
of IOMMU Updates for Linux v6.3: 2023-02-24 13:40:13 -08:00
opp
parisc
parport Char/Misc and other driver subsystem changes for 6.3-rc1 2023-02-24 12:47:33 -08:00
pci PCI: s390: Fix use-after-free of PCI resources with per-function hotplug 2023-03-13 09:15:11 +01:00
pcmcia Driver core changes for 6.3-rc1 2023-02-24 12:58:55 -08:00
peci
perf RISC-V Patches for the 6.3 Merge Window, Part 2 2023-03-03 09:32:51 -08:00
phy phy: phy-ocelot-serdes: add ability to be used in a non-syscon configuration 2023-03-20 09:08:48 +00:00
pinctrl ARM: SoC drivers for 6.3 2023-02-27 10:04:49 -08:00
platform platform-drivers-x86 for v6.3-3 2023-03-27 09:45:39 -07:00
pnp
power power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition 2023-03-12 23:28:04 +01:00
powercap More power management updates for 6.3-rc1 2023-03-03 10:30:58 -08:00
pps
ps3
ptp Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-03-30 14:43:03 -07:00
pwm
rapidio
ras
regulator regulator: Fixes for v6.3 2023-03-02 09:21:25 -08:00
remoteproc ARM: SoC drivers for 6.3 2023-02-27 10:04:49 -08:00
reset
rpmsg rpmsg updates for v6.3 2023-02-26 12:10:28 -08:00
rtc RTC for 6.3 2023-03-03 09:15:50 -08:00
s390 Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-03-30 14:43:03 -07:00
sbus
scsi net: introduce a config option to tweak MAX_SKB_FRAGS 2023-03-27 19:29:22 -07:00
sh sh updates for v6.3 2023-03-01 09:44:22 -08:00
siox
slimbus
soc soc: qcom: rmtfs: handle optional qcom,vmid correctly 2023-03-06 20:13:06 -08:00
soundwire soundwire updates for 6.3 2023-02-24 17:29:52 -08:00
spi spi: Fixes for v6.3 2023-03-02 09:25:38 -08:00
spmi
ssb
staging staging: r8188eu: delete driver 2023-03-09 10:06:28 +01:00
target scsi: target: iscsi: Fix an error message in iscsi_check_key() 2023-03-06 16:50:42 -05:00
tc
tee AMDTEE fix race condition in amdtee_open_session() 2023-03-17 15:30:31 +01:00
thermal Merge branch 'thermal-acpi' 2023-03-24 17:11:27 +01:00
thunderbolt thunderbolt: Rename shadowed variables bit to interrupt_bit and auto_clear_bit 2023-03-20 19:00:58 +02:00
tty xen: branch for v6.3-rc4 2023-03-24 09:44:43 -07:00
ufs scsi: ufs: mcq: Use active_reqs to check busy in clock scaling 2023-03-09 21:09:28 -05:00
uio - Daniel Verkamp has contributed a memfd series ("mm/memfd: add 2023-02-23 17:09:35 -08:00
usb Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-03-30 14:43:03 -07:00
vdpa vdpa_sim: set last_used_idx as last_avail_idx in vdpasim_queue_ready 2023-03-13 02:29:12 -04:00
vfio vfio/mlx5: Fix the report of dirty_bytes upon pre-copy 2023-03-13 12:50:59 -06:00
vhost vsock: support sockmap 2023-03-29 08:19:38 +01:00
video fbdev updates for kernel 6.3-rc3: 2023-03-18 16:01:34 -07:00
virt virt/coco/sev-guest: Add throttling awareness 2023-03-13 13:29:27 +01:00
virtio virtio,vhost,vdpa: features, fixes 2023-02-25 11:48:02 -08:00
vlynq
w1 w1: ds2482: Convert to i2c's .probe_new() 2023-03-09 21:58:57 +01:00
watchdog linux-watchdog 6.3-rc1 tag 2023-03-02 11:12:01 -08:00
xen xen: branch for v6.3-rc3 2023-03-17 10:45:49 -07:00
zorro
Kconfig
Makefile Kbuild updates for v6.3 2023-02-26 11:53:25 -08:00