Kernel/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2025-01-01 02:36:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Linux kernel stable tree
1,267,772 Commits 106 Branches 5,180 Tags 6 GiB
C 97.5%
Assembly 1%
Shell 0.6%
Python 0.3%
Makefile 0.3%
b8af8e6118
Go to file
Eric Dumazet b8af8e6118 net: fix __dst_negative_advice() race 
[ Upstream commit 92f1655aa2 ]

__dst_negative_advice() does not enforce proper RCU rules when
sk->dst_cache must be cleared, leading to possible UAF.

RCU rules are that we must first clear sk->sk_dst_cache,
then call dst_release(old_dst).

Note that sk_dst_reset(sk) is implementing this protocol correctly,
while __dst_negative_advice() uses the wrong order.

Given that ip6_negative_advice() has special logic
against RTF_CACHE, this means each of the three ->negative_advice()
existing methods must perform the sk_dst_reset() themselves.

Note the check against NULL dst is centralized in
__dst_negative_advice(), there is no need to duplicate
it in various callbacks.

Many thanks to Clement Lecigne for tracking this issue.

This old bug became visible after the blamed commit, using UDP sockets.

Fixes: a87cb3e48e ("net: Facility to report route quality of connected sockets")
Reported-by: Clement Lecigne <clecigne@google.com>
Diagnosed-by: Clement Lecigne <clecigne@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Tom Herbert <tom@herbertland.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20240528114353.1794151-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-06-12 11:39:55 +02:00
arch riscv: stacktrace: fixed walk_stackframe() 2024-06-12 11:39:42 +02:00
block block: stack max_user_sectors 2024-06-12 11:39:52 +02:00
certs This update includes the following changes: 2023-11-02 16:15:30 -10:00
crypto KEYS: asymmetric: Add missing dependencies of FIPS_SIGNATURE_SELFTEST 2024-05-30 09:44:03 +02:00
Documentation dt-bindings: PCI: rockchip,rk3399-pcie: Add missing maxItems to ep-gpios 2024-06-12 11:39:25 +02:00
drivers inet: introduce dst_rtable() helper 2024-06-12 11:39:55 +02:00
fs cifs: Fix missing set of remote_i_size 2024-06-12 11:39:44 +02:00
include net: fix __dst_negative_advice() race 2024-06-12 11:39:55 +02:00
init printk: Fix LOG_CPU_MAX_BUF_SHIFT when BASE_SMALL is enabled 2024-06-12 11:39:35 +02:00
io_uring io_uring/net: fix sendzc lazy wake polling 2024-05-30 09:44:09 +02:00
ipc sysctl changes for v6.9-rc1 2024-03-18 14:59:13 -07:00
kernel kheaders: use command -v to test for existence of cpio 2024-06-12 11:39:54 +02:00
lib ubsan: Restore dependency on ARCH_HAS_UBSAN 2024-06-12 11:39:38 +02:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
mm mm/userfaultfd: Do not place zeropages when zeropages are disallowed 2024-05-30 09:44:07 +02:00
net net: fix __dst_negative_advice() race 2024-06-12 11:39:55 +02:00
rust rust: remove params from module macro example 2024-04-25 17:34:33 +02:00
samples samples/landlock: Fix incorrect free in populate_ruleset_net 2024-05-30 09:45:01 +02:00
scripts kconfig: fix comparison to constant symbols, 'm', 'n' 2024-06-12 11:39:54 +02:00
security KEYS: trusted: Do not use WARN when encode fails 2024-05-25 16:30:55 +02:00
sound ALSA: seq: Don't clear bank selection at event -> UMP MIDI2 conversion 2024-06-12 11:39:52 +02:00
tools net/sched: taprio: extend minimum interval restriction to entire cycle too 2024-06-12 11:39:53 +02:00
usr Kbuild updates for v6.8 2024-01-18 17:57:07 -08:00
virt KVM: Drop unused @may_block param from gfn_to_pfn_cache_invalidate_start() 2024-04-11 12:58:53 -07:00
.clang-format clang-format: Update with v6.7-rc4's for_each macro list 2023-12-08 23:54:38 +01:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.editorconfig Add .editorconfig file for basic formatting 2023-12-28 16:22:47 +09:00
.get_maintainer.ignore Add Jeff Kirsher to .get_maintainer.ignore 2024-03-08 11:36:54 +00:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore kbuild: create a list of all built DTB files 2024-02-19 18:20:39 +09:00
.mailmap 18 hotfixes, 7 of which are cc:stable. 2024-05-10 14:16:03 -07:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS MAINTAINERS: Drop Gustavo Pimentel as PCI DWC Maintainer 2024-03-27 13:41:02 -05:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS 18 hotfixes, 7 of which are cc:stable. 2024-05-10 14:16:03 -07:00
Makefile Linux 6.9.3 2024-05-30 09:45:04 +02:00
README README: Fix spelling 2024-03-18 03:36:32 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.