Re: [PATCH net] kcm: Fix use-after-free caused by clonned sockets

From: David Miller
Date: Fri Jun 01 2018 - 10:28:53 EST

Next message: Rob Herring: "Re: [PATCH 1/3] dt-bindings: thermal: Add binding document for SR thermal"
Previous message: Gustavo Pimentel: "[PATCH v3 01/10] PCI: endpoint: Add MSI-X interfaces"
In reply to: Kirill Tkhai: "[PATCH net] kcm: Fix use-after-free caused by clonned sockets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Kirill Tkhai <ktkhai@xxxxxxxxxxxxx>
Date: Fri, 1 Jun 2018 14:30:38 +0300

> (resend for properly queueing in patchwork)
>
> kcm_clone() creates kernel socket, which does not take net counter.
> Thus, the net may die before the socket is completely destructed,
> i.e. kcm_exit_net() is executed before kcm_done().
>
> Reported-by: syzbot+5f1a04e374a635efc426@xxxxxxxxxxxxxxxxxxxxxxxxx
> Signed-off-by: Kirill Tkhai <ktkhai@xxxxxxxxxxxxx>

Applied and queued up for -stable, thanks.

Next message: Rob Herring: "Re: [PATCH 1/3] dt-bindings: thermal: Add binding document for SR thermal"
Previous message: Gustavo Pimentel: "[PATCH v3 01/10] PCI: endpoint: Add MSI-X interfaces"
In reply to: Kirill Tkhai: "[PATCH net] kcm: Fix use-after-free caused by clonned sockets"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]