public-mirrors/linux
1
0
Fork 0
mirror of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2025-11-01 09:13:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
linux/net/smc
History
Eric Biggers d49baa7e12 net/smc: check for missing nlattrs in SMC_PNETID messages 
It's possible to crash the kernel in several different ways by sending
messages to the SMC_PNETID generic netlink family that are missing the
expected attributes:

- Missing SMC_PNETID_NAME => null pointer dereference when comparing
  names.
- Missing SMC_PNETID_ETHNAME => null pointer dereference accessing
  smc_pnetentry::ndev.
- Missing SMC_PNETID_IBNAME => null pointer dereference accessing
  smc_pnetentry::smcibdev.
- Missing SMC_PNETID_IBPORT => out of bounds array access to
  smc_ib_device::pattr[-1].

Fix it by validating that all expected attributes are present and that
SMC_PNETID_IBPORT is nonzero.

Reported-by: syzbot+5cd61039dc9b8bfa6e47@syzkaller.appspotmail.com
Fixes: 6812baabf2 ("smc: establish pnet table management")
Cc: <stable@vger.kernel.org> # v4.11+
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2018-05-14 16:40:45 -04:00
..
af_smc.c smc: fix sendpage() call 2018-05-03 14:47:31 -04:00
Kconfig
Makefile
smc.h net/smc: enable ipv6 support for smc 2018-03-16 14:57:26 -04:00
smc_cdc.c net/smc: use a constant for control message length 2018-02-28 12:30:25 -05:00
smc_cdc.h net/smc: get rid of tx_pend waits in socket closing 2018-01-24 10:52:57 -05:00
smc_clc.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-04-01 19:49:34 -04:00
smc_clc.h net/smc: add ipv6 support to CLC layer 2018-03-16 14:57:25 -04:00
smc_close.c net/smc: simplify wait when closing listen socket 2018-03-15 09:49:13 -04:00
smc_close.h net/smc: replace sock_put worker by socket refcounting 2018-01-26 10:41:56 -05:00
smc_core.c net/smc: handle unregistered buffers 2018-05-03 14:47:31 -04:00
smc_core.h net/smc: handle unregistered buffers 2018-05-03 14:47:31 -04:00
smc_diag.c net/smc: check for healthy link group resp. connections 2018-01-25 16:10:42 -05:00
smc_ib.c net/smc: pay attention to MAX_ORDER for CQ entries 2018-03-14 13:40:44 -04:00
smc_ib.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
smc_llc.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2018-03-06 01:20:46 -05:00
smc_llc.h net/smc: process add/delete link messages 2018-03-01 13:21:31 -05:00
smc_pnet.c net/smc: check for missing nlattrs in SMC_PNETID messages 2018-05-14 16:40:45 -04:00
smc_pnet.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
smc_rx.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
smc_rx.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
smc_tx.c vfs: do bulk POLL* -> EPOLL* replacement 2018-02-11 14:34:03 -08:00
smc_tx.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
smc_wr.c net/smc: check for healthy link group resp. connections 2018-01-25 16:10:42 -05:00
smc_wr.h net/smc: pay attention to MAX_ORDER for CQ entries 2018-03-14 13:40:44 -04:00