Star64_linux/net
Oliver Hartkopp f097268724 can: raw: add missing refcount for memory leak fix
commit c275a176e4 upstream.

Commit ee8b94c851 ("can: raw: fix receiver memory leak") introduced
a new reference to the CAN netdevice that has assigned CAN filters.
But this new ro->dev reference did not maintain its own refcount which
lead to another KASAN use-after-free splat found by Eric Dumazet.

This patch ensures a proper refcount for the CAN nedevice.

Fixes: ee8b94c851 ("can: raw: fix receiver memory leak")
Reported-by: Eric Dumazet <edumazet@google.com>
Cc: Ziyang Xuan <william.xuanziyang@huawei.com>
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Link: https://lore.kernel.org/r/20230821144547.6658-3-socketcan@hartkopp.net
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-09-05 01:25:11 +08:00
..
6lowpan 6lowpan: iphc: Fix an off-by-one check of array index 2021-07-22 16:19:03 +02:00
9p 9p/xen : Fix use after free bug in xen_9pfs_front_remove due to race condition 2023-06-06 18:04:53 +08:00
802 mrp: introduce active flags to prevent UAF when applicant uninit 2023-04-19 17:58:01 +08:00
8021q vlan: fix a potential uninit-value in vlan_dev_hard_start_xmit() 2023-06-06 18:39:39 +08:00
appletalk net: socket: rework compat_ifreq_ioctl() 2021-07-23 14:20:25 +01:00
atm atm: hide unused procfs functions 2023-08-20 15:21:07 +08:00
ax25 net: ax25: Fix deadlock caused by skb_recv_datagram in ax25_recvmsg 2023-04-19 17:50:34 +08:00
batman-adv batman-adv: Hold rtnl lock during MTU update via netlink 2023-09-05 01:25:08 +08:00
bluetooth Bluetooth: L2CAP: Fix use-after-free 2023-08-28 23:26:56 +08:00
bpf bpf: Move skb->len == 0 checks into __bpf_redirect 2023-04-19 17:57:24 +08:00
bpfilter bpfilter: Specify the log level for the kmsg message 2021-06-25 13:13:50 +02:00
bridge bridge: Add extack warning when enabling STP in netns. 2023-08-20 16:01:11 +08:00
caif net: caif: Fix use-after-free in cfusbl_device_notify() 2023-04-19 18:00:42 +08:00
can can: raw: add missing refcount for memory leak fix 2023-09-05 01:25:11 +08:00
ceph libceph: fix potential hang in ceph_osdc_notify() 2023-08-20 16:01:35 +08:00
core rtnetlink: Reject negative ifindexes in RTM_NEWLINK 2023-09-05 01:25:06 +08:00
dcb net: dcb: choose correct policy to parse DCB_ATTR_BCN 2023-08-20 16:01:33 +08:00
dccp dccp: annotate data-races in dccp_poll() 2023-09-05 01:25:05 +08:00
dns_resolver net: remove redundant 'depends on NET' 2021-01-27 17:04:12 -08:00
dsa net: dsa: tag_sja1105: fix MAC DA patching from meta frames 2023-08-20 15:24:47 +08:00
ethernet move netdev_boot_setup into Space.c 2021-08-03 13:05:26 +01:00
ethtool ethtool: Fix uninitialized number of lanes 2023-06-06 18:37:45 +08:00
hsr hsr: ratelimit only when errors are printed 2023-04-19 18:01:17 +08:00
ieee802154 net: ieee802154: fix error return code in dgram_bind() 2023-04-19 17:55:49 +08:00
ife net: remove redundant 'depends on NET' 2021-01-27 17:04:12 -08:00
ipv4 net: fix the RTO timer retransmitting skb every 1ms if linear option is enabled 2023-08-28 23:27:06 +08:00
ipv6 ip6_vti: fix slab-use-after-free in decode_session6 2023-08-28 23:27:01 +08:00
iucv net/iucv: Fix size of interrupt data 2023-04-19 18:00:52 +08:00
kcm kcm: close race conditions on sk_receive_queue 2023-04-19 17:56:29 +08:00
key net: af_key: fix sadb_x_filter validation 2023-08-28 23:27:01 +08:00
l2tp inet6: Remove inet6_destroy_sock() in sk->sk_prot->destroy(). 2023-06-06 18:06:46 +08:00
l3mdev l3mdev: l3mdev_master_upper_ifindex_by_index_rcu should be using netdev_master_upper_dev_get_rcu 2023-04-19 17:48:10 +08:00
lapb net: lapb: Use list_for_each_entry() to simplify code in lapb_iface.c 2021-06-08 16:31:25 -07:00
llc llc: Don't drop packet from non-root netns. 2023-08-20 16:01:12 +08:00
mac80211 wifi: mac80211: simplify chanctx allocation 2023-08-20 15:21:06 +08:00
mac802154 mac802154: fix missing INIT_LIST_HEAD in ieee802154_if_add() 2023-04-19 17:57:01 +08:00
mctp net: mctp: purge receive queues on sk destruction 2023-04-19 17:59:07 +08:00
mpls net: mpls: fix stale pointer if allocation fails during device rename 2023-04-19 17:59:29 +08:00
mptcp mptcp: consolidate fallback and non fallback state machine 2023-08-20 15:24:10 +08:00
ncsi net/ncsi: change from ndo_set_mac_address to dev_set_mac_address 2023-09-05 01:25:07 +08:00
netfilter netfilter: nf_tables: fix out of memory error handling 2023-09-05 01:25:06 +08:00
netlabel netlabel: fix out-of-bounds memory accesses 2023-04-19 17:47:40 +08:00
netlink netlink: Add __sock_i_ino() for __netlink_diag_dump(). 2023-08-20 15:24:23 +08:00
netrom netrom: fix info-leak in nr_write_internal() 2023-08-20 15:21:00 +08:00
nfc net: nfc: Fix use-after-free caused by nfc_llcp_find_local 2023-08-20 15:24:23 +08:00
nsh net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() 2023-06-06 18:39:38 +08:00
openvswitch net: openvswitch: fix possible memory leak in ovs_meter_cmd_set() 2023-04-19 17:59:29 +08:00
packet net/packet: annotate data-races around tp->status 2023-08-20 16:01:42 +08:00
phonet phonet: refcount leak in pep_sock_accep 2023-04-19 17:43:37 +08:00
psample psample: Add additional metadata attributes 2021-03-14 15:00:43 -07:00
qrtr net: qrtr: Fix an uninit variable access bug in qrtr_tx_resume() 2023-06-06 18:04:57 +08:00
rds rds: rds_rm_zerocopy_callback() correct order for list_add_tail() 2023-04-19 17:59:48 +08:00
rfkill rfkill: make new event layout opt-in 2023-04-19 17:46:36 +08:00
rose net/rose: Fix to not accept on connected socket 2023-04-19 17:59:24 +08:00
rxrpc rxrpc: Fix hard call timeout units 2023-06-06 18:37:45 +08:00
sched net/sched: fix a qdisc modification with ambiguous command request 2023-09-05 01:25:06 +08:00
sctp sock: annotate data-races around prot->memory_pressure 2023-09-05 01:25:05 +08:00
smc net/smc: Avoid to access invalid RMBs' MRs in SMCRv1 ADD LINK CONT 2023-08-20 15:21:24 +08:00
strparser bpf: sockmap, strparser, and tls are reusing qdisc_skb_cb and colliding 2023-04-19 16:57:51 +08:00
sunrpc xprtrdma: Remap Receive buffers after a reconnect 2023-09-05 01:25:03 +08:00
switchdev net: make switchdev_bridge_port_{,unoffload} loosely coupled with the bridge 2021-08-04 12:35:07 +01:00
tipc tipc: stop tipc crypto on failure in tipc_node_create 2023-08-20 16:01:21 +08:00
tls net: tls: avoid discarding data on record close 2023-08-28 23:26:54 +08:00
unix af_unix: Fix null-ptr-deref in unix_stream_sendpage(). 2023-08-28 23:27:06 +08:00
vmw_vsock vsock: avoid to close connected socket after the timeout 2023-06-06 18:39:36 +08:00
wireless wifi: cfg80211: Fix return value in scan logic 2023-08-20 16:01:31 +08:00
x25 net/x25: Fix to not accept on connected socket 2023-04-19 17:59:13 +08:00
xdp xsk: fix refcount underflow in error path 2023-08-20 16:01:42 +08:00
xfrm xfrm: add forgotten nla_policy for XFRMA_MTIMER_THRESH 2023-08-28 23:27:02 +08:00
compat.c net: Return the correct errno code 2021-06-03 15:13:56 -07:00
devres.c net: devres: Correct a grammatical error 2021-06-11 12:55:28 -07:00
Kconfig Remove DECnet support from kernel 2023-08-20 15:23:42 +08:00
Makefile Remove DECnet support from kernel 2023-08-20 15:23:42 +08:00
socket.c net: annotate sk->sk_err write from do_recvmmsg() 2023-06-06 18:39:25 +08:00
sysctl_net.c net: Ensure net namespace isolation of sysctls 2021-04-12 13:27:11 -07:00