AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
37ffe9f4d7
kernel_optimize_test/net/can
History
Oleksij Rempel 509ab6bfdd can: j1939: fix Use-after-Free, hold skb ref while in use 
commit 2030043e616cab40f510299f09b636285e0a3678 upstream.

This patch fixes a Use-after-Free found by the syzbot.

The problem is that a skb is taken from the per-session skb queue,
without incrementing the ref count. This leads to a Use-after-Free if
the skb is taken concurrently from the session queue due to a CTS.

Fixes: 9d71dd0c70 ("can: add support of SAE J1939 protocol")
Link: https://lore.kernel.org/r/20210521115720.7533-1-o.rempel@pengutronix.de
Cc: Hillf Danton <hdanton@sina.com>
Cc: linux-stable <stable@vger.kernel.org>
Reported-by: syzbot+220c1a29987a9a490903@syzkaller.appspotmail.com
Reported-by: syzbot+45199c1b73b4013525cf@syzkaller.appspotmail.com
Signed-off-by: Oleksij Rempel <o.rempel@pengutronix.de>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2021-06-23 14:42:50 +02:00
..
j1939 can: j1939: fix Use-after-Free, hold skb ref while in use 2021-06-23 14:42:50 +02:00
af_can.c net: introduce CAN specific pointer in the struct net_device 2021-04-07 15:00:07 +02:00
af_can.h can: introduce CAN midlayer private and allocate it automatically 2019-09-04 13:29:14 +02:00
bcm.c can: bcm/raw/isotp: use per module netdevice notifier 2021-06-23 14:42:50 +02:00
gw.c can: remove obsolete version strings 2020-10-12 10:06:39 +02:00
isotp.c can: bcm/raw/isotp: use per module netdevice notifier 2021-06-23 14:42:50 +02:00
Kconfig can: isotp: Explain PDU in CAN_ISOTP help text 2020-11-03 22:30:31 +01:00
Makefile can: add ISO 15765-2:2016 transport protocol 2020-10-07 23:18:33 +02:00
proc.c net: introduce CAN specific pointer in the struct net_device 2021-04-07 15:00:07 +02:00
raw.c can: bcm/raw/isotp: use per module netdevice notifier 2021-06-23 14:42:50 +02:00