1. 21 Aug, 2021 21 commits
  2. 06 Aug, 2021 1 commit
  3. 01 Aug, 2021 2 commits
  4. 28 Jul, 2021 1 commit
  5. 26 Jul, 2021 12 commits
  6. 25 Jul, 2021 3 commits
    • Xin Long's avatar
      tipc: fix an use-after-free issue in tipc_recvmsg · cc19862f
      Xin Long authored
      syzbot reported an use-after-free crash:
      
        BUG: KASAN: use-after-free in tipc_recvmsg+0xf77/0xf90 net/tipc/socket.c:1979
        Call Trace:
         tipc_recvmsg+0xf77/0xf90 net/tipc/socket.c:1979
         sock_recvmsg_nosec net/socket.c:943 [inline]
         sock_recvmsg net/socket.c:961 [inline]
         sock_recvmsg+0xca/0x110 net/socket.c:957
         tipc_conn_rcv_from_sock+0x162/0x2f0 net/tipc/topsrv.c:398
         tipc_conn_recv_work+0xeb/0x190 net/tipc/topsrv.c:421
         process_one_work+0x98d/0x1630 kernel/workqueue.c:2276
         worker_thread+0x658/0x11f0 kernel/workqueue.c:2422
      
      As Hoang pointed out, it was caused by skb_cb->bytes_read still accessed
      after calling tsk_advance_rx_queue() to free the skb in tipc_recvmsg().
      
      This patch is to fix it by accessing skb_cb->bytes_read earlier than
      calling tsk_advance_rx_queue().
      
      Fixes: f4919ff5 ("tipc: keep the skb in rcv queue until the whole data is read")
      Reported-by: syzbot+e6741b97d5552f97c24d@syzkaller.appspotmail.com
      Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
      Acked-by: default avatarJon Maloy <jmaloy@redhat.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      cc19862f
    • David S. Miller's avatar
      Merge branch 'nfc-const' · 0e804326
      David S. Miller authored
      Krzysztof Kozlowski says:
      
      ====================
      nfc: constify data structures
      
      Constify pointers to several data structures which are not modified by
      NFC core or by drivers to make it slightly safer.  No functional impact
      expected.
      ====================
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      0e804326
    • Krzysztof Kozlowski's avatar
      nfc: constify nfc_digital_ops · 7186aac9
      Krzysztof Kozlowski authored
      Neither the core nor the drivers modify the passed pointer to struct
      nfc_digital_ops, so make it a pointer to const for correctness and safety.
      Signed-off-by: default avatarKrzysztof Kozlowski <krzysztof.kozlowski@canonical.com>
      Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
      7186aac9