| Message ID | 157044333551.32635.10133219357337058780.stgit@warthog.procyon.org.uk |
|---|---|
| Headers | show |
| Series | rxrpc: Syzbot-inspired fixes | expand |
From: David Howells <dhowells@redhat.com> Date: Mon, 07 Oct 2019 11:15:35 +0100 > > Here's a series of patches that fix a number of issues found by syzbot: > > (1) A reference leak on rxrpc_call structs in a sendmsg error path. > > (2) A tracepoint that looked in the rxrpc_peer record after putting it. > > Analogous with this, though not presently detected, the same bug is > also fixed in relation to rxrpc_connection and rxrpc_call records. > > (3) Peer records don't pin local endpoint records, despite accessing them. > > (4) Access to connection crypto ops to clean up a call after the call's > ref on that connection has been put. > > The patches are tagged here: > > git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git > rxrpc-fixes-20191007 Pulled, thanks David.
Here's a series of patches that fix a number of issues found by syzbot: (1) A reference leak on rxrpc_call structs in a sendmsg error path. (2) A tracepoint that looked in the rxrpc_peer record after putting it. Analogous with this, though not presently detected, the same bug is also fixed in relation to rxrpc_connection and rxrpc_call records. (3) Peer records don't pin local endpoint records, despite accessing them. (4) Access to connection crypto ops to clean up a call after the call's ref on that connection has been put. The patches are tagged here: git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git rxrpc-fixes-20191007 and can also be found on the following branch: http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=rxrpc-fixes David --- David Howells (6): rxrpc: Fix call ref leak rxrpc: Fix trace-after-put looking at the put peer record rxrpc: Fix trace-after-put looking at the put connection record rxrpc: Fix trace-after-put looking at the put call record rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record rxrpc: Fix call crypto state cleanup include/trace/events/rxrpc.h | 18 +++++++++--------- net/rxrpc/ar-internal.h | 1 + net/rxrpc/call_accept.c | 5 +++-- net/rxrpc/call_object.c | 34 ++++++++++++++++++++-------------- net/rxrpc/conn_client.c | 9 +++++++-- net/rxrpc/conn_object.c | 13 +++++++------ net/rxrpc/conn_service.c | 2 +- net/rxrpc/peer_object.c | 16 ++++++++++------ net/rxrpc/recvmsg.c | 6 +++--- net/rxrpc/sendmsg.c | 3 ++- 10 files changed, 63 insertions(+), 44 deletions(-)