| Message ID | 158072584492.743488.4616022353630142921.stgit@warthog.procyon.org.uk |
|---|---|
| Headers | show |
| Series | rxrpc: Fixes ver #2 | expand |
On Mon, 03 Feb 2020 10:30:45 +0000, David Howells wrote: > Here are a number of fixes for AF_RXRPC: > > (1) Fix a potential use after free in rxrpc_put_local() where it was > accessing the object just put to get tracing information. > > (2) Fix insufficient notifications being generated by the function that > queues data packets on a call. This occasionally causes recvmsg() to > stall indefinitely. > > (3) Fix a number of packet-transmitting work functions to hold an active > count on the local endpoint so that the UDP socket doesn't get > destroyed whilst they're calling kernel_sendmsg() on it. > > (4) Fix a NULL pointer deref that stemmed from a call's connection pointer > being cleared when the call was disconnected. > > Changes: > > v2: Removed a couple of BUG() statements that got added. > > The patches are tagged here: > > git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git > rxrpc-fixes-20200130 Thank you David! I pulled rxrpc-fixes-20200202 since that tag seems to correspond to the patches on the mailing list. Should I queue these for stable? There are some fixes to fixes here, so AFAIK we need: 5273a191dca65a675dc0bcf3909e59c6933e2831 4.9+ 04d36d748fac349b068ef621611f454010054c58 4.19+ f71dbf2fb28489a79bde0dca1c8adfb9cdb20a6b 4.9+ fac20b9e738523fc884ee3ea5be360a321cd8bad 4.19+
Jakub Kicinski <kuba@kernel.org> wrote: > I pulled rxrpc-fixes-20200202 since that tag seems to correspond to > the patches on the mailing list. Sorry, yes - I forgot to change that. > Should I queue these for stable? There are some fixes to fixes here, > so AFAIK we need: > > 5273a191dca65a675dc0bcf3909e59c6933e2831 4.9+ > 04d36d748fac349b068ef621611f454010054c58 4.19+ > f71dbf2fb28489a79bde0dca1c8adfb9cdb20a6b 4.9+ > fac20b9e738523fc884ee3ea5be360a321cd8bad 4.19+ Yes, please. DaveM asked me not to put stable tags in my net patches, IIRC, as his scripts do that automagically. David
On Mon, 03 Feb 2020 19:38:54 +0000, David Howells wrote: > Jakub Kicinski <kuba@kernel.org> wrote: > > Should I queue these for stable? There are some fixes to fixes here, > > so AFAIK we need: > > > > 5273a191dca65a675dc0bcf3909e59c6933e2831 4.9+ > > 04d36d748fac349b068ef621611f454010054c58 4.19+ > > f71dbf2fb28489a79bde0dca1c8adfb9cdb20a6b 4.9+ > > fac20b9e738523fc884ee3ea5be360a321cd8bad 4.19+ > > Yes, please. DaveM asked me not to put stable tags in my net patches, IIRC, > as his scripts do that automagically. Yup, I'll queue these up.
Here are a number of fixes for AF_RXRPC: (1) Fix a potential use after free in rxrpc_put_local() where it was accessing the object just put to get tracing information. (2) Fix insufficient notifications being generated by the function that queues data packets on a call. This occasionally causes recvmsg() to stall indefinitely. (3) Fix a number of packet-transmitting work functions to hold an active count on the local endpoint so that the UDP socket doesn't get destroyed whilst they're calling kernel_sendmsg() on it. (4) Fix a NULL pointer deref that stemmed from a call's connection pointer being cleared when the call was disconnected. Changes: v2: Removed a couple of BUG() statements that got added. The patches are tagged here: git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git rxrpc-fixes-20200130 and can also be found on the following branch: http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=rxrpc-fixes David --- David Howells (4): rxrpc: Fix use-after-free in rxrpc_put_local() rxrpc: Fix insufficient receive notification generation rxrpc: Fix missing active use pinning of rxrpc_local object rxrpc: Fix NULL pointer deref due to call->conn being cleared on disconnect net/rxrpc/af_rxrpc.c | 2 ++ net/rxrpc/ar-internal.h | 11 +++++++++++ net/rxrpc/call_object.c | 4 ++-- net/rxrpc/conn_client.c | 3 +-- net/rxrpc/conn_event.c | 30 ++++++++++++++++++++---------- net/rxrpc/conn_object.c | 4 ++-- net/rxrpc/input.c | 6 ++---- net/rxrpc/local_object.c | 23 +++++++++++------------ net/rxrpc/output.c | 27 +++++++++------------------ net/rxrpc/peer_event.c | 42 +++++++++++++++++++++++------------------- 10 files changed, 83 insertions(+), 69 deletions(-)