Bjorn Andersson 48ec949ac9 net: qrtr: Avoid potential use after free in MHI send ... commit 47a017f339 upstream. It is possible that the MHI ul_callback will be invoked immediately following the queueing of the skb for transmission, leading to the callback decrementing the refcount of the associated sk and freeing the skb. As such the dereference of skb and the increment of the sk refcount must happen before the skb is queued, to avoid the skb to be used after free and potentially the sk to drop its last refcount.. Fixes: 6e728f3213 ("net: qrtr: Add MHI transport layer") Signed-off-by: Bjorn Andersson <bjorn.andersson@linaro.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		2021-05-07 11:04:31 +02:00
..
Kconfig	treewide: replace '---help---' in Kconfig files with 'help'	2020-06-14 01:57:21 +09:00
Makefile	net: qrtr: Add MHI transport layer	2020-05-07 13:21:12 -07:00
mhi.c	net: qrtr: Avoid potential use after free in MHI send	2021-05-07 11:04:31 +02:00
ns.c	net: qrtr: ns: Fix the incorrect usage of rcu_read_lock()	2020-10-06 06:01:35 -07:00
qrtr.c	net: qrtr: Fix memory leak on qrtr_tx_wait failure	2021-04-14 08:42:08 +02:00
qrtr.h	net: qrtr: Fix FIXME related to qrtr_ns_init()	2020-03-03 17:52:21 -08:00
smd.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 284	2019-06-05 17:36:37 +02:00
tun.c	net: qrtr: Fix memory leak in qrtr_tun_open	2021-03-04 11:38:47 +01:00