redonkable/remarkable-linux
redonkable/remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/net/ipv4
History
Li RongQing 6d35430fda tcp: release sk_frag.page in tcp_disconnect 
[ Upstream commit 9b42d55a66 ]

socket can be disconnected and gets transformed back to a listening
socket, if sk_frag.page is not released, which will be cloned into
a new socket by sk_clone_lock, but the reference count of this page
is increased, lead to a use after free or double free issue

Signed-off-by: Li RongQing <lirongqing@baidu.com>
Cc: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-02-13 10:19:47 +01:00
..
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-11-03 09:09:21 -07:00
af_inet.c net: accept UFO datagrams from tuntap and packet 2017-12-17 15:07:58 +01:00
ah4.c
arp.c ipv4: Make neigh lookup keys for loopback/point-to-point devices be INADDR_ANY 2018-01-31 14:03:44 +01:00
cipso_ipv4.c tcp/dccp: fix ireq->opt races 2017-10-21 01:33:19 +01:00
datagram.c
devinet.c ipv4: igmp: guard against silly MTU values 2018-01-02 20:31:06 +01:00
esp4.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
esp4_offload.c gso: validate gso_type in GSO handlers 2018-01-31 14:03:47 +01:00
fib_frontend.c ipv4: Fix use-after-free when flushing FIB tables 2018-01-02 20:31:09 +01:00
fib_lookup.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fib_notifier.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
fib_rules.c
fib_semantics.c ipv4: fib: Fix metrics match when deleting a route 2018-01-02 20:31:12 +01:00
fib_trie.c
fou.c
gre_demux.c
gre_offload.c gso: fix payload length when gso_size is zero 2017-10-08 10:12:15 -07:00
icmp.c icmp: don't fail on fragment reassembly time exceeded 2017-12-20 10:10:37 +01:00
igmp.c net: igmp: add a missing rcu locking section 2018-02-13 10:19:47 +01:00
inet_connection_sock.c tcp/dccp: fix other lockdep splats accessing ireq_opt 2017-10-26 17:41:32 +09:00
inet_diag.c inet_diag: allow protocols to provide additional data 2017-09-01 18:38:09 -07:00
inet_fragment.c Revert "net: use lib/percpu_counter API for fragmentation mem accounting" 2017-09-03 11:01:05 -07:00
inet_hashtables.c soreuseport: fix initialization race 2017-10-22 02:03:51 +01:00
inet_timewait_sock.c
inetpeer.c inetpeer: fix RCU lookup() again 2017-09-28 09:39:34 -07:00
ip_forward.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ip_fragment.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ip_gre.c ip_gre: check packet length and mtu correctly in erspan tx 2017-12-25 14:26:27 +01:00
ip_input.c IPv4: early demux can return an error code 2017-10-01 03:55:47 +01:00
ip_options.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ip_output.c
ip_sockglue.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ip_tunnel.c ipv4: igmp: guard against silly MTU values 2018-01-02 20:31:06 +01:00
ip_tunnel_core.c
ip_vti.c vti: fix use after free in vti_tunnel_xmit/vti6_tnl_xmit 2017-09-26 09:58:21 -07:00
ipcomp.c
ipconfig.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
ipip.c ipip: only increase err_count for some certain type icmp in ipip_err 2017-10-27 23:43:31 +09:00
ipmr.c
Kconfig ip: update policy routing config help 2017-10-12 22:57:11 -07:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
netfilter.c
ping.c
proc.c tcp: Revert "tcp: remove header prediction" 2017-08-30 11:20:09 -07:00
protocol.c
raw.c net: ipv4: fix for a race condition in raw_sendmsg 2018-01-02 20:31:08 +01:00
raw_diag.c
route.c net: ipv4: Make "ip route get" match iif lo rules again. 2018-01-31 14:03:49 +01:00
syncookies.c tcp/dccp: fix ireq->opt races 2017-10-21 01:33:19 +01:00
sysctl_net_ipv4.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tcp.c tcp: release sk_frag.page in tcp_disconnect 2018-02-13 10:19:47 +01:00
tcp_bbr.c tcp_bbr: reset long-term bandwidth sampling on loss recovery undo 2018-01-02 20:31:07 +01:00
tcp_bic.c
tcp_cdg.c
tcp_cong.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-09-01 17:42:05 -07:00
tcp_cubic.c
tcp_dctcp.c
tcp_diag.c tcp_diag: report TCP MD5 signing keys and addresses 2017-09-01 18:38:09 -07:00
tcp_fastopen.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c
tcp_input.c tcp: fix potential underestimation on rcv_rtt 2018-01-02 20:31:11 +01:00
tcp_ipv4.c tcp md5sig: Use skb's saddr when replying to an incoming segment 2018-01-02 20:31:07 +01:00
tcp_lp.c
tcp_metrics.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tcp_minisocks.c tcp/dccp: block bh before arming time_wait timer 2017-12-17 15:07:57 +01:00
tcp_nv.c tcp_nv: fix division by zero in tcpnv_acked() 2017-11-02 16:16:27 +09:00
tcp_offload.c gso: validate gso_type in GSO handlers 2018-01-31 14:03:47 +01:00
tcp_output.c tcp: when scheduling TLP, time of RTO should account for current ACK 2017-12-17 15:07:58 +01:00
tcp_probe.c
tcp_rate.c tcp: invalidate rate samples during SACK reneging 2018-01-02 20:31:09 +01:00
tcp_recovery.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tcp_scalable.c
tcp_timer.c net: tcp: close sock if net namespace is exiting 2018-01-31 14:03:45 +01:00
tcp_ulp.c
tcp_vegas.c tcp: fix under-evaluated ssthresh in TCP Vegas 2017-12-25 14:26:30 +01:00
tcp_vegas.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
tcp_veno.c
tcp_westwood.c tcp: Revert "tcp: remove CA_ACK_SLOWPATH" 2017-08-30 11:20:08 -07:00
tcp_yeah.c
tunnel4.c
udp.c soreuseport: fix initialization race 2017-10-22 02:03:51 +01:00
udp_diag.c
udp_impl.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
udp_offload.c gso: validate gso_type in GSO handlers 2018-01-31 14:03:47 +01:00
udp_tunnel.c
udplite.c
xfrm4_input.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c
xfrm4_policy.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm4_protocol.c
xfrm4_state.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm4_tunnel.c