Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v7.1 2026-03-05T02:18:57+00:00 2026-03-05T02:18:57+00:00 Jakub Kicinski kuba@kernel.org 2026-03-03T16:23:45+00:00 urn:sha1:d793458c45df2aed498d7f74145eab7ee22d25aa In rawsock_release(), cancel any pending tx_work and purge the write queue before orphaning the socket. rawsock_tx_work runs on the system workqueue and calls nfc_data_exchange which dereferences the NCI device. Without synchronization, tx_work can race with socket and device teardown when a process is killed (e.g. by SIGKILL), leading to use-after-free or leaked references. Set SEND_SHUTDOWN first so that if tx_work is already running it will see the flag and skip transmitting, then use cancel_work_sync to wait for any in-progress execution to finish, and finally purge any remaining queued skbs. Fixes: 23b7869c0fd0 ("NFC: add the NFC socket raw protocol") Reviewed-by: Joe Damato <joe@dama.to> Link: https://patch.msgid.link/20260303162346.2071888-6-kuba@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2025-11-05T03:10:32+00:00 Kees Cook kees@kernel.org 2025-11-04T00:26:11+00:00 urn:sha1:85cb0757d7e1f9370a8b52a8b8144c37941cba0a Update all struct proto_ops connect() callback function prototypes from "struct sockaddr *" to "struct sockaddr_unsized *" to avoid lying to the compiler about object sizes. Calls into struct proto handlers gain casts that will be removed in the struct proto conversion patch. No binary changes expected. Signed-off-by: Kees Cook <kees@kernel.org> Link: https://patch.msgid.link/20251104002617.2752303-3-kees@kernel.org Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2022-11-02T11:58:13+00:00 Dmitry Vyukov dvyukov@google.com 2022-10-30T15:03:37+00:00 urn:sha1:7e8cdc97148c6ba66671e88ad9f7d434f4df3438 Add remote KCOV annotations for NFC processing that is done in background threads. This enables efficient coverage-guided fuzzing of the NFC subsystem. The intention is to add annotations to background threads that process skb's that were allocated in syscall context (thus have a KCOV handle associated with the current fuzz test). This includes nci_recv_frame() that is called by the virtual nci driver in the syscall context. Signed-off-by: Dmitry Vyukov <dvyukov@google.com> Cc: Bongsu Jeon <bongsu.jeon@samsung.com> Cc: Krzysztof Kozlowski <krzysztof.kozlowski@linaro.org> Cc: netdev@vger.kernel.org Signed-off-by: David S. Miller <davem@davemloft.net> 2022-04-06T12:45:26+00:00 Oliver Hartkopp socketcan@hartkopp.net 2022-04-04T16:30:22+00:00 urn:sha1:f4b41f062c424209e3939a81e6da022e049a45f2 skb_recv_datagram() has two parameters 'flags' and 'noblock' that are merged inside skb_recv_datagram() by 'flags | (noblock ? MSG_DONTWAIT : 0)' As 'flags' may contain MSG_DONTWAIT as value most callers split the 'flags' into 'flags' and 'noblock' with finally obsolete bit operations like this: skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, flags & MSG_DONTWAIT, &rc); And this is not even done consistently with the 'flags' parameter. This patch removes the obsolete and costly splitting into two parameters and only performs bit operations when really needed on the caller side. One missing conversion thankfully reported by kernel test robot. I missed to enable kunit tests to build the mctp code. Reported-by: kernel test robot <lkp@intel.com> Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> Signed-off-by: David S. Miller <davem@davemloft.net> 2021-08-13T21:09:19+00:00 Changbin Du changbin.du@gmail.com 2021-08-13T14:57:49+00:00 urn:sha1:afa79d08c6c8e1901cb1547591e3ccd3ec6965d9 Replace the obsolete and ambiguos macro in_irq() with new macro in_hardirq(). Signed-off-by: Changbin Du <changbin.du@gmail.com> Link: https://lore.kernel.org/r/20210813145749.86512-1-changbin.du@gmail.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2021-06-29T18:28:21+00:00 Alexander Aring aahringo@redhat.com 2021-06-27T22:48:21+00:00 urn:sha1:e3ae2365efc14269170a6326477e669332271ab3 This patch introduces a function wrapper to call the sk_error_report callback. That will prepare to add additional handling whenever sk_error_report is called, for example to trace socket errors. Signed-off-by: Alexander Aring <aahringo@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2021-05-10T21:21:02+00:00 Jeimon jjjinmeng.zhou@gmail.com 2021-05-08T03:52:30+00:00 urn:sha1:8ab78863e9eff11910e1ac8bcf478060c29b379e The function rawsock_create() calls a privileged function sk_alloc(), which requires a ns-aware check to check net->user_ns, i.e., ns_capable(). However, the original code checks the init_user_ns using capable(). So we replace the capable() with ns_capable(). Signed-off-by: Jeimon <jjjinmeng.zhou@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2021-01-23T21:34:35+00:00 Pan Bian bianpan2016@163.com 2021-01-21T15:27:48+00:00 urn:sha1:3a30537cee233fb7da302491b28c832247d89bbe Goto to the label put_dev instead of the label error to fix potential resource leak on path that the target index is invalid. Fixes: c4fbb6515a4d ("NFC: The core part should generate the target index") Signed-off-by: Pan Bian <bianpan2016@163.com> Link: https://lore.kernel.org/r/20210121152748.98409-1-bianpan2016@163.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> 2020-08-11T17:34:30+00:00 Qingyu Li ieatmuttonchuan@gmail.com 2020-08-10T01:51:00+00:00 urn:sha1:26896f01467a28651f7a536143fe5ac8449d4041 When creating a raw AF_NFC socket, CAP_NET_RAW needs to be checked first. Signed-off-by: Qingyu Li <ieatmuttonchuan@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> 2020-07-20T01:16:41+00:00 Christoph Hellwig hch@lst.de 2020-07-17T06:23:31+00:00 urn:sha1:a44d9e72100f7044ac46e4e6dc475f5b4097830f Just check for a NULL method instead of wiring up sock_no_{get,set}sockopt. Signed-off-by: Christoph Hellwig <hch@lst.de> Acked-by: Marc Kleine-Budde <mkl@pengutronix.de> Signed-off-by: David S. Miller <davem@davemloft.net>