vsock: Fix transport_{g2h,h2g} TOCTOU - kernel/linux.git

diff options

author	Michal Luczaj <mhal@rbox.co>	2025-07-03 18:18:18 +0300
committer	Jakub Kicinski <kuba@kernel.org>	2025-07-08 18:39:49 +0300
commit	209fd720838aaf1420416494c5505096478156b4 (patch)
tree	575d260136f9c8eba0c34ca9492294ac8f2b18ba /scripts/gdb/linux/xarray.py
parent	95a234f6affbf51f06338383537ab80d637bb785 (diff)
download	linux-209fd720838aaf1420416494c5505096478156b4.tar.xz

vsock: Fix transport_{g2h,h2g} TOCTOU

vsock_find_cid() and vsock_dev_do_ioctl() may race with module unload. transport_{g2h,h2g} may become NULL after the NULL check. Introduce vsock_transport_local_cid() to protect from a potential null-ptr-deref. KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] RIP: 0010:vsock_find_cid+0x47/0x90 Call Trace: __vsock_bind+0x4b2/0x720 vsock_bind+0x90/0xe0 __sys_bind+0x14d/0x1e0 __x64_sys_bind+0x6e/0xc0 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] RIP: 0010:vsock_dev_do_ioctl.isra.0+0x58/0xf0 Call Trace: __x64_sys_ioctl+0x12d/0x190 do_syscall_64+0x92/0x1c0 entry_SYSCALL_64_after_hwframe+0x4b/0x53 Fixes: c0cfa2d8a788 ("vsock: add multi-transports support") Suggested-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Signed-off-by: Michal Luczaj <mhal@rbox.co> Link: https://patch.msgid.link/20250703-vsock-transports-toctou-v4-1-98f0eb530747@rbox.co Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Diffstat (limited to 'scripts/gdb/linux/xarray.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: