summaryrefslogtreecommitdiff
path: root/block/blk-core.c
diff options
context:
space:
mode:
authorDavid S. Miller <davem@davemloft.net>2018-02-26 20:20:37 +0300
committerDavid S. Miller <davem@davemloft.net>2018-02-26 20:20:37 +0300
commit44e524cf8a8c0a8dc3d8256006d57b1d7d59c407 (patch)
tree8b2d75b2e1b0cdb59300f3cf877fe2de1b619866 /block/blk-core.c
parent9cb9c07d6b0c5fd97d83b8ab14d7e308ba4b612f (diff)
parent28f5bfb819195ad9c2eb9486babe7b0e4efe925f (diff)
downloadlinux-44e524cf8a8c0a8dc3d8256006d57b1d7d59c407.tar.xz
Merge branch 'l2tp-fix-API-races-discovered-by-syzbot'
James Chapman says: ==================== l2tp: fix API races discovered by syzbot This patch series addresses several races with L2TP APIs discovered by syzbot. There are no functional changes. The set of patches 1-5 in combination fix the following syzbot reports. 19c09769f WARNING in debug_print_object 347bd5acd KASAN: use-after-free Read in inet_shutdown 6e6a5ec8d general protection fault in pppol2tp_connect 9df43faf0 KASAN: use-after-free Read in pppol2tp_connect My first attempts to fix these issues were as net-next patches but the series included other refactoring and cleanup work. I was asked to separate out the bugfixes and redo for the net tree, which is what these patches are. The changes are: 1. Fix inet_shutdown races when L2TP tunnels and sessions close. (patches 1-2) 2. Fix races with tunnel and its socket. (patch 3) 3. Fix race in pppol2tp_release with session and its socket. (patch 4) 4. Fix tunnel lookup use-after-free. (patch 5) All of the syzbot reproducers hit races in the tunnel and pppol2tp session create and destroy paths. These tests create and destroy pppol2tp tunnels and sessions rapidly using multiple threads, provoking races in several tunnel/session create/destroy paths. The key problem was that each tunnel/session socket could be destroyed while its associated tunnel/session object still existed (patches 3, 4). Patch 5 addresses a problem with the way tunnels are removed from the tunnel list. Patch 5 is tagged that it addresses all four syzbot issues, though all 5 patches are needed. ==================== Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'block/blk-core.c')
0 files changed, 0 insertions, 0 deletions