kernel / kernel-source

Clone
Source Code
GIT

Blame patches.suse/llc-fix-netdevice-reference-leaks-in-llc_ui_bind.patch

ALP-current ALP-current-GA ALP-current-RT ALP-current-RT-GA SLE12-SP5 SLE12-SP5-AZURE SLE12-SP5-RT SLE15-SP2-EB SLE15-SP3-RT-LTSS SLE15-SP4-RT-LTSS SLE15-SP5 SLE15-SP5-AZURE SLE15-SP5-RT SLE15-SP6 SLE15-SP6-AZURE SLE15-SP6-AZURE-GA SLE15-SP6-GA SLE15-SP6-RT SLE15-SP6-RT-GA linux-next master packaging scripts slowroll stable vanilla
  1.   35fc83525b0d1c9740da0ce25bfeb6e2540363f5
  2.   patches.suse
  3.   llc-fix-netdevice-reference-leaks-in-llc_ui_bind.patch
Blob History Raw
Michal Kubecek 223757 
From: Eric Dumazet <edumazet@google.com>
Michal Kubecek 223757 
Date: Tue, 22 Mar 2022 17:41:47 -0700
Michal Kubecek 223757 
Subject: llc: fix netdevice reference leaks in llc_ui_bind()
Michal Kubecek 223757 
MIME-Version: 1.0
Michal Kubecek 223757 
Content-Type: text/plain; charset=UTF-8
Michal Kubecek 223757 
Content-Transfer-Encoding: 8bit
Michal Kubecek 223757 
Patch-mainline: v5.18-rc1
Michal Kubecek 223757 
Git-commit: 764f4eb6846f5475f1244767d24d25dd86528a4a
Michal Kubecek bf5ad6 
References: CVE-2022-28356 bsc#1197391
Michal Kubecek 223757
Michal Kubecek 223757 
Whenever llc_ui_bind() and/or llc_ui_autobind()
Michal Kubecek 223757 
took a reference on a netdevice but subsequently fail,
Michal Kubecek 223757 
they must properly release their reference
Michal Kubecek 223757 
or risk the infamous message from unregister_netdevice()
Michal Kubecek 223757 
at device dismantle.
Michal Kubecek 223757
Michal Kubecek 223757 
unregister_netdevice: waiting for eth0 to become free. Usage count = 3
Michal Kubecek 223757
Michal Kubecek 223757 
Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Michal Kubecek 223757 
Signed-off-by: Eric Dumazet <edumazet@google.com>
Michal Kubecek 223757 
Reported-by: 赵子轩 <beraphin@gmail.com>
Michal Kubecek 223757 
Reported-by: Stoyan Manolov <smanolov@suse.de>
Michal Kubecek 223757 
Link: https://lore.kernel.org/r/20220323004147.1990845-1-eric.dumazet@gmail.com
Michal Kubecek 223757 
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Michal Kubecek 223757 
Acked-by: Michal Kubecek <mkubecek@suse.cz>
Michal Kubecek 223757
Michal Kubecek 223757 
SLE/openSUSE: use dev_put() rather than dev_put_track() which was only
Michal Kubecek 223757 
introduced in mainline 5.17-rc1.
Michal Kubecek 223757
Michal Kubecek 223757 
---
Michal Kubecek 223757 
 net/llc/af_llc.c | 8 ++++++++
Michal Kubecek 223757 
 1 file changed, 8 insertions(+)
Michal Kubecek 223757
Michal Kubecek 223757 
--- a/net/llc/af_llc.c
Michal Kubecek 223757 
+++ b/net/llc/af_llc.c
Michal Kubecek 223757 
@@ -303,6 +303,10 @@ static int llc_ui_autobind(struct socket *sock, struct sockaddr_llc *addr)
Michal Kubecek 223757 
 	sock_reset_flag(sk, SOCK_ZAPPED);
Michal Kubecek 223757 
 	rc = 0;
Michal Kubecek 223757 
 out:
Michal Kubecek 223757 
+	if (rc) {
Michal Kubecek 223757 
+		dev_put(llc->dev);
Michal Kubecek 223757 
+		llc->dev = NULL;
Michal Kubecek 223757 
+	}
Michal Kubecek 223757 
 	return rc;
Michal Kubecek 223757 
 }
Michal Kubecek 223757
Michal Kubecek 223757 
@@ -401,6 +405,10 @@ static int llc_ui_bind(struct socket *sock, struct sockaddr *uaddr, int addrlen)
Michal Kubecek 223757 
 out_put:
Michal Kubecek 223757 
 	llc_sap_put(sap);
Michal Kubecek 223757 
 out:
Michal Kubecek 223757 
+	if (rc) {
Michal Kubecek 223757 
+		dev_put(llc->dev);
Michal Kubecek 223757 
+		llc->dev = NULL;
Michal Kubecek 223757 
+	}
Michal Kubecek 223757 
 	release_sock(sk);
Michal Kubecek 223757 
 	return rc;
Michal Kubecek 223757 
 }
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.