Message-ID: <20251028161506.3294376-1-stefan.wiehler@nokia.com>
Date: Tue, 28 Oct 2025 17:12:25 +0100
From: Stefan Wiehler <stefan.wiehler@...ia.com>
To: Xin Long <lucien.xin@...il.com>,
	"David S . Miller " <davem@...emloft.net>,
	Eric Dumazet <edumazet@...gle.com>,
	Jakub Kicinski <kuba@...nel.org>,
	Paolo Abeni <pabeni@...hat.com>,
	Simon Horman <horms@...nel.org>,
	Kuniyuki Iwashima <kuniyu@...gle.com>
Cc: linux-sctp@...r.kernel.org,
	netdev@...r.kernel.org,
	linux-kernel@...r.kernel.org,
	Stefan Wiehler <stefan.wiehler@...ia.com>
Subject: [PATCH net v3 0/3] Fix SCTP diag locking issues

- Hold RCU read lock while iterating over address list in
  inet_diag_msg_sctpaddrs_fill()
- Prevent TOCTOU out-of-bounds write
- Hold sock lock while iterating over address list in sctp_sock_dump_one()

v3:
- Elaborate on TOCTOU call path
- Merge 3 patches into series
v2:
- Add changelog and credit, release sock lock in ENOMEM error path:
  https://patchwork.kernel.org/project/netdevbpf/patch/20251027102541.2320627-2-stefan.wiehler@nokia.com/
- Add changelog and credit:
  https://patchwork.kernel.org/project/netdevbpf/patch/20251027101328.2312025-2-stefan.wiehler@nokia.com/
v1:
- https://patchwork.kernel.org/project/netdevbpf/patch/20251023191807.74006-2-stefan.wiehler@nokia.com/
- https://patchwork.kernel.org/project/netdevbpf/patch/20251027084835.2257860-1-stefan.wiehler@nokia.com/
- https://patchwork.kernel.org/project/netdevbpf/patch/20251027085007.2259265-1-stefan.wiehler@nokia.com/

Stefan Wiehler (3):
  sctp: Hold RCU read lock while iterating over address list
  sctp: Prevent TOCTOU out-of-bounds write
  sctp: Hold sock lock while iterating over address list

 net/sctp/diag.c | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

-- 
2.51.0

Powered by blists - more mailing lists