| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 15 Dec 2022 16:19:38 +0000
From: David Howells <dhowells@...hat.com>
To: netdev@...r.kernel.org
Cc: Dan Carpenter <error27@...il.com>, linux-afs@...ts.infradead.org,
Marc Dionne <marc.dionne@...istor.com>,
Hillf Danton <hdanton@...a.com>,
syzbot+3538a6a72efa8b059c38@...kaller.appspotmail.com,
dhowells@...hat.com, linux-afs@...ts.infradead.org,
linux-kernel@...r.kernel.org
Subject: [PATCH net 0/9] rxrpc: Fixes for I/O thread conversion/SACK table
expansion
Here are some fixes for AF_RXRPC:
(1) Fix missing unlock in rxrpc's sendmsg.
(2) Fix (lack of) propagation of security settings to rxrpc_call.
(3) Fix NULL ptr deref in rxrpc_unuse_local().
(4) Fix problem with kthread_run() not invoking the I/O thread function if
the kthread gets stopped first. Possibly this should actually be
fixed in the kthread code.
(5) Fix locking problem as putting a peer (which may be done from RCU) may
now invoke kthread_stop().
(6) Fix switched parameters in a couple of trace calls.
(7) Fix I/O thread's checking for kthread stop to make sure it completes
all outstanding work before returning so that calls are cleaned up.
(8) Fix an uninitialised var in the new rxperf test server.
(9) Fix the return value of rxrpc_new_incoming_call() so that the checks
on it work correctly.
The patches fix at least one syzbot bug[1] and probably some others that
don't have reproducers[2][3][4]. I think it also fixes another[5], but
that showed another failure during testing that was different to the
original.
There's also an outstanding bug in rxrpc_put_peer()[6] that is fixed by a
combination of several patches in my rxrpc-next branch, but I haven't
included that here.
The patches are tagged here:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
rxrpc-fixes-20221215
and can also be found on the following branch:
https://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git/log/?h=rxrpc-fixes
David
Link: https://syzkaller.appspot.com/bug?extid=3538a6a72efa8b059c38 [1]
Link: https://syzkaller.appspot.com/bug?extid=2a99eae8dc7c754bc16b [2]
Link: https://syzkaller.appspot.com/bug?extid=e1391a5bf3f779e31237 [3]
Link: https://syzkaller.appspot.com/bug?extid=2aea8e1c8e20cb27a01f [4]
Link: https://syzkaller.appspot.com/bug?extid=1eb4232fca28c0a6d1c2 [5]
Link: https://syzkaller.appspot.com/bug?extid=c22650d2844392afdcfd [6]
---
David Howells (9):
rxrpc: Fix missing unlock in rxrpc_do_sendmsg()
rxrpc: Fix security setting propagation
rxrpc: Fix NULL deref in rxrpc_unuse_local()
rxrpc: Fix I/O thread startup getting skipped
rxrpc: Fix locking issues in rxrpc_put_peer_locked()
rxrpc: Fix switched parameters in peer tracing
rxrpc: Fix I/O thread stop
rxrpc: rxperf: Fix uninitialised variable
rxrpc: Fix the return value of rxrpc_new_incoming_call()
include/trace/events/rxrpc.h | 2 +-
net/rxrpc/ar-internal.h | 8 ++++----
net/rxrpc/call_accept.c | 18 +++++++++---------
net/rxrpc/call_object.c | 1 +
net/rxrpc/conn_client.c | 2 --
net/rxrpc/io_thread.c | 10 +++++++---
net/rxrpc/local_object.c | 5 ++++-
net/rxrpc/peer_event.c | 10 +++++++---
net/rxrpc/peer_object.c | 23 ++---------------------
net/rxrpc/rxperf.c | 2 +-
net/rxrpc/security.c | 6 +++---
net/rxrpc/sendmsg.c | 2 +-
12 files changed, 40 insertions(+), 49 deletions(-)
Powered by blists - more mailing lists