unimore/kernel-hacking-2024-linux-steffo
unimore/kernel-hacking-2024-linux-steffo
1
Fork 0
Code Pull requests 5 Wiki Activity
kernel-hacking-2024-linux-s.../net
History
Phil Sutter 9665d5d624 packet: fix leakage of tx_ring memory 
When releasing a packet socket, the routine packet_set_ring() is reused
to free rings instead of allocating them. But when calling it for the
first time, it fills req->tp_block_nr with the value of rb->pg_vec_len
which in the second invocation makes it bail out since req->tp_block_nr
is greater zero but req->tp_block_size is zero.

This patch solves the problem by passing a zeroed auto-variable to
packet_set_ring() upon each invocation from packet_release().

As far as I can tell, this issue exists even since 69e3c75 (net: TX_RING
and packet mmap), i.e. the original inclusion of TX ring support into
af_packet, but applies only to sockets with both RX and TX ring
allocated, which is probably why this was unnoticed all the time.

Signed-off-by: Phil Sutter <phil.sutter@viprinet.com>
Cc: Johann Baudy <johann.baudy@gnu-log.net>
Cc: Daniel Borkmann <dborkman@redhat.com>
Acked-by: Daniel Borkmann <dborkman@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-03 16:15:23 -05:00
..
9p
802
8021q
appletalk
atm atm: use scnprintf() instead of sprintf() 2012-12-17 20:50:51 -08:00
ax25
batman-adv batman-adv: filter ARP packets with invalid MAC addresses in DAT 2013-01-27 14:02:39 +01:00
bluetooth Bluetooth: Check if the hci connection exists in SCO shutdown 2013-01-10 03:53:32 -02:00
bridge bridge: add empty br_mdb_init() and br_mdb_uninit() definitions. 2013-01-03 03:35:22 -08:00
caif
can Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
ceph Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2013-01-02 17:32:49 -08:00
core net: Fix inner_network_header assignment in skb-copy. 2013-02-03 16:10:36 -05:00
dcb
dccp inet: Fix kmemleak in tcp_v4/6_syn_recv_sock and dccp_v4/6_request_recv_sock 2012-12-14 13:14:07 -05:00
decnet
dns_resolver Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2012-12-16 15:40:50 -08:00
dsa
ethernet
ieee802154
ipv4 tcp: frto should not set snd_cwnd to 0 2013-02-03 16:00:25 -05:00
ipv6 ipv6: export ip6_datagram_recv_ctl 2013-01-31 13:53:08 -05:00
ipx
irda
iucv s390/irq: remove split irq fields from /proc/stat 2013-01-08 10:57:07 +01:00
key
l2tp l2tp: correctly handle ancillary data in the ip6 recv path 2013-01-31 13:53:09 -05:00
lapb
llc
mac80211 mac80211: add encrypt headroom to PERR frames 2013-01-16 23:24:51 +01:00
mac802154 mac802154: fix NOHZ local_softirq_pending 08 warning 2013-01-04 13:47:21 -08:00
netfilter netfilter: x_tables: print correct hook names for ARP 2013-01-13 12:54:12 +01:00
netlabel
netlink netlink: validate addr_len on bind 2012-12-17 20:50:51 -08:00
netrom
nfc
openvswitch
packet packet: fix leakage of tx_ring memory 2013-02-03 16:15:23 -05:00
phonet
rds IB/rds: suppress incompatible protocol when version is known 2012-12-26 15:17:37 -08:00
rfkill Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-12-13 12:00:02 -08:00
rose
rxrpc
sched netem: fix delay calculation in rate extension 2013-01-29 15:43:02 -05:00
sctp SCTP: Free the per-net sysctl table on net exit. v2 2013-01-28 00:09:32 -05:00
sunrpc ipv6: rename datagram_send_ctl and datagram_recv_ctl 2013-01-31 13:53:08 -05:00
tipc
unix
wanrouter
wimax
wireless Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless into for-davem 2013-02-01 13:43:25 -05:00
x25
xfrm xfrm: fix freed block size calculation in xfrm_policy_fini() 2013-01-21 06:50:04 +01:00
compat.c
Kconfig
Makefile
nonet.c
socket.c
sysctl_net.c