asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/net/xfrm
History
Hangyu Hua fdb4fba1ba xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() 
[ Upstream commit f85daf0e725358be78dfd208dea5fd665d8cb901 ]

xfrm_policy_lookup() will call xfrm_pol_hold_rcu() to get a refcount of
pols[0]. This refcount can be dropped in xfrm_expand_policies() when
xfrm_expand_policies() return error. pols[0]'s refcount is balanced in
here. But xfrm_bundle_lookup() will also call xfrm_pols_put() with
num_pols == 1 to drop this refcount when xfrm_expand_policies() return
error.

This patch also fix an illegal address access. pols[0] will save a error
point when xfrm_policy_lookup fails. This lead to xfrm_pols_put to resolve
an illegal address in xfrm_bundle_lookup's error path.

Fix these by setting num_pols = 0 in xfrm_expand_policies()'s error path.

Fixes: 80c802f307 ("xfrm: cache bundles instead of policies for outgoing flows")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2022-07-29 17:10:30 +02:00
..
Kconfig ipsec: select crypto ciphers for xfrm_algo 2019-07-26 09:14:10 +02:00
Makefile xfrm: Add virtual xfrm interfaces 2018-06-23 16:07:25 +02:00
xfrm_algo.c xfrm: use IS_ENABLED() instead of checking for built-in or module 2016-09-10 21:19:11 -07:00
xfrm_device.c xfrm: enforce validity of offload input flags 2022-03-08 19:04:07 +01:00
xfrm_hash.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm_hash.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm_input.c xfrm: Fix oops in xfrm_replay_advance_bmp 2021-02-03 23:23:25 +01:00
xfrm_interface.c xfrm: fix tunnel model fragmentation behavior 2022-04-15 14:14:36 +02:00
xfrm_ipcomp.c net: xfrm: use preempt-safe this_cpu_read() in ipcomp_alloc_tfms() 2018-03-13 07:46:37 +01:00
xfrm_output.c xfrm: fix a NULL-ptr deref in xfrm_local_error 2020-06-03 08:19:45 +02:00
xfrm_policy.c xfrm: xfrm_policy: fix a possible double xfrm_pols_put() in xfrm_bundle_lookup() 2022-07-29 17:10:30 +02:00
xfrm_proc.c proc: introduce proc_create_net_single 2018-05-16 07:24:30 +02:00
xfrm_replay.c xfrm: Fix ESN sequence number handling for IPsec GSO packets. 2018-03-01 08:14:50 +01:00
xfrm_state.c xfrm: Fix xfrm migrate issues when address family changes 2022-03-23 09:10:40 +01:00
xfrm_sysctl.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
xfrm_user.c xfrm: policy: match with both mark and mask on user interfaces 2022-04-15 14:15:07 +02:00