android_kernel_motorola_sm6225

asgardius/android_kernel_motorola_sm6225

History

M A Ramdhan a89c7b9715 UPSTREAM: net/sched: cls_fw: Fix improper refcount update leads to use-after-free [ Upstream commit 0323bce598eea038714f941ce2b22541c46d488f ] In the event of a failure in tcf_change_indev(), fw_set_parms() will immediately return an error after incrementing or decrementing reference counter in tcf_bind_filter(). If attacker can control reference counter to zero and make reference freed, leading to use after free. In order to prevent this, move the point of possible failure above the point where the TC_FW_CLASSID is handled. Bug: 292252062 Bug: 290783303 Fixes: `1da177e4c3` ("Linux-2.6.12-rc2") Reported-by: M A Ramdhan <ramdhan@starlabs.sg> Signed-off-by: M A Ramdhan <ramdhan@starlabs.sg> Acked-by: Jamal Hadi Salim <jhs@mojatatu.com> Reviewed-by: Pedro Tammela <pctammela@mojatatu.com> Message-ID: <20230705161530.52003-1-ramdhan@starlabs.sg> Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Sasha Levin <sashal@kernel.org> (cherry picked from commit c91fb29bb07ee4dd40aabd1e41f19c0f92ac3199) Signed-off-by: Lee Jones <joneslee@google.com> Change-Id: I9bf6f540b4eb23ea5641fb3efe6f3e621d7b6151		2023-08-15 13:48:46 +01:00
..
act_api.c	net: sched: limit TC_ACT_REPEAT loops	2022-02-23 11:58:41 +01:00
act_bpf.c
act_connmark.c	sched: consistently handle layer3 header accesses in the presence of VLANs	2020-07-22 09:32:00 +02:00
act_csum.c	sched: consistently handle layer3 header accesses in the presence of VLANs	2020-07-22 09:32:00 +02:00
act_gact.c
act_ife.c
act_ipt.c
act_meta_mark.c
act_meta_skbprio.c
act_meta_skbtcindex.c
act_mirred.c	net/sched: act_mirred: Add carrier check	2023-05-17 11:13:24 +02:00
act_nat.c
act_pedit.c	net/sched: act_pedit: sanitize shift argument before usage	2022-05-25 09:10:39 +02:00
act_police.c
act_sample.c
act_simple.c
act_skbedit.c	sched: consistently handle layer3 header accesses in the presence of VLANs	2020-07-22 09:32:00 +02:00
act_skbmod.c	net/sched: act_skbmod: Skip non-Ethernet packets	2021-07-28 11:13:48 +02:00
act_tunnel_key.c	net/sched: act_tunnel_key: fix OOB write in case of IPv6 ERSPAN tunnels	2020-10-29 09:54:58 +01:00
act_vlan.c
cls_api.c	net: sched: fix possible refcount leak in tc_chain_tmplt_add()	2023-06-14 10:57:13 +02:00
cls_basic.c
cls_bpf.c
cls_cgroup.c
cls_flow.c	sched: consistently handle layer3 header accesses in the presence of VLANs	2020-07-22 09:32:00 +02:00
cls_flower.c	net/sched: flower: fix possible OOB write in fl_set_geneve_opt()	2023-06-09 10:23:57 +02:00
cls_fw.c	UPSTREAM: net/sched: cls_fw: Fix improper refcount update leads to use-after-free	2023-08-15 13:48:46 +01:00
cls_matchall.c
cls_route.c	net_sched: cls_route: disallow handle of 0	2022-08-25 11:15:33 +02:00
cls_rsvp.c
cls_rsvp.h
cls_rsvp6.c
cls_u32.c	net/sched: cls_u32: fix netns refcount changes in u32_change()	2022-05-01 17:00:35 +02:00
em_canid.c
em_cmp.c
em_ipset.c	sched: consistently handle layer3 header accesses in the presence of VLANs	2020-07-22 09:32:00 +02:00
em_ipt.c
em_meta.c	sched: consistently handle layer3 header accesses in the presence of VLANs	2020-07-22 09:32:00 +02:00
em_nbyte.c
em_text.c
em_u32.c
ematch.c	net_sched: reject TCF_EM_SIMPLE case for complex ematch module	2023-01-18 11:30:32 +01:00
Kconfig	net/sched: Retire tcindex classifier	2023-03-11 16:31:55 +01:00
Makefile	net/sched: Retire tcindex classifier	2023-03-11 16:31:55 +01:00
sch_api.c	net: sched: fix NULL pointer dereference in mq_attach	2023-06-09 10:23:56 +02:00
sch_atm.c	net: sched: atm: dont intepret cls results when asked to drop	2023-01-18 11:30:50 +01:00
sch_blackhole.c
sch_cake.c	net: sched: cake: fix null pointer access issue when cake_init() fails	2022-11-03 23:52:26 +09:00
sch_cbq.c	net: sched: cbq: dont intepret cls results when asked to drop	2023-04-05 11:15:42 +02:00
sch_cbs.c	net: sched: rename qdisc_destroy() to qdisc_put()	2021-12-14 10:18:04 +01:00
sch_choke.c	net: sched: validate stab values	2021-03-30 14:37:03 +02:00
sch_codel.c
sch_drr.c	net: sched: rename qdisc_destroy() to qdisc_put()	2021-12-14 10:18:04 +01:00
sch_dsmark.c	net: sched: rename qdisc_destroy() to qdisc_put()	2021-12-14 10:18:04 +01:00
sch_etf.c	sched: etf: do not assume all sockets are full blown	2020-04-29 16:31:21 +02:00
sch_fifo.c	net: sched: rename qdisc_destroy() to qdisc_put()	2021-12-14 10:18:04 +01:00
sch_fq.c	net: fq: add missing attribute validation for orphan mask	2020-03-18 07:14:16 +01:00
sch_fq_codel.c	fq_codel: reject silly quantum parameters	2021-09-22 11:48:14 +02:00
sch_generic.c	This is the 4.19.257 stable release	2022-09-21 10:22:14 +02:00
sch_gred.c	net: sched: validate stab values	2021-03-30 14:37:03 +02:00
sch_hfsc.c	net: sched: rename qdisc_destroy() to qdisc_put()	2021-12-14 10:18:04 +01:00
sch_hhf.c
sch_htb.c	net: sched: rename qdisc_destroy() to qdisc_put()	2021-12-14 10:18:04 +01:00
sch_ingress.c	net/sched: Reserve TC_H_INGRESS (TC_H_CLSACT) for ingress (clsact) Qdiscs	2023-06-09 10:23:56 +02:00
sch_mq.c	This is the 4.19.221 stable release	2021-12-14 10:41:13 +01:00
sch_mqprio.c	This is the 4.19.221 stable release	2021-12-14 10:41:13 +01:00
sch_multiq.c	net: sched: rename qdisc_destroy() to qdisc_put()	2021-12-14 10:18:04 +01:00
sch_netem.c	sch_netem: acquire qdisc lock in netem_change()	2023-06-28 10:15:30 +02:00
sch_pie.c
sch_plug.c
sch_prio.c	net: sched: rename qdisc_destroy() to qdisc_put()	2021-12-14 10:18:04 +01:00
sch_qfq.c	net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg	2023-04-26 11:21:50 +02:00
sch_red.c	net: sched: Fix use after free in red_enqueue()	2022-11-10 17:46:52 +01:00
sch_sfb.c	sch_sfb: Also store skb len before calling child enqueue	2022-09-15 12:17:06 +02:00
sch_sfq.c	net: sched: validate stab values	2021-03-30 14:37:03 +02:00
sch_skbprio.c	net_sched: sch_skbprio: add message validation to skbprio_change()	2020-05-14 07:57:17 +02:00
sch_tbf.c	net: sched: rename qdisc_destroy() to qdisc_put()	2021-12-14 10:18:04 +01:00
sch_teql.c	net: sched: sch_teql: fix null-pointer dereference	2021-04-14 08:22:33 +02:00