kernel_samsung_a53x/drivers/block
Chun-Yi Lee ee3921735a aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts
[ Upstream commit f98364e926626c678fb4b9004b75cacf92ff0662 ]

This patch is against CVE-2023-6270. The description of cve is:

  A flaw was found in the ATA over Ethernet (AoE) driver in the Linux
  kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on
  `struct net_device`, and a use-after-free can be triggered by racing
  between the free on the struct and the access through the `skbtxq`
  global queue. This could lead to a denial of service condition or
  potential code execution.

In aoecmd_cfg_pkts(), it always calls dev_put(ifp) when skb initial
code is finished. But the net_device ifp will still be used in
later tx()->dev_queue_xmit() in kthread. Which means that the
dev_put(ifp) should NOT be called in the success path of skb
initial code in aoecmd_cfg_pkts(). Otherwise tx() may run into
use-after-free because the net_device is freed.

This patch removed the dev_put(ifp) in the success path in
aoecmd_cfg_pkts(), and added dev_put() after skb xmit in tx().

Link: https://nvd.nist.gov/vuln/detail/CVE-2023-6270
Fixes: 7562f876cd93 ("[NET]: Rework dev_base via list_head (v3)")
Signed-off-by: Chun-Yi Lee <jlee@suse.com>
Link: https://lore.kernel.org/r/20240305082048.25526-1-jlee@suse.com
Signed-off-by: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-11-19 08:44:37 +01:00
..
aoe aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts 2024-11-19 08:44:37 +01:00
drbd Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mtip32xx Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
null_blk Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
paride Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
rnbd block/rnbd-srv: Check for unlikely string overflow 2024-11-18 12:13:13 +01:00
rsxx Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xen-blkback Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
zram zram: use copy_page for full page copy 2024-11-17 17:41:38 +01:00
amiflop.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ataflop.c block: ataflop: more blk-mq refactoring fixes 2024-11-18 22:25:42 +01:00
brd.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
cryptoloop.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
floppy.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Kconfig Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
loop.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
loop.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Makefile Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nbd.c nbd: null check for nla_nest_start 2024-11-19 08:44:37 +01:00
pktcdvd.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ps3disk.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ps3vram.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
rbd.c rbd: don't move requests to the running list on errors 2024-11-18 12:13:02 +01:00
rbd_types.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
skd_main.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
skd_s1120.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sunvdc.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
swim.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
swim3.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
swim_asm.S Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
umem.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
umem.h Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
virtio_blk.c virtio-blk: Ensure no requests in virtqueues before deleting vqs. 2024-11-18 22:25:34 +01:00
xen-blkfront.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xsysace.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
z2ram.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00