e04cf5679c
JIRA: https://issues.redhat.com/browse/RHEL-63629 CVE: CVE-2024-49864 commit bc212465326e8587325f520a052346f0b57360e6 Author: David Howells <dhowells@redhat.com> Date: Tue Oct 1 14:26:58 2024 +0100 rxrpc: Fix a race between socket set up and I/O thread creation In rxrpc_open_socket(), it sets up the socket and then sets up the I/O thread that will handle it. This is a problem, however, as there's a gap between the two phases in which a packet may come into rxrpc_encap_rcv() from the UDP packet but we oops when trying to wake the not-yet created I/O thread. As a quick fix, just make rxrpc_encap_rcv() discard the packet if there's no I/O thread yet. A better, but more intrusive fix would perhaps be to rearrange things such that the socket creation is done by the I/O thread. Fixes: a275da62e8c1 ("rxrpc: Create a per-local endpoint receive queue and I/O thread") Signed-off-by: David Howells <dhowells@redhat.com> cc: yuxuanzhe@outlook.com cc: Marc Dionne <marc.dionne@auristor.com> cc: Simon Horman <horms@kernel.org> cc: linux-afs@lists.infradead.org Reviewed-by: Eric Dumazet <edumazet@google.com> Link: https://patch.msgid.link/20241001132702.3122709-2-dhowells@redhat.com Signed-off-by: Jakub Kicinski <kuba@kernel.org> Signed-off-by: Marc Dionne <mdionne@redhat.com> |
||
|---|---|---|
| .. | ||
| Kconfig | ||
| Makefile | ||
| af_rxrpc.c | ||
| ar-internal.h | ||
| call_accept.c | ||
| call_event.c | ||
| call_object.c | ||
| call_state.c | ||
| conn_client.c | ||
| conn_event.c | ||
| conn_object.c | ||
| conn_service.c | ||
| input.c | ||
| insecure.c | ||
| io_thread.c | ||
| key.c | ||
| local_event.c | ||
| local_object.c | ||
| misc.c | ||
| net_ns.c | ||
| output.c | ||
| peer_event.c | ||
| peer_object.c | ||
| proc.c | ||
| protocol.h | ||
| recvmsg.c | ||
| rtt.c | ||
| rxkad.c | ||
| rxperf.c | ||
| security.c | ||
| sendmsg.c | ||
| server_key.c | ||
| skbuff.c | ||
| sysctl.c | ||
| txbuf.c | ||
| utils.c | ||