nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity
kernel/net/core
History
Eric Dumazet feafc73f3e net: prevent a NULL deref in rtnl_create_link() 
At the time rtnl_create_link() is running, dev->netdev_ops is NULL,
we must not use netdev_lock_ops() or risk a NULL deref if
CONFIG_NET_SHAPER is defined.

Use netif_set_group() instead of dev_set_group().

 RIP: 0010:netdev_need_ops_lock include/net/netdev_lock.h:33 [inline]
 RIP: 0010:netdev_lock_ops include/net/netdev_lock.h:41 [inline]
 RIP: 0010:dev_set_group+0xc0/0x230 net/core/dev_api.c:82
Call Trace:
 <TASK>
  rtnl_create_link+0x748/0xd10 net/core/rtnetlink.c:3674
  rtnl_newlink_create+0x25c/0xb00 net/core/rtnetlink.c:3813
  __rtnl_newlink net/core/rtnetlink.c:3940 [inline]
  rtnl_newlink+0x16d6/0x1c70 net/core/rtnetlink.c:4055
  rtnetlink_rcv_msg+0x7cf/0xb70 net/core/rtnetlink.c:6944
  netlink_rcv_skb+0x208/0x470 net/netlink/af_netlink.c:2534
  netlink_unicast_kernel net/netlink/af_netlink.c:1313 [inline]
  netlink_unicast+0x75b/0x8d0 net/netlink/af_netlink.c:1339
  netlink_sendmsg+0x805/0xb30 net/netlink/af_netlink.c:1883
  sock_sendmsg_nosec net/socket.c:712 [inline]

Reported-by: syzbot+9fc858ba0312b42b577e@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/netdev/6840265f.a00a0220.d4325.0009.GAE@google.com/T/#u
Signed-off-by: Eric Dumazet <edumazet@google.com>
Fixes: 7e4d784f58 ("net: hold netdev instance lock during rtnetlink operations")
Acked-by: Stanislav Fomichev <sdf@fomichev.me>
Link: https://patch.msgid.link/20250604105815.1516973-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2025-06-05 08:03:00 -07:00
..
bpf_sk_storage.c bpf: Remove unnecessary BTF lookups in bpf_sk_storage_tracing_allowed 2025-01-29 08:51:51 -08:00
datagram.c net: devmem: support single IOV with sendmsg 2025-05-26 10:00:48 +01:00
dev.c net: annotate data-races around cleanup_net_task 2025-06-05 08:02:26 -07:00
dev.h netdev: add "ops compat locking" helpers 2025-04-09 17:01:51 -07:00
dev_addr_lists.c net: ti: icssg-prueth: Add Multicast Filtering support for VLAN in MAC mode 2025-01-14 12:17:27 +01:00
dev_addr_lists_test.c
dev_api.c net: core: Convert dev_set_mac_address_user() to use struct sockaddr_storage 2025-05-27 08:25:43 +02:00
dev_ioctl.c net: core: Convert dev_set_mac_address_user() to use struct sockaddr_storage 2025-05-27 08:25:43 +02:00
devmem.c net: devmem: move list_add to net_devmem_bind_dmabuf. 2025-05-27 19:19:35 -07:00
devmem.h net: Fix net_devmem_bind_dmabuf for non-devmem configs 2025-05-30 19:23:36 -07:00
drop_monitor.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
dst.c net: decrease cached dst counters in dst_release 2025-04-03 13:05:07 +02:00
dst_cache.c net: dst_cache: Use nested-BH locking for dst_cache::cache 2025-05-15 15:23:30 +02:00
failover.c
fib_notifier.c
fib_rules.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-04-17 12:26:50 -07:00
filter.c bpf: Fix L4 csum update on IPv6 in CHECKSUM_COMPLETE 2025-05-30 19:53:51 -07:00
flow_dissector.c net: remove '__' from __skb_flow_get_ports() 2025-02-24 14:27:53 -08:00
flow_offload.c
gen_estimator.c treewide: Switch/rename to timer_delete[_sync]() 2025-04-05 10:30:12 +02:00
gen_stats.c
gro.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2025-02-27 10:20:58 -08:00
gro_cells.c
gso.c
hotdata.c net: introduce per netns packet chains 2025-03-24 13:58:22 -07:00
hwbm.c
ieee8021q_helpers.c
link_watch.c net: hold instance lock during NETDEV_CHANGE 2025-04-07 11:13:39 -07:00
lock_debug.c netdev: fix the locking for netdev notifications 2025-04-17 18:55:14 -07:00
lwt_bpf.c
lwtunnel.c inet: Remove rtnl_is_held arg of lwtunnel_valid_encap_type(_attr)?(). 2025-05-20 19:18:24 -07:00
Makefile net: rename rtnl_net_debug to lock_debug 2025-04-03 15:32:08 -07:00
mp_dmabuf_devmem.h
neighbour.c net: neigh: use kfree_skb_reason() in neigh_resolve_output() and neigh_connected_output() 2025-05-26 10:03:13 +01:00
net-procfs.c net: add data-race annotations in softnet_seq_show() 2025-04-08 12:30:55 -07:00
net-sysfs.c net: designate queue counts as "double ops protected" by instance lock 2025-03-25 10:06:49 -07:00
net-sysfs.h
net-traces.c
net_namespace.c net: annotate data-races around cleanup_net_task 2025-06-05 08:02:26 -07:00
net_test.c
netclassid_cgroup.c
netdev-genl-gen.c net: devmem: TCP tx netlink api 2025-05-13 11:12:48 +02:00
netdev-genl-gen.h net: devmem: TCP tx netlink api 2025-05-13 11:12:48 +02:00
netdev-genl.c net: devmem: move list_add to net_devmem_bind_dmabuf. 2025-05-27 19:19:35 -07:00
netdev_rx_queue.c net: avoid false positive warnings in __net_mp_close_rxq() 2025-04-04 07:35:38 -07:00
netevent.c
netmem_priv.h page_pool: Track DMA-mapped pages and unmap them when destroying the pool 2025-04-14 16:30:29 -07:00
netpoll.c netpoll: Eliminate redundant assignment 2025-03-24 13:42:53 -07:00
netprio_cgroup.c
of_net.c
page_pool.c page_pool: Fix use-after-free in page_pool_recycle_in_ring 2025-05-28 19:19:36 -07:00
page_pool_priv.h net: page_pool: don't try to stash the napi id 2025-01-27 14:37:41 -08:00
page_pool_user.c net: use napi_id_valid helper 2025-02-17 16:43:04 -08:00
pktgen.c net: pktgen: fix code style (WARNING: Prefer strscpy over strcpy) 2025-04-17 13:02:41 +02:00
ptp_classifier.c
request_sock.c
rtnetlink.c net: prevent a NULL deref in rtnl_create_link() 2025-06-05 08:03:00 -07:00
scm.c af_unix: Move SOCK_PASS{CRED,PIDFD,SEC} to struct sock. 2025-05-23 10:24:18 +01:00
secure_seq.c net: Retire DCCP socket. 2025-04-11 18:58:10 -07:00
selftests.c net: selftests: initialize TCP header and skb payload with zero 2025-04-22 15:30:35 +02:00
skb_fault_injection.c
skbuff.c net: fold __skb_checksum() into skb_checksum() 2025-05-21 15:40:16 -07:00
skmsg.c bpf, sockmap: Avoid using sk_socket after free when sending 2025-05-22 16:16:37 -07:00
sock.c Fix sock_exceed_buf_limit not being triggered in __sk_mem_raise_allocated 2025-05-28 19:07:53 -07:00
sock_destructor.h
sock_diag.c net: Retire DCCP socket. 2025-04-11 18:58:10 -07:00
sock_map.c BPF fixes: 2025-02-20 15:37:17 -08:00
sock_reuseport.c
stream.c
sysctl_net_core.c net: rps: remove kfree_rcu_mightsleep() use 2025-04-08 12:30:55 -07:00
timestamping.c net: Add the possibility to support a selected hwtstamp in netdevice 2024-12-16 12:51:40 +00:00
tso.c
utils.c net: Fix checksum update for ILA adj-transport 2025-05-30 19:53:51 -07:00
xdp.c xsk: add missing virtual address conversion for page 2025-05-27 11:46:47 +02:00