From: Will Deacon <will@kernel.org>
To: gregkh@linuxfoundation.org
Cc: stable@vger.kernel.org, linux-kernel@vger.kernel.org,
kernel-team@android.com, g.nault@alphalink.fr,
Will Deacon <will@kernel.org>
Subject: [PATCH 0/8] [backports] l2tp use-after-free fixes for 4.4 stable
Date: Thu, 2 Apr 2020 18:32:42 +0100 [thread overview]
Message-ID: <20200402173250.7858-1-will@kernel.org> (raw)
Hi Greg,
Syzbot has been complaining about KASAN splats due to use-after-free
issues in the l2tp code on 4.4 Android kernels (although I reproduced
with latest 4.4 stable on my laptop):
https://syzkaller.appspot.com/bug?id=de316389db0fa0cd7ced6e564601ea8e56625ebc
These have been fixed upstream, but for some reason didn't get picked up
for stable. This series applies to 4.4.y and I've sent patches for 4.9
separately.
Thanks,
Will
--->8
Gao Feng (1):
l2tp: Refactor the codes with existing macros instead of literal
number
Guillaume Nault (5):
l2tp: fix race in l2tp_recv_common()
l2tp: ensure session can't get removed during pppol2tp_session_ioctl()
l2tp: fix duplicate session creation
l2tp: ensure sessions are freed after their PPPOL2TP socket
l2tp: fix race between l2tp_session_delete() and
l2tp_tunnel_closeall()
Shmulik Ladkani (1):
net: l2tp: Make l2tp_ip6 namespace aware
phil.turnbull@oracle.com (1):
l2tp: Correctly return -EBADF from pppol2tp_getname.
net/l2tp/l2tp_core.c | 149 ++++++++++++++++++++++++++++++++++---------
net/l2tp/l2tp_core.h | 4 ++
net/l2tp/l2tp_eth.c | 10 +--
net/l2tp/l2tp_ip.c | 17 +++--
net/l2tp/l2tp_ip6.c | 28 +++++---
net/l2tp/l2tp_ppp.c | 110 ++++++++++++++++----------------
6 files changed, 211 insertions(+), 107 deletions(-)
--
2.26.0.rc2.310.g2932bb562d-goog
next reply other threads:[~2020-04-02 17:32 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-02 17:32 Will Deacon [this message]
2020-04-02 17:32 ` [PATCH 1/8] l2tp: Correctly return -EBADF from pppol2tp_getname Will Deacon
2020-04-02 17:32 ` [PATCH 2/8] net: l2tp: Make l2tp_ip6 namespace aware Will Deacon
2020-04-02 17:32 ` [PATCH 3/8] l2tp: fix race in l2tp_recv_common() Will Deacon
2020-04-02 17:32 ` [PATCH 4/8] l2tp: ensure session can't get removed during pppol2tp_session_ioctl() Will Deacon
2020-04-02 17:32 ` [PATCH 5/8] l2tp: fix duplicate session creation Will Deacon
2020-04-02 17:32 ` [PATCH 6/8] l2tp: Refactor the codes with existing macros instead of literal number Will Deacon
2020-04-02 17:32 ` [PATCH 7/8] l2tp: ensure sessions are freed after their PPPOL2TP socket Will Deacon
2020-04-02 17:32 ` [PATCH 8/8] l2tp: fix race between l2tp_session_delete() and l2tp_tunnel_closeall() Will Deacon
2020-04-03 12:45 ` [PATCH 0/8] [backports] l2tp use-after-free fixes for 4.4 stable Greg KH
2020-04-03 13:22 ` Will Deacon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200402173250.7858-1-will@kernel.org \
--to=will@kernel.org \
--cc=g.nault@alphalink.fr \
--cc=gregkh@linuxfoundation.org \
--cc=kernel-team@android.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.