From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:46848 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932376AbbKQWjZ (ORCPT ); Tue, 17 Nov 2015 17:39:25 -0500 Subject: Patch "net: avoid NULL deref in inet_ctl_sock_destroy()" has been added to the 4.1-stable tree To: edumazet@google.com, davem@davemloft.net, dvyukov@google.com, gregkh@linuxfoundation.org Cc: , From: Date: Tue, 17 Nov 2015 14:39:24 -0800 Message-ID: <1447799964254248@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled net: avoid NULL deref in inet_ctl_sock_destroy() to the 4.1-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: net-avoid-null-deref-in-inet_ctl_sock_destroy.patch and it can be found in the queue-4.1 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From foo@baz Tue Nov 17 14:35:45 PST 2015 From: Eric Dumazet Date: Mon, 2 Nov 2015 07:50:07 -0800 Subject: net: avoid NULL deref in inet_ctl_sock_destroy() From: Eric Dumazet [ Upstream commit 8fa677d2706d325d71dab91bf6e6512c05214e37 ] Under low memory conditions, tcp_sk_init() and icmp_sk_init() can both iterate on all possible cpus and call inet_ctl_sock_destroy(), with eventual NULL pointer. Signed-off-by: Eric Dumazet Reported-by: Dmitry Vyukov Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- include/net/inet_common.h | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/include/net/inet_common.h +++ b/include/net/inet_common.h @@ -41,7 +41,8 @@ int inet_recv_error(struct sock *sk, str static inline void inet_ctl_sock_destroy(struct sock *sk) { - sk_release_kernel(sk); + if (sk) + sk_release_kernel(sk); } #endif Patches currently in stable-queue which might be from edumazet@google.com are queue-4.1/ipv6-gre-support-sit-encapsulation.patch queue-4.1/ipmr-fix-possible-race-resulting-from-improper-usage-of-ip_inc_stats_bh-in-preemptible-context.patch queue-4.1/net-avoid-null-deref-in-inet_ctl_sock_destroy.patch queue-4.1/net-fix-a-race-in-dst_release.patch queue-4.1/sit-fix-sit0-percpu-double-allocations.patch