| commit | eb7f54b90bd8f469834c5e86dcf72ebf9a629811 | [log] [tgz] |
|---|---|---|
| author | Kirill Tkhai <ktkhai@virtuozzo.com> | Fri Jun 01 14:30:38 2018 +0300 |
| committer | David S. Miller <davem@davemloft.net> | Fri Jun 01 10:28:07 2018 -0400 |
| tree | 508a9eb07e8d0720ac07f5f36b534de880a15769 | |
| parent | 664088f8d68178809b848ca450f2797efb34e8e7 [diff] |
kcm: Fix use-after-free caused by clonned sockets (resend for properly queueing in patchwork) kcm_clone() creates kernel socket, which does not take net counter. Thus, the net may die before the socket is completely destructed, i.e. kcm_exit_net() is executed before kcm_done(). Reported-by: syzbot+5f1a04e374a635efc426@syzkaller.appspotmail.com Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com> Signed-off-by: David S. Miller <davem@davemloft.net>