smackfs: Fix use-after-free in netlbl_catmap_walk() - kernel

diff options

author	Pawan Gupta <[email protected]>	2021-08-29 06:41:40 +0000
committer	Casey Schaufler <[email protected]>	2021-09-15 23:42:25 +0000
commit	0817534ff9ea809fac1322c5c8c574be8483ea57 (patch)
tree	a76cf7ab4439063bbeb1620c50cf6a9c7ec5f1d5 /scripts/gcc-plugins/cyc_complexity_plugin.c
parent	Linux 5.15-rc1 (diff)
download	kernel-0817534ff9ea809fac1322c5c8c574be8483ea57.tar.gz kernel-0817534ff9ea809fac1322c5c8c574be8483ea57.zip

smackfs: Fix use-after-free in netlbl_catmap_walk()

Syzkaller reported use-after-free bug as described in [1]. The bug is triggered when smk_set_cipso() tries to free stale category bitmaps while there are concurrent reader(s) using the same bitmaps. Wait for RCU grace period to finish before freeing the category bitmaps in smk_set_cipso(). This makes sure that there are no more readers using the stale bitmaps and freeing them should be safe. [1] https://lore.kernel.org/netdev/[email protected]/ Reported-by: [email protected] Signed-off-by: Pawan Gupta <[email protected]> Signed-off-by: Casey Schaufler <[email protected]>

Diffstat (limited to 'scripts/gcc-plugins/cyc_complexity_plugin.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: