Re: [PATCH net] kcm: Fix use-after-free caused by clonned sockets
From: David Miller
Date: Fri Jun 01 2018 - 10:28:53 EST
From: Kirill Tkhai <ktkhai@xxxxxxxxxxxxx>
Date: Fri, 1 Jun 2018 14:30:38 +0300
> (resend for properly queueing in patchwork)
>
> kcm_clone() creates kernel socket, which does not take net counter.
> Thus, the net may die before the socket is completely destructed,
> i.e. kcm_exit_net() is executed before kcm_done().
>
> Reported-by: syzbot+5f1a04e374a635efc426@xxxxxxxxxxxxxxxxxxxxxxxxx
> Signed-off-by: Kirill Tkhai <ktkhai@xxxxxxxxxxxxx>
Applied and queued up for -stable, thanks.