[PATCH net 0/6] rxrpc: Syzbot-inspired fixes
From: David Howells
Date: Mon Oct 07 2019 - 06:15:39 EST
Here's a series of patches that fix a number of issues found by syzbot:
(1) A reference leak on rxrpc_call structs in a sendmsg error path.
(2) A tracepoint that looked in the rxrpc_peer record after putting it.
Analogous with this, though not presently detected, the same bug is
also fixed in relation to rxrpc_connection and rxrpc_call records.
(3) Peer records don't pin local endpoint records, despite accessing them.
(4) Access to connection crypto ops to clean up a call after the call's
ref on that connection has been put.
The patches are tagged here:
git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs.git
rxrpc-fixes-20191007
and can also be found on the following branch:
http://git.kernel.org/cgit/linux/kernel/git/dhowells/linux-fs.git/log/?h=rxrpc-fixes
David
---
David Howells (6):
rxrpc: Fix call ref leak
rxrpc: Fix trace-after-put looking at the put peer record
rxrpc: Fix trace-after-put looking at the put connection record
rxrpc: Fix trace-after-put looking at the put call record
rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record
rxrpc: Fix call crypto state cleanup
include/trace/events/rxrpc.h | 18 +++++++++---------
net/rxrpc/ar-internal.h | 1 +
net/rxrpc/call_accept.c | 5 +++--
net/rxrpc/call_object.c | 34 ++++++++++++++++++++--------------
net/rxrpc/conn_client.c | 9 +++++++--
net/rxrpc/conn_object.c | 13 +++++++------
net/rxrpc/conn_service.c | 2 +-
net/rxrpc/peer_object.c | 16 ++++++++++------
net/rxrpc/recvmsg.c | 6 +++---
net/rxrpc/sendmsg.c | 3 ++-
10 files changed, 63 insertions(+), 44 deletions(-)