diff options
| author | Tejaswi Tanikella <tejaswit@codeaurora.org> | 2018-06-12 10:09:53 +0530 |
|---|---|---|
| committer | Tejaswi Tanikella <tejaswit@codeaurora.org> | 2018-07-11 14:46:19 +0530 |
| commit | 074c25bf9fd80e13e23217d906580e1bc7d5a2ef (patch) | |
| tree | e695eb2afb9dda92c8d5c90397afc625ee69c461 /tools/perf/scripts/python/check-perf-trace.py | |
| parent | 31c5d9be72dd62cb0cf929017d4b73f3a983d68f (diff) | |
net: core: null pointer derefernce in sockev_client_cb
sockev_client_cb creates a netlink message and populates
the nlmsg_data using the socket->sock information.
If socket is closed, while the nlmsg_data is being
populated, a null pointer dereference occurs.
BUG: KASAN: null-ptr-deref in sockev_client_cb+0x1e4/0x310 net/core/sockev_nlmcast.c:98
Read of size 2 at addr 0000000000000010 by task syz-executor/9398
CPU: 6 PID: 9398 Comm: syz-executor Tainted: G W O 4.9.92+ #1
Call trace:
[<ffffff94e2bebec4>] sockev_client_cb+0x1e4/0x310 net/core/sockev_nlmcast.c:98
[<ffffff94e14fb20c>] notifier_call_chain+0x94/0xe0 kernel/notifier.c:93
[<ffffff94e14fb894>] __blocking_notifier_call_chain+0x6c/0xb8 kernel/notifier.c:317
[<ffffff94e14fb920>] blocking_notifier_call_chain+0x40/0x50 kernel/notifier.c:328
[<ffffff94e2b727f8>] sockev_notify net/socket.c:180 [inline]
[<ffffff94e2b727f8>] SYSC_listen net/socket.c:1446 [inline]
[<ffffff94e2b727f8>] SyS_listen+0x1e0/0x1f8 net/socket.c:1428
[<ffffff94e1483f70>] el0_svc_naked+0x24/0x28
CR's Fixed: 2251042
Change-Id: Iad9eb58cd05fcdc0b5cc1ed24de56b69abb532b4
Signed-off-by: Sharath Chandra Vurukala <sharathv@codeaurora.org>
Signed-off-by: Tejaswi Tanikella <tejaswit@codeaurora.org>
Diffstat (limited to 'tools/perf/scripts/python/check-perf-trace.py')
0 files changed, 0 insertions, 0 deletions