Re: KASAN: use-after-free Read in __xfrm6_tunnel_spi_lookup

You can see on the dashboard (or in mailing list archives) that B K > Karthik tested a patch for this bug in July: > https://syzkaller.appspot.com/bug?extid=72ff2fa98097767b5a27 > > So perhaps that patch fixes it? Karthik, did you send it? Was it > merged? Did the commit include the

Re: [PATCH] net: tipc: fix general protection fault in tipc_conn_delete_sub

On Mon, Jul 27, 2020 at 6:53 PM Greg KH wrote: > > On Mon, Jul 27, 2020 at 06:40:57PM +0530, B K Karthik wrote: > > fix a general protection fault in tipc_conn_delete_sub > > by checking for the existance of con->server. > > prevent a null-ptr-deref by returning -EIN

[PATCH] net: tipc: fix general protection fault in tipc_conn_delete_sub

002080 CR3: 91b8e000 CR4: 001406e0 DR0: DR1: DR2: DR3: DR6: fffe0ff0 DR7: 0400 Reported-and-tested-by: syzbot+55a38037455d0351e...@syzkaller.appspotmail.com Signed-off-by: B K Karthik --- net

Re: [PATCH v2] net: ipv6: fix use-after-free Read in __xfrm6_tunnel_spi_lookup

On Mon, Jul 27, 2020 at 1:37 AM Cong Wang wrote: > > On Sat, Jul 25, 2020 at 11:12 PM B K Karthik wrote: > > > > On Sun, Jul 26, 2020 at 11:05 AM Cong Wang wrote: > > > > > > On Sat, Jul 25, 2020 at 8:09 PM B K Karthik > > > wr

Re: [PATCH v2] net: ipv6: fix use-after-free Read in __xfrm6_tunnel_spi_lookup

On Sun, Jul 26, 2020 at 11:05 AM Cong Wang wrote: > > On Sat, Jul 25, 2020 at 8:09 PM B K Karthik wrote: > > @@ -103,10 +103,10 @@ static int __xfrm6_tunnel_spi_check(struct net *net, > > u32 spi) > > { > > struct xfrm6_tunnel_net *xfrm

[PATCH v2] net: ipv6: fix use-after-free Read in __xfrm6_tunnel_spi_lookup

-by: syzbot+72ff2fa98097767b5...@syzkaller.appspotmail.com Reported-by: kernel test robot Signed-off-by: B K Karthik --- v1 -> v2: added cast in arguement from u32 to (const xfrm_address_t *) added Reported-by: kernel test robot removed Reported-by: syzbot+72ff2fa9809

[PATCH] net: xfrm: xfrm_policy.c: remove some unnecessary cases in decode_session6

remove some unnecessary cases in decode_session6 Signed-off-by: B K Karthik --- net/xfrm/xfrm_policy.c | 4 1 file changed, 4 deletions(-) diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 19c5e0fa3f44..e1c988a89382 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm

[PATCH] net: ipv6: fix slab-out-of-bounds Read in __xfrm6_tunnel_spi_check

fc fc fc fc fc fc 8880a93a5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc == Reported-by: syzbot+7da3fdf292816554b...@syzkaller.appspotmail.com Signed-off-by: B K Karthik --- net/ipv6/xfrm6_tunnel.c | 4 ++-- 1 file changed

[PATCH] net: ipv6: fix slab-out-of-bounda Read in xfrm6_tunnel_alloc_spi

com Signed-off-by: B K Karthik --- net/ipv6/xfrm6_tunnel.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/net/ipv6/xfrm6_tunnel.c b/net/ipv6/xfrm6_tunnel.c index 25b7ebda2fab..2d049244be81 100644 --- a/net/ipv6/xfrm6_tunnel.c +++ b/net/ipv6/xfrm6_tunnel.c @@ -121,8 +12

[PATCH] qlge.h: Adding the missing blank line after declarations

Signed-off-by: B K Karthik --- drivers/staging/qlge/qlge.h | 1 + 1 file changed, 1 insertion(+) diff --git a/drivers/staging/qlge/qlge.h b/drivers/staging/qlge/qlge.h index fc8c5ca8935d..0b971a633001 100644 --- a/drivers/staging/qlge/qlge.h +++ b/drivers/staging/qlge/qlge.h @@ -2224,6 +2224,7