rtime.felk.cvut.cz Git - hercules2020/nv-tegra/linux-4.4.git/commit

author	Eric Dumazet <edumazet@google.com>
	Tue, 9 May 2017 13:29:19 +0000 (06:29 -0700)
committer	mobile promotions <svcmobile_promotions@nvidia.com>
	Tue, 26 Sep 2017 07:52:59 +0000 (00:52 -0700)
commit	c11227117be9c888b7ef359d82e96b5c303ec205
tree	d66eff6ebd20e21136d69bf362cd1ba3abf8ef00	tree \| snapshot
parent	0894f2f7783e83cf0cc1bd7b8286cf1dc1ab61b7	commit \| diff

dccp/tcp: do not inherit mc_list from parent

syzkaller found a way to trigger double frees from ip_mc_drop_socket()

It turns out that leave a copy of parent mc_list at accept() time,
which is very bad.

Very similar to commit 8b485ce69876 ("tcp: do not inherit
fastopen_req from parent")

Initial report from Pray3r, completed by Andrey one.
Thanks a lot to them !

Bug 1971958

Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Pray3r <pray3r.z@gmail.com>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Tested-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Change-Id: I49a3d7de687451ead042783517f944fb3c6e5c6e
Reviewed-on: https://git-master.nvidia.com/r/1560672
GVS: Gerrit_Virtual_Submit
Reviewed-by: Hayden Du <haydend@nvidia.com>
Tested-by: Hayden Du <haydend@nvidia.com>
Reviewed-by: James Huang <jamehuang@nvidia.com>
Tested-by: James Huang <jamehuang@nvidia.com>