subject:"\[PATCH net\-next\] pptp\: remove a buggy dst release in pptp_connect\(\)"

Re: [PATCH net-next] pptp: remove a buggy dst release in pptp_connect()

2018-04-05 Thread Sasha Levin

Hi. [This is an automated email] This commit has been processed by the -stable helper bot and determined to be a high probability candidate for -stable trees. (score: 30.1120) The bot has tested the following trees: v4.15.15, v4.14.32, v4.9.92, v4.4.126, v4.15.15: Build OK! v4.14.32: Build

Re: [PATCH net-next] pptp: remove a buggy dst release in pptp_connect()

2018-04-04 Thread David Miller

From: Eric Dumazet Date: Mon, 2 Apr 2018 18:48:37 -0700 > Once dst has been cached in socket via sk_setup_caps(), > it is illegal to call ip_rt_put() (or dst_release()), > since sk_setup_caps() did not change dst refcount. > > We can still dereference it since we hold

[PATCH net-next] pptp: remove a buggy dst release in pptp_connect()

2018-04-02 Thread Eric Dumazet

Once dst has been cached in socket via sk_setup_caps(), it is illegal to call ip_rt_put() (or dst_release()), since sk_setup_caps() did not change dst refcount. We can still dereference it since we hold socket lock. Caugth by syzbot : BUG: KASAN: use-after-free in atomic_dec_return