From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Miller <davem@davemloft.net>
Subject: Re: [PATCH net] kcm: Fix use-after-free caused by clonned sockets
Date: Fri, 01 Jun 2018 10:28:43 -0400 (EDT)
Message-ID: <20180601.102843.1873090277840412224.davem@davemloft.net>
References: <9f485659-6d6f-9047-b9ad-b0e4084be88d@virtuozzo.com>
        <c1d76abc-5d6f-bd0a-9c84-1c5ed8119e8f@virtuozzo.com>
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: ebiggers@google.com, linux-kernel@vger.kernel.org,
        netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com,
        tom@quantonium.net, viro@ZenIV.linux.org.uk, edumazet@google.com
To: ktkhai@virtuozzo.com
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <c1d76abc-5d6f-bd0a-9c84-1c5ed8119e8f@virtuozzo.com>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: netdev.vger.kernel.org

From: Kirill Tkhai <ktkhai@virtuozzo.com>
Date: Fri, 1 Jun 2018 14:30:38 +0300

> (resend for properly queueing in patchwork)
> 
> kcm_clone() creates kernel socket, which does not take net counter.
> Thus, the net may die before the socket is completely destructed,
> i.e. kcm_exit_net() is executed before kcm_done().
> 
> Reported-by: syzbot+5f1a04e374a635efc426@syzkaller.appspotmail.com
> Signed-off-by: Kirill Tkhai <ktkhai@virtuozzo.com>

Applied and queued up for -stable, thanks.