!15117 v3 net: Fix CVE-2024-56658 (9090c171) · Commits · EulixOS / Software / Kernel

include/net/net_namespace.h

+1 −1

Original line number	Diff line number	Diff line
		@@ -200,7 +200,7 @@ struct net {
		#else
		KABI_RESERVE(1)
		#endif
		KABI_RESERVE(2)
		KABI_USE(2, struct llist_node defer_free_list)
		KABI_RESERVE(3)
		KABI_RESERVE(4)
		} __randomize_layout;

+19 −1

Original line number	Diff line number	Diff line
		@@ -443,10 +443,26 @@ static struct net *net_alloc(void)
		goto out;
		}

		static LLIST_HEAD(defer_free_list);

		static void net_complete_free(void)
		{
		struct llist_node *kill_list;
		struct net net, next;

		/* Get the list of namespaces to free from last round. */
		kill_list = llist_del_all(&defer_free_list);

		llist_for_each_entry_safe(net, next, kill_list, defer_free_list)
		kmem_cache_free(net_cachep, net);

		}

		static void net_free(struct net *net)
		{
		kfree(rcu_access_pointer(net->gen));
		kmem_cache_free(net_cachep, net);
		/* Wait for an extra rcu_barrier() before final free. */
		llist_add(&net->defer_free_list, &defer_free_list);
		}

		void net_drop_ns(void *p)
		@@ -619,6 +635,8 @@ static void cleanup_net(struct work_struct *work)
		*/
		rcu_barrier();

		net_complete_free();

		/* Finally it is safe to free my network namespace structure */
		list_for_each_entry_safe(net, tmp, &net_exit_list, exit_list) {
		list_del_init(&net->exit_list);