fcbdf09d96
Special care is taken inside sk_port_alloc to avoid overwriting skc_node/skc_nulls_node. We should also avoid overwriting skc_bind_node/skc_portaddr_node. The patch fixes the following crash: BUG: unable to handle kernel paging request at fffffffffffffff0 IP: [<ffffffff812ec6dd>] udp4_lib_lookup2+0xad/0x370 [<ffffffff812ecc22>] __udp4_lib_lookup+0x282/0x360 [<ffffffff812ed63e>] __udp4_lib_rcv+0x31e/0x700 [<ffffffff812bba45>] ? ip_local_deliver_finish+0x65/0x190 [<ffffffff812bbbf8>] ? ip_local_deliver+0x88/0xa0 [<ffffffff812eda35>] udp_rcv+0x15/0x20 [<ffffffff812bba45>] ip_local_deliver_finish+0x65/0x190 [<ffffffff812bbbf8>] ip_local_deliver+0x88/0xa0 [<ffffffff812bb2cd>] ip_rcv_finish+0x32d/0x6f0 [<ffffffff8128c14c>] ? netif_receive_skb+0x99c/0x11c0 [<ffffffff812bb94b>] ip_rcv+0x2bb/0x350 [<ffffffff8128c14c>] netif_receive_skb+0x99c/0x11c0 Signed-off-by: Leonard Crestez <lcrestez@ixiacom.com> Signed-off-by: Octavian Purdila <opurdila@ixiacom.com> Acked-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
132 lines
3.2 KiB
C
132 lines
3.2 KiB
C
/*
|
|
* UDPLITEv6 An implementation of the UDP-Lite protocol over IPv6.
|
|
* See also net/ipv4/udplite.c
|
|
*
|
|
* Authors: Gerrit Renker <gerrit@erg.abdn.ac.uk>
|
|
*
|
|
* Changes:
|
|
* Fixes:
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
#include "udp_impl.h"
|
|
|
|
static int udplitev6_rcv(struct sk_buff *skb)
|
|
{
|
|
return __udp6_lib_rcv(skb, &udplite_table, IPPROTO_UDPLITE);
|
|
}
|
|
|
|
static void udplitev6_err(struct sk_buff *skb,
|
|
struct inet6_skb_parm *opt,
|
|
u8 type, u8 code, int offset, __be32 info)
|
|
{
|
|
__udp6_lib_err(skb, opt, type, code, offset, info, &udplite_table);
|
|
}
|
|
|
|
static const struct inet6_protocol udplitev6_protocol = {
|
|
.handler = udplitev6_rcv,
|
|
.err_handler = udplitev6_err,
|
|
.flags = INET6_PROTO_NOPOLICY|INET6_PROTO_FINAL,
|
|
};
|
|
|
|
struct proto udplitev6_prot = {
|
|
.name = "UDPLITEv6",
|
|
.owner = THIS_MODULE,
|
|
.close = udp_lib_close,
|
|
.connect = ip6_datagram_connect,
|
|
.disconnect = udp_disconnect,
|
|
.ioctl = udp_ioctl,
|
|
.init = udplite_sk_init,
|
|
.destroy = udpv6_destroy_sock,
|
|
.setsockopt = udpv6_setsockopt,
|
|
.getsockopt = udpv6_getsockopt,
|
|
.sendmsg = udpv6_sendmsg,
|
|
.recvmsg = udpv6_recvmsg,
|
|
.backlog_rcv = udpv6_queue_rcv_skb,
|
|
.hash = udp_lib_hash,
|
|
.unhash = udp_lib_unhash,
|
|
.get_port = udp_v6_get_port,
|
|
.obj_size = sizeof(struct udp6_sock),
|
|
.slab_flags = SLAB_DESTROY_BY_RCU,
|
|
.h.udp_table = &udplite_table,
|
|
#ifdef CONFIG_COMPAT
|
|
.compat_setsockopt = compat_udpv6_setsockopt,
|
|
.compat_getsockopt = compat_udpv6_getsockopt,
|
|
#endif
|
|
.clear_sk = sk_prot_clear_portaddr_nulls,
|
|
};
|
|
|
|
static struct inet_protosw udplite6_protosw = {
|
|
.type = SOCK_DGRAM,
|
|
.protocol = IPPROTO_UDPLITE,
|
|
.prot = &udplitev6_prot,
|
|
.ops = &inet6_dgram_ops,
|
|
.no_check = 0,
|
|
.flags = INET_PROTOSW_PERMANENT,
|
|
};
|
|
|
|
int __init udplitev6_init(void)
|
|
{
|
|
int ret;
|
|
|
|
ret = inet6_add_protocol(&udplitev6_protocol, IPPROTO_UDPLITE);
|
|
if (ret)
|
|
goto out;
|
|
|
|
ret = inet6_register_protosw(&udplite6_protosw);
|
|
if (ret)
|
|
goto out_udplitev6_protocol;
|
|
out:
|
|
return ret;
|
|
|
|
out_udplitev6_protocol:
|
|
inet6_del_protocol(&udplitev6_protocol, IPPROTO_UDPLITE);
|
|
goto out;
|
|
}
|
|
|
|
void udplitev6_exit(void)
|
|
{
|
|
inet6_unregister_protosw(&udplite6_protosw);
|
|
inet6_del_protocol(&udplitev6_protocol, IPPROTO_UDPLITE);
|
|
}
|
|
|
|
#ifdef CONFIG_PROC_FS
|
|
static struct udp_seq_afinfo udplite6_seq_afinfo = {
|
|
.name = "udplite6",
|
|
.family = AF_INET6,
|
|
.udp_table = &udplite_table,
|
|
.seq_fops = {
|
|
.owner = THIS_MODULE,
|
|
},
|
|
.seq_ops = {
|
|
.show = udp6_seq_show,
|
|
},
|
|
};
|
|
|
|
static int __net_init udplite6_proc_init_net(struct net *net)
|
|
{
|
|
return udp_proc_register(net, &udplite6_seq_afinfo);
|
|
}
|
|
|
|
static void __net_exit udplite6_proc_exit_net(struct net *net)
|
|
{
|
|
udp_proc_unregister(net, &udplite6_seq_afinfo);
|
|
}
|
|
|
|
static struct pernet_operations udplite6_net_ops = {
|
|
.init = udplite6_proc_init_net,
|
|
.exit = udplite6_proc_exit_net,
|
|
};
|
|
|
|
int __init udplite6_proc_init(void)
|
|
{
|
|
return register_pernet_subsys(&udplite6_net_ops);
|
|
}
|
|
|
|
void udplite6_proc_exit(void)
|
|
{
|
|
unregister_pernet_subsys(&udplite6_net_ops);
|
|
}
|
|
#endif
|