forge/linux-uconsole
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
linux-uconsole/net
History
Eric Dumazet 8a533666d1 net: fix NULL dereferences in check_peer_redir() 
[ Upstream commit d3aaeb38c4, along
  with dependent backports of commits:
     69cce1d140
     9de79c127c
     218fa90f07
     580da35a31
     f7e57044ee
     e049f28883 ]

Gergely Kalman reported crashes in check_peer_redir().

It appears commit f39925dbde (ipv4: Cache learned redirect
information in inetpeer.) added a race, leading to possible NULL ptr
dereference.

Since we can now change dst neighbour, we should make sure a reader can
safely use a neighbour.

Add RCU protection to dst neighbour, and make sure check_peer_redir()
can be called safely by different cpus in parallel.

As neighbours are already freed after one RCU grace period, this patch
should not add typical RCU penalty (cache cold effects)

Many thanks to Gergely for providing a pretty report pointing to the
bug.

Reported-by: Gergely Kalman <synapse@hippy.csoma.elte.hu>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-02-13 11:06:13 -08:00
..
9p net/9p: Fix kernel crash with msize 512K 2011-10-03 11:40:22 -07:00
802 snap: remove one synchronize_net() 2011-05-23 16:29:24 -04:00
8021q vlan: reset headers on accel emulation path 2011-10-03 11:40:55 -07:00
appletalk appletalk: Fix OOPS in atalk_release(). 2011-03-31 18:59:10 -07:00
atm net: fix NULL dereferences in check_peer_redir() 2012-02-13 11:06:13 -08:00
ax25 ax25: Fix set-but-unused variable. 2011-04-17 00:48:31 -07:00
batman-adv Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-05-20 13:43:21 -07:00
bluetooth Bluetooth: Fix timeout on scanning for the second time 2011-10-03 11:41:01 -07:00
bridge net: fix NULL dereferences in check_peer_redir() 2012-02-13 11:06:13 -08:00
caif net caif: Register properly as a pernet subsystem. 2012-02-03 09:19:03 -08:00
can can bcm: fix incomplete tx_setup fix 2011-11-11 09:36:45 -08:00
ceph ceph: fix file mode calculation 2011-07-19 11:25:04 -07:00
core net: fix NULL dereferences in check_peer_redir() 2012-02-13 11:06:13 -08:00
dcb net: dcbnl: Update copyright dates 2011-03-14 17:02:42 -07:00
dccp net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-15 18:31:35 -07:00
decnet net: fix NULL dereferences in check_peer_redir() 2012-02-13 11:06:13 -08:00
dns_resolver KEYS: Improve /proc/keys 2011-03-17 11:59:32 +11:00
dsa Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-05-05 14:59:02 -07:00
econet econet: Fix set-but-unused variable. 2011-04-17 00:15:22 -07:00
ethernet net: add IFF_SKB_TX_SHARED flag to priv_flags 2011-08-15 18:31:38 -07:00
ieee802154 ieee802154: Don't leak memory in ieee802154_nl_fill_phy 2011-06-13 18:03:22 -04:00
ipv4 net: fix NULL dereferences in check_peer_redir() 2012-02-13 11:06:13 -08:00
ipv6 net: fix NULL dereferences in check_peer_redir() 2012-02-13 11:06:13 -08:00
ipx ipx: fix ipx_release() 2011-03-21 18:16:39 -07:00
irda irda: iriap: Use seperate lockdep class for irias_objects->hb_spinlock 2011-06-06 17:00:35 -07:00
iucv [S390] irq: merge irq.c and s390_ext.c 2011-05-26 09:48:24 +02:00
key net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
l2tp l2tp: l2tp_ip - fix possible oops on packet receive 2012-02-03 09:19:04 -08:00
lapb
llc llc: llc_cmsg_rcv was getting called after sk_eat_skb. 2012-01-06 14:14:06 -08:00
mac80211 mac80211: fix rx->key NULL pointer dereference in promiscuous mode 2012-01-25 17:24:43 -08:00
netfilter IPVS: Free resources on module removal 2011-08-15 18:31:37 -07:00
netlabel Remove prefetch() from <linux/skbuff.h> and "netlabel_addrlist.h" 2011-05-22 21:43:41 -07:00
netlink net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
netrom NET: AX.25, NETROM, ROSE: Remove SOCK_DEBUG calls 2011-04-14 00:20:07 -07:00
packet make PACKET_STATISTICS getsockopt report consistently between ring and non-ring 2011-11-11 09:36:29 -08:00
phonet net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
rds rds: Make rds_sock_lock BH rather than IRQ safe. 2012-02-03 09:19:04 -08:00
rfkill net: rfkill: add generic gpio rfkill driver 2011-05-19 13:53:54 -04:00
rose NET: AX.25, NETROM, ROSE: Remove SOCK_DEBUG calls 2011-04-14 00:20:07 -07:00
rxrpc rxrpc: Fix set but unused variable 'usage' in rxrpc_get_transport() 2011-05-19 18:51:50 -04:00
sched net: fix NULL dereferences in check_peer_redir() 2012-02-13 11:06:13 -08:00
sctp sctp: Do not account for sizeof(struct sk_buff) in estimated rwnd 2012-01-06 14:14:09 -08:00
sunrpc svcrpc: avoid memory-corruption on pool shutdown 2012-01-25 17:24:48 -08:00
tipc tipc: Revise timings used when sending link request messages 2011-05-10 16:04:02 -04:00
unix net: convert %p usage to %pK 2011-05-24 01:13:12 -04:00
wanrouter Fix common misspellings 2011-03-31 11:26:23 -03:00
wimax
wireless cfg80211: amend regulatory NULL dereference fix 2011-12-09 08:52:45 -08:00
x25 x25: Prevent skb overreads when checking call user data 2011-10-25 07:10:17 +02:00
xfrm net: fix NULL dereferences in check_peer_redir() 2012-02-13 11:06:13 -08:00
compat.c net: Add sendmmsg socket system call 2011-05-05 11:10:14 -07:00
Kconfig bpf: depends on MODULES 2011-04-29 10:20:53 -07:00
Makefile net: Enter net/ipv6/ even if CONFIG_IPV6=n 2011-03-07 12:50:52 -08:00
nonet.c
socket.c sendmmsg/sendmsg: fix unsafe user pointer access 2011-10-03 11:39:54 -07:00
sysctl_net.c
TUNABLE