openkylin
/
linux
mirror of https://gitee.com/openkylin/linux.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity
linux/net
History
Jonathan Lemon 9c69a13205 route: Avoid crash from dereferencing NULL rt->from 
When __ip6_rt_update_pmtu() is called, rt->from is RCU dereferenced, but is
never checked for null - rt6_flush_exceptions() may have removed the entry.

[ 1913.989004] RIP: 0010:ip6_rt_cache_alloc+0x13/0x170
[ 1914.209410] Call Trace:
[ 1914.214798]  <IRQ>
[ 1914.219226]  __ip6_rt_update_pmtu+0xb0/0x190
[ 1914.228649]  ip6_tnl_xmit+0x2c2/0x970 [ip6_tunnel]
[ 1914.239223]  ? ip6_tnl_parse_tlv_enc_lim+0x32/0x1a0 [ip6_tunnel]
[ 1914.252489]  ? __gre6_xmit+0x148/0x530 [ip6_gre]
[ 1914.262678]  ip6gre_tunnel_xmit+0x17e/0x3c7 [ip6_gre]
[ 1914.273831]  dev_hard_start_xmit+0x8d/0x1f0
[ 1914.283061]  sch_direct_xmit+0xfa/0x230
[ 1914.291521]  __qdisc_run+0x154/0x4b0
[ 1914.299407]  net_tx_action+0x10e/0x1f0
[ 1914.307678]  __do_softirq+0xca/0x297
[ 1914.315567]  irq_exit+0x96/0xa0
[ 1914.322494]  smp_apic_timer_interrupt+0x68/0x130
[ 1914.332683]  apic_timer_interrupt+0xf/0x20
[ 1914.341721]  </IRQ>

Fixes: a68886a691 ("net/ipv6: Make from in rt6_info rcu protected")
Signed-off-by: Jonathan Lemon <jonathan.lemon@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Reviewed-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2019-04-15 13:31:59 -07:00
..
6lowpan 6lowpan: fix debugfs_simple_attr.cocci warnings 2019-01-22 09:51:19 +01:00
9p 9p/net: fix memory leak in p9_client_create 2019-03-13 11:50:04 +01:00
802
8021q vlan: conditional inclusion of FCoE hooks to match netdevice.h and bnx2x 2019-04-04 17:18:34 -07:00
appletalk appletalk: Fix potential NULL pointer dereference in unregister_snap_client 2019-03-15 11:25:48 -07:00
atm net: atm: Add another IS_ENABLED(CONFIG_COMPAT) in atm_dev_ioctl 2019-03-07 10:14:50 -08:00
ax25 ax25: fix possible use-after-free 2019-01-23 11:18:00 -08:00
batman-adv batman-adv: Fix genl notification for throughput_override 2019-03-25 09:31:19 +01:00
bluetooth Bluetooth: Check address length before reading address field 2019-04-12 10:25:03 -07:00
bpf bpf: fix warning about using plain integer as NULL 2019-03-08 21:17:07 +01:00
bpfilter bpfilter: re-add header search paths to tools include to fix build error 2019-02-23 13:34:40 -08:00
bridge net: bridge: multicast: use rcu to access port list from br_multicast_start_querier 2019-04-11 11:13:51 -07:00
caif net: caif: use skb helpers instead of open-coding them 2019-02-17 11:01:17 -08:00
can can: bcm: check timer values before ktime conversion 2019-01-22 11:33:46 +01:00
ceph libceph: fix breakage caused by multipage bvecs 2019-03-25 22:28:07 +01:00
core Revert "net-sysfs: Fix memory leak in netdev_register_kobject" 2019-04-15 13:10:27 -07:00
dcb
dccp dccp: Fix memleak in __feat_register_sp 2019-04-01 18:15:10 -07:00
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-01-29 21:18:54 -08:00
dns_resolver dns: Allow the dns resolver to retrieve a server set 2018-10-04 09:40:52 -07:00
dsa net: dsa: Implement flow_dissect callback for tag_qca 2019-03-28 16:57:19 -07:00
ethernet net/ethernet: Add parse_protocol header_ops support 2019-02-22 12:55:31 -08:00
hsr net/hsr: fix possible crash in add_timer() 2019-03-07 11:02:08 -08:00
ieee802154 net: remove unused struct inet_frag_queue.fragments field 2019-02-26 08:27:05 -08:00
ife
ipv4 ipv4: ensure rcu_read_lock() in ipv4_link_failure() 2019-04-14 13:43:17 -07:00
ipv6 route: Avoid crash from dereferencing NULL rt->from 2019-04-15 13:31:59 -07:00
iucv iucv: Remove SKB list assumptions. 2018-11-10 16:55:11 -08:00
kcm kcm: switch order of device registration to fix a crash 2019-04-01 14:59:20 -07:00
key af_key: unconditionally clone on broadcast 2019-02-12 10:36:42 +01:00
l2tp l2tp: fix infoleak in l2tp_ip6_recvmsg() 2019-03-13 14:19:35 -07:00
l3mdev l3mdev: add function to retreive upper master 2018-12-03 14:15:26 -08:00
lapb
llc llc: Check address length before reading address field 2019-04-12 10:25:03 -07:00
mac80211 mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP VLAN mode 2019-04-09 13:40:32 +02:00
mac802154
mpls mpls: Fix 6PE forwarding 2019-03-19 16:00:22 -07:00
ncsi net: ncsi: fix a missing check for nla_nest_start 2019-03-16 11:44:33 -07:00
netfilter netfilter: nf_tables: add missing ->release_ops() in error path of newrule() 2019-03-20 08:32:58 +01:00
netlabel netlabel: fix out-of-bounds memory accesses 2019-02-27 21:45:24 -08:00
netlink net: netlink: Check address length before reading groups field 2019-04-12 10:25:03 -07:00
netrom net: netrom: Fix error cleanup path of nr_proto_init 2019-04-11 13:59:49 -07:00
nfc NFC: nci: Add some bounds checking in nci_hci_cmd_received() 2019-04-06 15:05:07 -07:00
nsh
openvswitch openvswitch: fix flow actions reallocation 2019-03-28 17:15:44 -07:00
packet net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec 2019-03-20 10:46:50 -07:00
phonet phonet: fix building with clang 2019-02-21 16:23:56 -08:00
psample
qrtr mm: replace all open encodings for NUMA_NO_NODE 2019-03-05 21:07:14 -08:00
rds net/rds: Check address length before reading address family 2019-04-12 10:25:03 -07:00
rfkill rfkill: gpio: Remove unused include 2018-12-18 13:13:56 +01:00
rose net: rose: fix a possible stack overflow 2019-03-18 16:53:22 -07:00
rxrpc rxrpc: Fix detection of out of order acks 2019-04-12 16:57:23 -07:00
sched sch_cake: Make sure we can write the IP header before changing DSCP bits 2019-04-04 10:55:59 -07:00
sctp sctp: Check address length before reading address family 2019-04-12 10:25:03 -07:00
smc net/smc: move unhash before release of clcsock 2019-04-11 11:04:08 -07:00
strparser net: strparser: partially revert "strparser: Call skb_unclone conditionally" 2019-04-10 13:07:02 -07:00
sunrpc SUNRPC: fix uninitialized variable warning 2019-03-26 13:04:32 -07:00
switchdev switchdev: Remove unused transaction item queue 2019-03-01 21:35:19 -08:00
tipc tipc: missing entries in name table of publications 2019-04-10 22:58:09 -07:00
tls net/tls: fix build without CONFIG_TLS_DEVICE 2019-04-10 17:23:26 -07:00
unix io_uring-2019-03-06 2019-03-08 14:48:40 -08:00
vmw_vsock vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock 2019-03-08 15:15:44 -08:00
wimax
wireless nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands 2019-03-29 11:23:09 +01:00
x25 net/x25: reset state in x25_connect() 2019-03-11 15:40:14 -07:00
xdp xsk: fix umem memory leak on cleanup 2019-03-16 01:27:51 +01:00
xfrm xfrm: Fix inbound traffic via XFRM interfaces across network namespaces 2019-02-18 10:58:54 +01:00
Kconfig net: devlink: turn devlink into a built-in 2019-02-26 08:49:05 -08:00
Makefile net: split out functions related to registering inflight socket files 2019-02-28 08:24:23 -07:00
compat.c Merge branch 'timers-2038-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-03-05 14:08:26 -08:00
socket.c net: add documentation to socket.c 2019-03-15 15:29:47 -07:00
sysctl_net.c