linux_old1/net/ipv6
Eric Dumazet 1dc7b90f7c ipv6: tcp: fix race in IPV6_2292PKTOPTIONS
IPv6 TCP sockets store in np->pktoptions skbs, and use skb_set_owner_r()
to charge the skb to socket.

It means that destructor must be called while socket is locked.

Therefore, we cannot use skb_get() or atomic_inc(&skb->users)
to protect ourselves : kfree_skb() might race with other users
manipulating sk->sk_forward_alloc

Fix this race by holding socket lock for the duration of
ip6_datagram_recv_ctl()

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-26 00:44:08 -08:00
..
netfilter netfilter: nf_tables: fix port natting in little endian archs 2014-12-23 15:34:28 +01:00
Kconfig ip6_vti: Fix build when NET_IP_TUNNEL is not set. 2014-02-20 14:29:49 +01:00
Makefile udp_tunnel: Only build ip6_udp_tunnel.c when IPV6 is selected 2014-09-19 22:05:28 -04:00
addrconf.c net: ipv6: Add sysctl entry to disable MTU updates from RA 2015-01-25 14:54:41 -08:00
addrconf_core.c ipv6: remove rt6i_genid 2014-09-30 14:00:48 -04:00
addrlabel.c netlink: make nlmsg_end() and genlmsg_end() void 2015-01-18 01:03:45 -05:00
af_inet6.c ipv6: make fib6 serial number per namespace 2014-10-07 00:02:30 -04:00
ah6.c ipv6: coding style improvements (remove assignment in if statements) 2014-11-23 21:00:56 -05:00
anycast.c ipv6: remove aca_lock spinlock from struct ifacaddr6 2014-10-14 13:15:15 -04:00
datagram.c net: introduce helper macro for_each_cmsghdr 2014-12-10 22:41:55 -05:00
esp6.c ipv6: coding style improvements (remove assignment in if statements) 2014-11-23 21:00:56 -05:00
exthdrs.c net: Convert LIMIT_NETDEBUG to net_dbg_ratelimited 2014-11-11 14:10:31 -05:00
exthdrs_core.c ipv6: ipv6_find_hdr restore prev functionality 2014-02-27 18:27:26 -05:00
exthdrs_offload.c ipv6: Fix exthdrs offload registration. 2014-03-06 16:35:55 -05:00
fib6_rules.c ipv6: move IPV6_TCLASS_SHIFT into ipv6.h and define a helper 2014-01-15 15:53:18 -08:00
icmp.c ipv6:icmp:remove unnecessary brackets 2015-01-14 16:35:49 -05:00
inet6_connection_sock.c ipv6: White-space cleansing : gaps between function and symbol export 2014-08-24 22:37:52 -07:00
inet6_hashtables.c ipv6: White-space cleansing : gaps between function and symbol export 2014-08-24 22:37:52 -07:00
ip6_checksum.c udp: Generic functions to set checksum 2014-06-04 22:46:38 -07:00
ip6_fib.c netlink: make nlmsg_end() and genlmsg_end() void 2015-01-18 01:03:45 -05:00
ip6_flowlabel.c ipv6: coding style improvements (remove assignment in if statements) 2014-11-23 21:00:56 -05:00
ip6_gre.c ip6gretap: advertise link netns via netlink 2015-01-23 17:51:14 -08:00
ip6_icmp.c ipv6: White-space cleansing : Line Layouts 2014-08-24 22:37:52 -07:00
ip6_input.c ipv6: coding style improvements (remove assignment in if statements) 2014-11-23 21:00:56 -05:00
ip6_offload.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-11-29 20:47:48 -08:00
ip6_offload.h
ip6_output.c ipv6: coding style improvements (remove assignment in if statements) 2014-11-23 21:00:56 -05:00
ip6_tunnel.c tunnels: advertise link netns via netlink 2015-01-19 14:32:03 -05:00
ip6_udp_tunnel.c udp: Do not require sock in udp_tunnel_xmit_skb 2015-01-24 23:15:40 -08:00
ip6_vti.c tunnels: advertise link netns via netlink 2015-01-19 14:32:03 -05:00
ip6mr.c netlink: make nlmsg_end() and genlmsg_end() void 2015-01-18 01:03:45 -05:00
ipcomp6.c ipv6: White-space cleansing : Structure layouts 2014-08-24 22:37:52 -07:00
ipv6_sockglue.c ipv6: tcp: fix race in IPV6_2292PKTOPTIONS 2015-01-26 00:44:08 -08:00
mcast.c ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs 2014-11-16 16:55:06 -05:00
mip6.c net: Convert LIMIT_NETDEBUG to net_dbg_ratelimited 2014-11-11 14:10:31 -05:00
ndisc.c net: ipv6: Add sysctl entry to disable MTU updates from RA 2015-01-25 14:54:41 -08:00
netfilter.c net: Convert LIMIT_NETDEBUG to net_dbg_ratelimited 2014-11-11 14:10:31 -05:00
output_core.c drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets 2014-10-30 20:01:18 -04:00
ping.c put iov_iter into msghdr 2014-12-09 16:29:03 -05:00
proc.c udp: Increment UDP_MIB_IGNOREDMULTI for arriving unmatched multicasts 2014-11-07 15:45:50 -05:00
protocol.c net: Export inet_offloads and inet6_offloads 2014-09-19 17:15:31 -04:00
raw.c put iov_iter into msghdr 2014-12-09 16:29:03 -05:00
reassembly.c ipv6: coding style improvements (remove assignment in if statements) 2014-11-23 21:00:56 -05:00
route.c netlink: make nlmsg_end() and genlmsg_end() void 2015-01-18 01:03:45 -05:00
sit.c tunnels: advertise link netns via netlink 2015-01-19 14:32:03 -05:00
syncookies.c net: allow setting ecn via routing table 2014-11-04 16:06:09 -05:00
sysctl_net_ipv6.c ipv6: add sysctl_mld_qrv to configure query robustness variable 2014-09-04 22:26:14 -07:00
tcp_ipv6.c net: tcp: add per route congestion control 2015-01-05 22:55:24 -05:00
tcpv6_offload.c net: Remove gso_send_check as an offload callback 2014-09-26 00:22:47 -04:00
tunnel6.c ipv6: White-space cleansing : gaps between function and symbol export 2014-08-24 22:37:52 -07:00
udp.c ip: Move checksum convert defines to inet 2015-01-05 22:44:46 -05:00
udp_impl.h net: ipv4/ipv6: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
udp_offload.c net: Remove MPLS GSO feature. 2014-11-05 23:52:33 -08:00
udplite.c net: Eliminate no_check from protosw 2014-05-23 16:28:53 -04:00
xfrm6_input.c ipv6: White-space cleansing : gaps between function and symbol export 2014-08-24 22:37:52 -07:00
xfrm6_mode_beet.c
xfrm6_mode_ro.c ipv4/ipv6: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c xfrm6: Remove xfrm_tunnel_notifier 2014-03-14 07:28:08 +01:00
xfrm6_output.c ipv6: White-space cleansing : gaps between function and symbol export 2014-08-24 22:37:52 -07:00
xfrm6_policy.c xfrm6: fix a potential use after free in xfrm6_policy.c 2014-10-22 15:38:48 -04:00
xfrm6_protocol.c xfrm6: Properly handle unsupported protocols 2014-05-06 07:08:38 +02:00
xfrm6_state.c ipv6: White-space cleansing : Line Layouts 2014-08-24 22:37:52 -07:00
xfrm6_tunnel.c ipv6: White-space cleansing : gaps between function and symbol export 2014-08-24 22:37:52 -07:00