github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 15:42:19 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
8a533666d1
linux/net/core
History
Eric Dumazet 8a533666d1 net: fix NULL dereferences in check_peer_redir() 
[ Upstream commit d3aaeb38c4, along
  with dependent backports of commits:
     69cce1d140
     9de79c127c
     218fa90f07
     580da35a31
     f7e57044ee
     e049f28883 ]

Gergely Kalman reported crashes in check_peer_redir().

It appears commit f39925dbde (ipv4: Cache learned redirect
information in inetpeer.) added a race, leading to possible NULL ptr
dereference.

Since we can now change dst neighbour, we should make sure a reader can
safely use a neighbour.

Add RCU protection to dst neighbour, and make sure check_peer_redir()
can be called safely by different cpus in parallel.

As neighbours are already freed after one RCU grace period, this patch
should not add typical RCU penalty (cache cold effects)

Many thanks to Gergely for providing a pretty report pointing to the
bug.

Reported-by: Gergely Kalman <synapse@hippy.csoma.elte.hu>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2012-02-13 11:06:13 -08:00
..
datagram.c Fix a typo in datagram.c and sctp/socket.c. 2010-12-06 13:10:11 -08:00
dev_addr_lists.c net,rcu: convert call_rcu(ha_rcu_free) to kfree_rcu() 2011-05-07 22:50:52 -07:00
dev.c rtnetlink: Add missing manual netlink notification in dev_change_net_namespaces 2011-11-11 09:35:50 -08:00
drop_monitor.c net,rcu: convert call_rcu(free_dm_hw_stat) to kfree_rcu() 2011-05-07 22:50:59 -07:00
dst.c net: fix NULL dereferences in check_peer_redir() 2012-02-13 11:06:13 -08:00
ethtool.c ethtool: Allow zero-length register dumps again 2011-08-04 21:58:34 -07:00
fib_rules.c fib:fix BUG_ON in fib_nl_newrule when add new fib rule 2011-10-03 11:40:51 -07:00
filter.c bug.h: Move ratelimit warn interfaces to ratelimit.h 2011-05-26 15:00:31 -04:00
flow.c net: Handle different key sizes between address families in flow cache 2011-11-11 09:37:17 -08:00
gen_estimator.c net,rcu: convert call_rcu(__gen_kill_estimator) to kfree_rcu() 2011-05-07 22:50:57 -07:00
gen_stats.c net/core: EXPORT_SYMBOL cleanups 2010-07-12 12:57:55 -07:00
iovec.c net: Limit socket I/O iovec total length to INT_MAX. 2010-10-28 11:47:52 -07:00
kmap_skb.h [PATCH] severing skbuff.h -> highmem.h 2006-12-04 02:00:29 -05:00
link_watch.c net: allow netif_carrier to be called safely from IRQ 2011-08-15 18:31:39 -07:00
Makefile net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-15 18:31:35 -07:00
neighbour.c net: fix NULL dereferences in check_peer_redir() 2012-02-13 11:06:13 -08:00
net_namespace.c netns: fix net_alloc_generic() 2012-02-03 09:19:03 -08:00
net-sysfs.c Delay struct net freeing while there's a sysfs instance refering to it 2011-06-12 17:45:41 -04:00
net-sysfs.h xps: Add CONFIG_XPS 2010-11-28 18:24:14 -08:00
net-traces.c netdev: Add tracepoints to netdev layer 2010-09-07 17:51:33 +02:00
netevent.c net/core: EXPORT_SYMBOL cleanups 2010-07-12 12:57:55 -07:00
netpoll.c netpoll: call dev_put() on error in netpoll_setup() 2011-06-11 18:55:22 -07:00
pktgen.c net: add IFF_SKB_TX_SHARED flag to priv_flags 2011-08-15 18:31:38 -07:00
request_sock.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-08 13:47:38 -08:00
rtnetlink.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/linux-2.6-nsfd 2011-05-25 18:10:16 -07:00
scm.c scm: Capture the full credentials of the scm sender 2011-10-03 11:40:54 -07:00
secure_seq.c net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-15 18:31:35 -07:00
skbuff.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2011-05-20 13:43:21 -07:00
sock.c net: Unlock sock before calling sk_free() 2011-11-11 09:36:50 -08:00
stream.c net: Fix the condition passed to sk_wait_event() 2010-10-03 20:41:32 -07:00
sysctl_net_core.c net: Kill ratelimit.h dependency in linux/net.h 2011-05-27 13:41:33 -04:00
timestamping.c net: hold sock reference while processing tx timestamps 2011-11-11 09:35:52 -08:00
user_dma.c net/core/user_dma.c: Use frag list abstraction interfaces. 2009-06-09 00:19:10 -07:00
utils.c net: Kill ratelimit.h dependency in linux/net.h 2011-05-27 13:41:33 -04:00