github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-10 15:42:19 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
ed032fd4d8
linux/net/ipv6
History
Eric Dumazet 1d0dd1db15 net: drop dst before queueing fragments 
[ Upstream commit 97599dc792 ]

Commit 4a94445c9a (net: Use ip_route_input_noref() in input path)
added a bug in IP defragmentation handling, as non refcounted
dst could escape an RCU protected section.

Commit 64f3b9e203 (net: ip_expire() must revalidate route) fixed
the case of timeouts, but not the general problem.

Tom Parkin noticed crashes in UDP stack and provided a patch,
but further analysis permitted us to pinpoint the root cause.

Before queueing a packet into a frag list, we must drop its dst,
as this dst has limited lifetime (RCU protected)

When/if a packet is finally reassembled, we use the dst of the very
last skb, still protected by RCU and valid, as the dst of the
reassembled packet.

Use same logic in IPv6, as there is no need to hold dst references.

Reported-by: Tom Parkin <tparkin@katalix.com>
Tested-by: Tom Parkin <tparkin@katalix.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-05-01 09:41:20 -07:00
..
netfilter inet: limit length of fragment queue hash table bucket lists 2013-03-28 12:11:54 -07:00
addrconf_core.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
addrconf.c net IPv6 : Fix broken IPv6 routing table after loopback down-up 2013-05-01 09:41:06 -07:00
addrlabel.c rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
af_inet6.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ah6.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
anycast.c ipv6: Remove never used function inet6_ac_check(). 2012-02-01 16:14:17 -05:00
datagram.c ipv6: helper function to get tclass 2012-02-13 00:45:38 -05:00
esp6.c xfrm: take net hdr len into account for esp payload size calculation 2012-06-10 00:36:15 +09:00
exthdrs_core.c ipv6: Add fragment reporting to ipv6_skip_exthdr(). 2011-12-03 09:35:10 -08:00
exthdrs.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
fib6_rules.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
icmp.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
inet6_connection_sock.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-11-26 14:47:03 -05:00
inet6_hashtables.c net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
ip6_fib.c ipv6: fix return value check in fib6_add() 2012-10-13 05:38:43 +09:00
ip6_flowlabel.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
ip6_input.c ipv6: don't accept node local multicast traffic from the wire 2013-04-05 10:04:41 -07:00
ip6_output.c ipv6: fix header length calculation in ip6_append_data() 2013-02-14 10:48:54 -08:00
ip6_tunnel.c net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
ip6mr.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ipcomp6.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
ipv6_sockglue.c ipv6: setsockopt(IPIPPROTO_IPV6, IPV6_MINHOPCOUNT) forgot to set return value 2012-11-26 11:37:46 -08:00
Kconfig ipv6: ip6mr: support multiple tables 2010-05-11 14:40:55 +02:00
Makefile
mcast.c ipv6: fix array index in ip6_mc_add_src() 2012-04-05 00:00:42 -04:00
mip6.c ipv6: mip6: fix mip6_mh_filter() 2012-10-13 05:38:45 +09:00
ndisc.c ipv6: send unsolicited neighbour advertisements to all-nodes 2012-11-17 13:16:21 -08:00
netfilter.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
proc.c ipv6: fix per device IP snmp counters 2012-01-17 23:56:18 -05:00
protocol.c net: add __rcu annotations to protocol 2010-10-27 11:37:31 -07:00
raw.c ipv6: raw: fix icmpv6_filter() 2012-10-13 05:38:45 +09:00
reassembly.c net: drop dst before queueing fragments 2013-05-01 09:41:20 -07:00
route.c net: ipv6: Don't purge default router if accept_ra=2 2013-03-20 13:05:01 -07:00
sit.c ipv6: sit: Convert to dst_neigh_lookup() 2012-01-26 15:23:21 -05:00
syncookies.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
sysctl_net_ipv6.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
tcp_ipv6.c inet: Fix kmemleak in tcp_v4/6_syn_recv_sock and dccp_v4/6_request_recv_sock 2013-01-11 09:07:14 -08:00
tunnel6.c tunnels: add _rcu annotations 2010-10-25 13:09:45 -07:00
udp_impl.h
udp.c datagram: Add offset argument to __skb_recv_datagram 2012-02-21 14:58:57 -05:00
udplite.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
xfrm6_input.c netfilter: ipv6: use NFPROTO values for NF_HOOK invocation 2010-03-25 16:00:49 +01:00
xfrm6_mode_beet.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm6_output.c xfrm6: remove unneeded NULL check in __xfrm6_output() 2012-02-01 02:52:48 -05:00
xfrm6_policy.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
xfrm6_state.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
xfrm6_tunnel.c ipv6: Fix return of xfrm6_tunnel_rcv() 2011-05-24 01:11:51 -04:00