asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/net
History
Florian Westphal dc58e40274 netfilter: nf_tables: fix base chain stat rcu_dereference usage 
[ Upstream commit edbd82c5fba009f68d20b5db585be1e667c605f6 ]

Following splat gets triggered when nfnetlink monitor is running while
xtables-nft selftests are running:

net/netfilter/nf_tables_api.c:1272 suspicious rcu_dereference_check() usage!
other info that might help us debug this:

1 lock held by xtables-nft-mul/27006:
 #0: 00000000e0f85be9 (&net->nft.commit_mutex){+.+.}, at: nf_tables_valid_genid+0x1a/0x50
Call Trace:
 nf_tables_fill_chain_info.isra.45+0x6cc/0x6e0
 nf_tables_chain_notify+0xf8/0x1a0
 nf_tables_commit+0x165c/0x1740

nf_tables_fill_chain_info() can be called both from dumps (rcu read locked)
or from the transaction path if a userspace process subscribed to nftables
notifications.

In the 'table dump' case, rcu_access_pointer() cannot be used: We do not
hold transaction mutex so the pointer can be NULLed right after the check.
Just unconditionally fetch the value, then have the helper return
immediately if its NULL.

In the notification case we don't hold the rcu read lock, but updates are
prevented due to transaction mutex. Use rcu_dereference_check() to make lockdep
aware of this.

Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-06-15 11:54:05 +02:00
..
6lowpan 6lowpan: iphc: reset mac_header after decompress to fix panic 2018-07-06 12:32:12 +02:00
9p 9p: do not trust pdu content for stat item size 2019-04-20 09:16:00 +02:00
802
8021q vlan: disable SIOCSHWTSTAMP in container 2019-05-16 19:41:30 +02:00
appletalk appletalk: Fix use-after-free in atalk_proc_exit 2019-04-20 09:16:05 +02:00
atm net: atm: Fix potential Spectre v1 vulnerabilities 2019-04-27 09:36:30 +02:00
ax25 ax25: fix possible use-after-free 2019-02-23 09:07:27 +01:00
batman-adv batman-adv: allow updating DAT entry timeouts on incoming ARP Replies 2019-05-31 06:46:31 -07:00
bluetooth Bluetooth: Ignore CC events not matching the last HCI command 2019-05-31 06:46:09 -07:00
bpf bpf/test_run: support cgroup local storage 2018-08-03 00:47:32 +02:00
bpfilter net: bpfilter: use get_pid_task instead of pid_task 2018-10-17 22:03:40 -07:00
bridge bridge: Fix error path for kobject_init_and_add() 2019-05-16 19:41:29 +02:00
caif Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
can can: bcm: check timer values before ktime conversion 2019-01-31 08:14:39 +01:00
ceph libceph: wait for latest osdmap in ceph_monc_blacklist_add() 2019-03-27 14:14:39 +09:00
core ethtool: check the return value of get_regs_len 2019-06-11 12:20:57 +02:00
dcb net: dcb: Add priority-to-DSCP map getters 2018-07-27 13:17:50 -07:00
dccp dccp: do not use ipv6 header for ipv4 flow 2019-04-03 06:26:15 +02:00
decnet decnet: fix using plain integer as NULL warning 2018-08-09 14:11:24 -07:00
dns_resolver net: remove blank lines at end of file 2018-07-24 14:10:43 -07:00
dsa net: dsa: Fix error cleanup path in dsa_init_module 2019-05-16 19:41:29 +02:00
ethernet net: Convert GRO SKB handling to list_head. 2018-06-26 11:33:04 +09:00
hsr net/hsr: fix possible crash in add_timer() 2019-03-19 13:12:38 +01:00
ieee802154 ieee802154: lowpan_header_create check must check daddr 2019-01-09 17:38:31 +01:00
ife
ipv4 ipv4: not do cache for local delivery if bc_forwarding is enabled 2019-06-11 12:20:47 +02:00
ipv6 ipv6: fix EFAULT on sendto with icmpv6 and hdrincl 2019-06-11 12:20:50 +02:00
iucv Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
kcm kcm: switch order of device registration to fix a crash 2019-04-17 08:38:40 +02:00
key xfrm: clean up xfrm protocol checks 2019-05-25 18:23:41 +02:00
l2tp l2tp: use rcu_dereference_sk_user_data() in l2tp_udp_encap_recv() 2019-05-05 14:42:37 +02:00
l3mdev
lapb
llc llc: fix skb leak in llc_build_and_send_ui_pkt() 2019-06-04 08:02:31 +02:00
mac80211 mac80211/cfg80211: update bss channel on channel switch 2019-05-31 06:46:14 -07:00
mac802154 net: mac802154: tx: expand tailroom if necessary 2018-08-06 11:21:37 +02:00
mpls mpls: Return error for RTA_GATEWAY attribute 2019-03-10 07:17:19 +01:00
ncsi net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler 2018-08-22 21:39:08 -07:00
netfilter netfilter: nf_tables: fix base chain stat rcu_dereference usage 2019-06-15 11:54:05 +02:00
netlabel netlabel: fix out-of-bounds memory accesses 2019-03-10 07:17:18 +01:00
netlink genetlink: Fix a memory leak on error path 2019-04-03 06:26:15 +02:00
netrom net: netrom: Fix error cleanup path of nr_proto_init 2019-05-02 09:58:57 +02:00
nfc NFC: nci: Add some bounds checking in nci_hci_cmd_received() 2019-05-16 19:41:27 +02:00
nsh nsh: set mac len based on inner packet 2018-07-12 16:55:29 -07:00
openvswitch openvswitch: fix flow actions reallocation 2019-04-17 08:38:41 +02:00
packet packet: unconditionally free po->rollover 2019-06-11 12:20:49 +02:00
phonet phonet: fix building with clang 2019-03-23 20:09:51 +01:00
psample
qrtr net: qrtr: Reset the node and port ID of broadcast messages 2018-07-05 20:20:03 +09:00
rds net: rds: fix memory leak in rds_ib_flush_mr_pool 2019-06-11 12:20:49 +02:00
rfkill Here are quite a large number of fixes, notably: 2018-09-03 22:12:02 -07:00
rose net/rose: fix unbound loop in rose_loopback_timer() 2019-05-02 09:59:00 +02:00
rxrpc rxrpc: Fix net namespace cleanup 2019-05-05 14:42:38 +02:00
sched net: sched: don't use tc_action->order during action dump 2019-06-04 08:02:32 +02:00
sctp Fix memory leak in sctp_process_init 2019-06-11 12:20:47 +02:00
smc net/smc: fix smc_poll in SMC_INIT state 2019-03-19 13:12:41 +01:00
strparser net: strparser: partially revert "strparser: Call skb_unclone conditionally" 2019-05-16 19:41:27 +02:00
sunrpc sunrpc: don't mark uninitialised items as VALID. 2019-05-02 09:58:55 +02:00
switchdev
tipc tipc: fix modprobe tipc failed after switch order of device registration 2019-06-04 08:02:34 +02:00
tls net/tls: replace the sleeping lock around RX resync with a bit lock 2019-06-11 12:20:49 +02:00
unix missing barriers in some of unix_sock ->addr and ->path accesses 2019-03-19 13:12:41 +01:00
vmw_vsock vsock/virtio: Initialize core virtio vsock before registering the driver 2019-05-25 18:23:22 +02:00
wimax wimax: remove blank lines at EOF 2018-07-24 14:10:42 -07:00
wireless mac80211/cfg80211: update bss channel on channel switch 2019-05-31 06:46:14 -07:00
x25 net/x25: fix a race in x25_bind() 2019-03-19 13:12:40 +01:00
xdp xsk: fix umem memory leak on cleanup 2019-05-04 09:20:12 +02:00
xfrm xfrm: Honor original L3 slave device in xfrmi policy lookup 2019-05-25 18:23:41 +02:00
compat.c sock: Make sock->sk_stamp thread-safe 2019-01-09 17:38:33 +01:00
Kconfig net: remove blank lines at end of file 2018-07-24 14:10:43 -07:00
Makefile bpfilter: check compiler capability in Kconfig 2018-06-28 13:36:39 +09:00
socket.c net: socket: set sock->sk to NULL after calling proto_ops::release() 2019-03-10 07:17:18 +01:00
sysctl_net.c