asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/net
History
Martin KaFai Lau 7ea4f000c4 ipv6: A few fixes on dereferencing rt->from 
[ Upstream commit 886b7a50100a50f1cbd08a6f8ec5884dfbe082dc ]

It is a followup after the fix in
commit 9c69a1320515 ("route: Avoid crash from dereferencing NULL rt->from")

rt6_do_redirect():
1. NULL checking is needed on rt->from because a parallel
   fib6_info delete could happen that sets rt->from to NULL.
   (e.g. rt6_remove_exception() and fib6_drop_pcpu_from()).

2. fib6_info_hold() is not enough.  Same reason as (1).
   Meaning, holding dst->__refcnt cannot ensure
   rt->from is not NULL or rt->from->fib6_ref is not 0.

   Instead of using fib6_info_hold_safe() which ip6_rt_cache_alloc()
   is already doing, this patch chooses to extend the rcu section
   to keep "from" dereference-able after checking for NULL.

inet6_rtm_getroute():
1. NULL checking is also needed on rt->from for a similar reason.
   Note that inet6_rtm_getroute() is using RTNL_FLAG_DOIT_UNLOCKED.

Fixes: a68886a691 ("net/ipv6: Make from in rt6_info rcu protected")
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Acked-by: Wei Wang <weiwan@google.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-05-05 14:42:36 +02:00
..
6lowpan 6lowpan: iphc: reset mac_header after decompress to fix panic 2018-07-06 12:32:12 +02:00
9p 9p: do not trust pdu content for stat item size 2019-04-20 09:16:00 +02:00
802
8021q net: remove blank lines at end of file 2018-07-24 14:10:43 -07:00
appletalk appletalk: Fix use-after-free in atalk_proc_exit 2019-04-20 09:16:05 +02:00
atm net: atm: Fix potential Spectre v1 vulnerabilities 2019-04-27 09:36:30 +02:00
ax25 ax25: fix possible use-after-free 2019-02-23 09:07:27 +01:00
batman-adv batman-adv: release station info tidstats 2019-03-13 14:02:34 -07:00
bluetooth Bluetooth: Fix debugfs NULL pointer dereference 2019-04-20 09:16:01 +02:00
bpf bpf/test_run: support cgroup local storage 2018-08-03 00:47:32 +02:00
bpfilter net: bpfilter: use get_pid_task instead of pid_task 2018-10-17 22:03:40 -07:00
bridge netfilter: bridge: set skb transport_header before entering NF_INET_PRE_ROUTING 2019-05-04 09:20:12 +02:00
caif Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
can can: bcm: check timer values before ktime conversion 2019-01-31 08:14:39 +01:00
ceph libceph: wait for latest osdmap in ceph_monc_blacklist_add() 2019-03-27 14:14:39 +09:00
core net: Fix missing meta data in skb with vlan packet 2019-04-27 09:36:30 +02:00
dcb net: dcb: Add priority-to-DSCP map getters 2018-07-27 13:17:50 -07:00
dccp dccp: do not use ipv6 header for ipv4 flow 2019-04-03 06:26:15 +02:00
decnet decnet: fix using plain integer as NULL warning 2018-08-09 14:11:24 -07:00
dns_resolver net: remove blank lines at end of file 2018-07-24 14:10:43 -07:00
dsa net: dsa: slave: Don't propagate flag changes on down slave interfaces 2019-02-12 19:47:22 +01:00
ethernet net: Convert GRO SKB handling to list_head. 2018-06-26 11:33:04 +09:00
hsr net/hsr: fix possible crash in add_timer() 2019-03-19 13:12:38 +01:00
ieee802154 ieee802154: lowpan_header_create check must check daddr 2019-01-09 17:38:31 +01:00
ife
ipv4 ipv4: ip_do_fragment: Preserve skb_iif during fragmentation 2019-05-05 14:42:36 +02:00
ipv6 ipv6: A few fixes on dereferencing rt->from 2019-05-05 14:42:36 +02:00
iucv Revert "net: simplify sock_poll_wait" 2018-11-04 14:50:51 +01:00
kcm kcm: switch order of device registration to fix a crash 2019-04-17 08:38:40 +02:00
key xfrm: destroy xfrm_state synchronously on net exit path 2019-04-20 09:16:03 +02:00
l2tp l2tp: fix infoleak in l2tp_ip6_recvmsg() 2019-03-19 13:12:38 +01:00
l3mdev
lapb
llc llc: do not use sk_eat_skb() 2018-12-01 09:37:27 +01:00
mac80211 mac80211: do not call driver wake_tx_queue op during reconfig 2019-04-27 09:36:38 +02:00
mac802154 net: mac802154: tx: expand tailroom if necessary 2018-08-06 11:21:37 +02:00
mpls mpls: Return error for RTA_GATEWAY attribute 2019-03-10 07:17:19 +01:00
ncsi net/ncsi: Fixup .dumpit message flags and ID check in Netlink handler 2018-08-22 21:39:08 -07:00
netfilter netfilter: fix NETFILTER_XT_TARGET_TEE dependencies 2019-05-04 09:20:12 +02:00
netlabel netlabel: fix out-of-bounds memory accesses 2019-03-10 07:17:18 +01:00
netlink genetlink: Fix a memory leak on error path 2019-04-03 06:26:15 +02:00
netrom net: netrom: Fix error cleanup path of nr_proto_init 2019-05-02 09:58:57 +02:00
nfc net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails 2019-03-10 07:17:18 +01:00
nsh nsh: set mac len based on inner packet 2018-07-12 16:55:29 -07:00
openvswitch openvswitch: fix flow actions reallocation 2019-04-17 08:38:41 +02:00
packet packets: Always register packet sk in the same order 2019-04-03 06:26:17 +02:00
phonet phonet: fix building with clang 2019-03-23 20:09:51 +01:00
psample
qrtr net: qrtr: Reset the node and port ID of broadcast messages 2018-07-05 20:20:03 +09:00
rds net: rds: exchange of 8K and 1M pool 2019-05-02 09:59:00 +02:00
rfkill Here are quite a large number of fixes, notably: 2018-09-03 22:12:02 -07:00
rose net/rose: fix unbound loop in rose_loopback_timer() 2019-05-02 09:59:00 +02:00
rxrpc rxrpc: fix race condition in rxrpc_input_packet() 2019-05-02 09:58:57 +02:00
sched sch_cake: Simplify logic in cake_select_tin() 2019-04-27 09:36:32 +02:00
sctp sctp: initialize _pad of sockaddr_in before copying to user memory 2019-04-17 08:38:41 +02:00
smc net/smc: fix smc_poll in SMC_INIT state 2019-03-19 13:12:41 +01:00
strparser strparser: remove redundant variable 'rd_desc' 2018-08-01 10:00:06 -07:00
sunrpc sunrpc: don't mark uninitialised items as VALID. 2019-05-02 09:58:55 +02:00
switchdev
tipc tipc: check link name with right length in tipc_nl_compat_link_set 2019-05-02 09:58:57 +02:00
tls net/tls: don't leak IV and record seq when offload fails 2019-05-02 09:59:01 +02:00
unix missing barriers in some of unix_sock ->addr and ->path accesses 2019-03-19 13:12:41 +01:00
vmw_vsock vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock 2019-05-02 09:58:52 +02:00
wimax wimax: remove blank lines at EOF 2018-07-24 14:10:42 -07:00
wireless cfg80211: extend range deviation for DMG 2019-03-05 17:58:52 +01:00
x25 net/x25: fix a race in x25_bind() 2019-03-19 13:12:40 +01:00
xdp xsk: fix umem memory leak on cleanup 2019-05-04 09:20:12 +02:00
xfrm xfrm: destroy xfrm_state synchronously on net exit path 2019-04-20 09:16:03 +02:00
compat.c sock: Make sock->sk_stamp thread-safe 2019-01-09 17:38:33 +01:00
Kconfig net: remove blank lines at end of file 2018-07-24 14:10:43 -07:00
Makefile bpfilter: check compiler capability in Kconfig 2018-06-28 13:36:39 +09:00
socket.c net: socket: set sock->sk to NULL after calling proto_ops::release() 2019-03-10 07:17:18 +01:00
sysctl_net.c