mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
linux-stable/include/net
History
Eric Dumazet b8af8e6118 net: fix __dst_negative_advice() race 
[ Upstream commit 92f1655aa2 ]

__dst_negative_advice() does not enforce proper RCU rules when
sk->dst_cache must be cleared, leading to possible UAF.

RCU rules are that we must first clear sk->sk_dst_cache,
then call dst_release(old_dst).

Note that sk_dst_reset(sk) is implementing this protocol correctly,
while __dst_negative_advice() uses the wrong order.

Given that ip6_negative_advice() has special logic
against RTF_CACHE, this means each of the three ->negative_advice()
existing methods must perform the sk_dst_reset() themselves.

Note the check against NULL dst is centralized in
__dst_negative_advice(), there is no need to duplicate
it in various callbacks.

Many thanks to Clement Lecigne for tracking this issue.

This old bug became visible after the blamed commit, using UDP sockets.

Fixes: a87cb3e48e ("net: Facility to report route quality of connected sockets")
Reported-by: Clement Lecigne <clecigne@google.com>
Diagnosed-by: Clement Lecigne <clecigne@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Tom Herbert <tom@herbertland.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20240528114353.1794151-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-06-12 11:39:55 +02:00
..
9p 9p: Add additional debug flags and open modes 2023-03-27 02:33:48 +00:00
bluetooth Bluetooth: ISO: Handle PA sync when no BIGInfo reports are generated 2024-06-12 11:39:36 +02:00
caif net: caif: Remove unused declaration cfsrvl_ctrlcmd() 2023-08-10 18:24:48 -07:00
iucv s390/iucv: use new address translation helpers 2024-03-13 09:23:48 +01:00
mana net: mana: Fix Rx DMA datasize and skb_over_panic 2024-04-03 19:32:03 -07:00
netfilter netfilter: flowtable: validate pppoe header 2024-04-11 12:13:11 +02:00
netns net: Namespace-ify sysctl_optmem_max 2023-12-15 11:01:27 +00:00
nfc nfc: core: make nfc_class constant 2024-03-05 11:21:18 -08:00
page_pool net: page_pool: fix recycle stats for system page_pool allocator 2024-02-19 12:30:27 -08:00
phonet net: ioctl: Use kernel memory on protocol ioctl callbacks 2023-06-15 22:33:26 -07:00
sctp sctp: preserve const qualifier in sctp_sk() 2024-02-05 11:08:06 +00:00
tc_act net/sched: Retire ipt action 2024-01-02 12:41:16 +00:00
6lowpan.h
Space.h net: appletalk: remove cops support 2023-10-04 11:49:20 -07:00
act_api.h net/sched: Add helper macros with module names 2024-02-02 10:57:55 -08:00
addrconf.h ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr 2024-04-09 17:09:05 -07:00
af_ieee802154.h
af_rxrpc.h rxrpc, afs: Allow afs to pin rxrpc_peer objects 2023-12-24 15:22:50 +00:00
af_unix.h af_unix: Suppress false-positive lockdep splat for spin_lock() in __unix_gc(). 2024-04-25 08:37:02 -07:00
af_vsock.h virtio/vsock: send credit update during setting SO_RCVLOWAT 2023-12-15 10:37:35 +00:00
ah.h
amt.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
arp.h neighbour: switch to standard rcu, instead of rcu_bh 2023-03-21 21:32:18 -07:00
atmclip.h
ax25.h ax25: Use kernel universal linked list to implement ax25_dev_list 2024-05-30 09:44:39 +02:00
ax88796.h ax88796: Fix some typo in a comment 2022-08-09 22:14:02 -07:00
bareudp.h bareudp: Move definition of struct bareudp_conf to bareudp.c 2021-12-13 12:34:09 +00:00
bond_3ad.h bonding: Add independent control state machine 2024-02-06 13:17:54 +01:00
bond_alb.h bonding (gcc13): synchronize bond_{a,t}lb_xmit() types 2022-11-02 20:38:13 -07:00
bond_options.h bonding: Add independent control state machine 2024-02-06 13:17:54 +01:00
bonding.h bonding: Add independent control state machine 2024-02-06 13:17:54 +01:00
bpf_sk_storage.h
busy_poll.h net: add napi_busy_loop_rcu() 2024-02-09 10:01:09 -08:00
calipso.h
cfg80211-wext.h wifi: cfg80211: Avoid clashing function prototypes 2022-11-16 11:31:47 +02:00
cfg80211.h wifi: cfg80211: add a flag to disable wireless extensions 2024-03-25 15:23:06 +01:00
cfg802154.h mac802154: fix llsec key resources release in mac802154_llsec_key_del 2024-03-06 21:01:26 +01:00
checksum.h net: checksum: drop the linux/uaccess.h include 2023-01-27 11:19:46 +00:00
cipso_ipv4.h
cls_cgroup.h
codel.h codel: fix kernel-doc notation warnings 2023-07-14 20:39:29 -07:00
codel_impl.h codel: remove unnecessary sock.h include 2021-12-22 15:03:47 -08:00
codel_qdisc.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
compat.h net: copy from user before calling __get_compat_msghdr 2022-07-24 18:39:17 -06:00
datalink.h net: datalink: Remove unused declarations 2023-07-27 17:17:32 -07:00
dcbevent.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
dcbnl.h net: dcb: add helper functions to retrieve PCP and DSCP rewrite maps 2023-01-20 09:33:22 +00:00
devlink.h devlink: convert most of devlink_fmsg_*() to return void 2023-10-20 11:34:51 +01:00
dropreason-core.h tcp: introduce dropreasons in receive path 2024-02-28 10:39:21 +00:00
dropreason.h net: openvswitch: add last-action drop reason 2023-08-14 08:01:06 +01:00
dsa.h ethtool: replace struct ethtool_eee with a new struct ethtool_keee on kernel side 2024-01-31 12:30:47 +00:00
dsa_stubs.h net: dsa: Use conduit and user terms 2023-10-24 13:08:14 -07:00
dsfield.h
dst.h net: dst: Make dst_destroy() static and return void. 2024-02-06 11:45:53 +01:00
dst_cache.h wireguard: device: reset peer src endpoint when netns exits 2021-11-29 19:50:45 -08:00
dst_metadata.h xfrm: interface: Add unstable helpers for setting/getting XFRM metadata from TC-BPF 2022-12-05 21:58:27 -08:00
dst_ops.h net: fix __dst_negative_advice() race 2024-06-12 11:39:55 +02:00
eee.h net: add helpers for EEE configuration 2024-03-05 19:21:17 -08:00
erspan.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
esp.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
espintcp.h
ethoc.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
failover.h net: failover: add net device refcount tracker 2021-12-06 16:06:02 -08:00
fib_notifier.h
fib_rules.h fib: remove unnecessary input parameters in fib_default_rule_add 2024-01-03 16:42:48 -08:00
firewire.h firewire: net: Make use of get_unaligned_be48(), put_unaligned_be48() 2022-07-28 22:21:54 -07:00
flow.h inet: shrink struct flowi_common 2023-11-02 09:31:02 +01:00
flow_dissector.h net: flow_dissector: Add IPSEC dissector 2023-08-02 10:09:31 +01:00
flow_offload.h flow_offload: Annotate struct flow_action_entry with __counted_by 2023-10-06 11:37:02 +01:00
fou.h bpf,fou: Add bpf_skb_{set,get}_fou_encap kfuncs 2023-04-12 16:40:39 -07:00
fq.h net: fq: Remove unused typedef fq_flow_get_default_t 2023-08-08 15:58:23 -07:00
fq_impl.h wifi: mac80211: add support for restricting netdev features per vif 2022-12-01 15:09:10 +01:00
garp.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
gen_stats.h net: sched: Remove Qdisc::running sequence counter 2021-10-18 12:54:41 +01:00
genetlink.h genetlink: make info in GENL_REQ_ATTR_CHECK() const 2024-02-23 18:17:36 -08:00
geneve.h net: geneve: fix array of flexible structures warnings 2022-10-31 10:43:04 +00:00
gre.h
gro.h net: gro: fix udp bad offset in socket lookup by adding {inner_}network_offset to napi_gro_cb 2024-05-02 11:02:48 +02:00
gro_cells.h
gso.h net: move gso declarations and functions to their own files 2023-06-10 00:11:41 -07:00
gtp.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
gue.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
handshake.h net/handshake: Add helpers for parsing incoming TLS Alerts 2023-07-28 14:07:59 -07:00
hotdata.h net: move rps_sock_flow_table to net_hotdata 2024-03-07 21:12:43 -08:00
hwbm.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
icmp.h ipv6: ICMPV6: add response to ICMPV6 RFC 8335 PROBE messages 2021-06-28 14:29:45 -07:00
ieee80211_radiotap.h wifi: radiotap: add bandwidth definition of EHT U-SIG 2023-10-12 15:14:27 +03:00
ieee802154_netdev.h mac802154: Handle association requests from peers 2023-11-20 11:43:03 +01:00
if_inet6.h ipv6: anycast: complete RCU handling of struct ifacaddr6 2024-02-26 18:40:34 -08:00
ife.h
inet6_connection_sock.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
inet6_hashtables.h net: Fix slab-out-of-bounds in inet[6]_steal_sock 2023-08-15 13:57:51 -07:00
inet_common.h net: factor out __inet_listen_sk() helper 2023-08-14 07:06:13 +01:00
inet_connection_sock.h tcp: properly terminate timers for kernel sockets 2024-03-25 19:51:57 -07:00
inet_dscp.h ipv6: Define dscp_t and stop taking ECN bits into account in fib6-rules 2022-02-07 20:12:45 -08:00
inet_ecn.h net: add skb_get_dsfield() helper 2021-10-15 11:33:08 +01:00
inet_frag.h inet: frags: eliminate kernel-doc warning 2023-07-14 20:39:29 -07:00
inet_hashtables.h tcp: Remove dead code and fields for bhash2. 2023-12-22 22:15:35 +00:00
inet_sock.h inet: Add getsockopt support for IP_ROUTER_ALERT and IPV6_ROUTER_ALERT 2024-03-06 12:37:06 +00:00
inet_timewait_sock.h tcp: Remove dead code and fields for bhash2. 2023-12-22 22:15:35 +00:00
inetpeer.h
ioam6.h net: ioam6: multicast event 2024-02-28 11:19:41 +00:00
ip.h inet: introduce dst_rtable() helper 2024-06-12 11:39:55 +02:00
ip6_checksum.h net: move gro definitions to include/net/gro.h 2021-11-16 13:16:54 +00:00
ip6_fib.h ipv6: introduce dst_rt6_info() helper 2024-06-12 11:39:54 +02:00
ip6_route.h ipv6: introduce dst_rt6_info() helper 2024-06-12 11:39:54 +02:00
ip6_tunnel.h ip_gre, ip6_gre: Fix race condition on o_seqno in collect_md mode 2022-04-25 11:40:45 +01:00
ip_fib.h inet: allow ip_valid_fib_dump_req() to be called with RTNL or RCU 2024-02-26 11:46:12 +00:00
ip_tunnels.h geneve: fix header validation in geneve[6]_xmit_skb 2024-04-08 11:51:04 +01:00
ip_vs.h ipvs: Correct spelling in comments 2023-04-22 01:39:41 +02:00
ipcomp.h xfrm: ipcomp: add extack to ipcomp{4,6}_init_state 2022-09-29 07:18:00 +02:00
ipconfig.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
ipv6.h ipv6: annotate data-races around cnf.forwarding 2024-03-01 08:42:31 +00:00
ipv6_frag.h net: dropreason: add SKB_DROP_REASON_FRAG_REASM_TIMEOUT 2022-10-31 20:14:27 -07:00
ipv6_stubs.h ipsec-next-2023-10-28 2023-10-30 14:36:57 -07:00
iw_handler.h wifi: wext: Remove unused declaration dev_get_wireless_info() 2023-08-22 21:40:40 +02:00
kcm.h kcm: Send multiple frags in one sendmsg() 2023-06-12 21:13:23 -07:00
l3mdev.h
lag.h
lapb.h
lib80211.h
llc.h llc: fix out-of-bound array index in llc_sk_dev_hash() 2021-11-07 19:25:29 +00:00
llc_c_ac.h net: llc: Remove unused function declarations 2023-08-04 15:33:17 -07:00
llc_c_ev.h net: llc: Remove unused function declarations 2023-08-04 15:33:17 -07:00
llc_c_st.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
llc_conn.h llc: Check netns in llc_estab_match() and llc_listener_match(). 2023-07-20 10:46:28 +02:00
llc_if.h llc/snap: constify dev_addr passing 2021-10-13 09:40:46 -07:00
llc_pdu.h llc: Drop support for ETH_P_TR_802_2. 2024-01-19 21:30:09 -08:00
llc_s_ac.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
llc_s_ev.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
llc_s_st.h add missing includes and forward declarations to networking includes under linux/ 2022-07-28 11:29:36 +02:00
llc_sap.h
lwtunnel.h lwt: Check LWTUNNEL_XMIT_CONTINUE strictly 2023-08-18 16:05:26 +02:00
mac80211.h wifi: mac80211: don't use rate mask for scanning 2024-04-08 20:11:34 +02:00
mac802154.h mac802154: Drop IEEE802154_HW_RX_DROP_BAD_CKSUM 2022-10-12 12:57:19 +02:00
macsec.h macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads 2024-04-25 08:20:54 -07:00
mctp.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-02-29 14:24:56 -08:00
mctpdevice.h mctp: Pass flow data & flow release events to drivers 2021-10-29 13:23:51 +01:00
mip6.h
mld.h
mpls.h
mpls_iptunnel.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
mptcp.h mptcp: add struct mptcp_sched_ops 2023-08-22 17:31:18 -07:00
mrp.h mrp: introduce active flags to prevent UAF when applicant uninit 2022-11-18 12:14:55 +00:00
ncsi.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
ndisc.h ndisc: Remove unused ndisc_ifinfo_sysctl_strategy() declaration 2023-08-07 08:53:55 +01:00
neighbour.h neighbour: Fix __randomize_layout crash in struct neighbour 2023-11-28 12:18:29 +01:00
net_debug.h net: add CONFIG_DEBUG_NET 2022-05-11 12:43:10 +01:00
net_failover.h
net_namespace.h net: add exit_batch_rtnl() method 2024-02-07 18:55:10 -08:00
net_ratelimit.h
net_trackers.h net: add networking namespace refcount tracker 2021-12-10 06:38:26 -08:00
netdev_queues.h netdev: add queue stat for alloc failures 2024-03-07 21:13:26 -08:00
netdev_rx_queue.h net: Add queue and napi association 2023-12-04 18:04:05 -08:00
netevent.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
netkit.h bpf, netkit: Add indirect call wrapper for fetching peer dev 2023-11-20 10:15:16 -08:00
netlabel.h netlabel: cleanup struct netlbl_lsm_catmap 2024-02-07 12:38:30 +00:00
netlink.h genetlink: introduce helpers to do filtered multicast 2023-12-19 15:31:40 +01:00
netmem.h net: introduce abstraction for network memory 2024-02-20 09:22:58 +01:00
netprio_cgroup.h
netrom.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
nexthop.h net: nexthop: Have all NH notifiers carry NH ID 2024-03-11 14:14:07 -07:00
nl802154.h ieee802154: Give the user the association list 2023-11-20 11:43:45 +01:00
nsh.h net: NSH: fix kernel-doc notation warning 2023-07-14 20:39:29 -07:00
p8022.h net: 802: Remove unused function declarations 2023-08-04 15:33:50 -07:00
pie.h pie: fix kernel-doc notation warning 2023-07-14 20:39:30 -07:00
ping.h net/ipv4: ping_group_range: allow GID from 2147483648 to 4294967294 2023-06-02 09:55:22 +01:00
pkt_cls.h net/sched: Add helper macros with module names 2024-02-02 10:57:55 -08:00
pkt_sched.h net/sched: Add helper macros with module names 2024-02-02 10:57:55 -08:00
pptp.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
protocol.h ipv6: move tcp_ipv6_hash_secret and udp_ipv6_hash_secret to net_hotdata 2024-03-07 21:12:43 -08:00
psample.h psample: Add a fwd declaration for skbuff 2021-08-09 15:34:21 -07:00
psnap.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
raw.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-04-06 12:01:20 -07:00
rawv6.h ipv6: raw: constify raw_v6_match() socket argument 2023-03-17 08:56:37 +00:00
red.h treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
regulatory.h wifi: cfg80211: save power spectral density(psd) of regulatory rule 2023-09-18 09:44:05 +02:00
request_sock.h tcp: Clear req->syncookie in reqsk_alloc(). 2024-03-19 19:35:59 -07:00
rose.h net: rose: add netdev ref tracker to 'struct rose_sock' 2022-08-01 11:59:23 -07:00
route.h inet: introduce dst_rtable() helper 2024-06-12 11:39:55 +02:00
rpl.h ipv6: rpl: Remove pskb(_may)?_pull() in ipv6_rpl_srh_rcv(). 2023-06-19 11:32:58 -07:00
rps.h net: move rps_sock_flow_table to net_hotdata 2024-03-07 21:12:43 -08:00
rsi_91x.h rsi: remove kernel-doc comment marker 2023-07-14 20:39:30 -07:00
rtnetlink.h rtnetlink: add RTNL_FLAG_DUMP_UNLOCKED flag 2024-02-26 11:46:12 +00:00
rtnh.h
sch_generic.h net/sched: Fix mirred deadlock on device recursion 2024-04-17 18:22:52 -07:00
scm.h af_unix: Try to run GC async. 2024-01-26 20:34:25 -08:00
secure_seq.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
seg6.h udp6: Use Segment Routing Header for dest address if present 2022-01-04 12:17:35 +00:00
seg6_hmac.h
seg6_local.h
selftests.h
slhc_vj.h
smc.h net/smc: manage system EID in SMC stack instead of ISM driver 2023-12-26 20:24:33 +00:00
snmp.h
sock.h net: fix __dst_negative_advice() race 2024-06-12 11:39:55 +02:00
sock_reuseport.h soreuseport: Fix socket selection for SO_INCOMING_CPU. 2022-10-25 11:35:16 +02:00
stp.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
strparser.h tls: rx: remove the message decrypted tracking 2022-07-18 11:24:10 +01:00
switchdev.h net: bridge: switchdev: Skip MDB replays of deferred events on offload 2024-02-16 09:36:37 +00:00
tc_wrapper.h Merge branch 'x86/bugs' into x86/core, to pick up pending changes before dependent patches 2024-02-14 10:49:37 +01:00
tcp.h tcp: increase the default TCP scaling ratio 2024-05-30 09:44:20 +02:00
tcp_ao.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-01-04 18:06:46 -08:00
tcp_states.h tcp: Dump bound-only sockets in inet_diag. 2023-12-04 14:45:26 -08:00
tcx.h bpf, tcx: Get rid of tcx_link_const 2023-10-23 15:01:53 -07:00
timewait_sock.h
tipc.h
tls.h tls: fix lockless read of strp->msg_ready in ->poll 2024-04-25 08:32:37 -07:00
tls_prot.h net/tls: Add TLS Alert definitions 2023-07-28 14:07:59 -07:00
tls_toe.h
transp_v6.h inet6: Remove unused function declaration udpv6_connect() 2023-08-01 15:06:27 -07:00
tso.h net: tso: inline tso_count_descs() 2022-12-12 15:04:39 -08:00
tun_proto.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
udp.h udp/udplite: Remove unused function declarations udp{,lite}_get_port() 2023-08-07 08:53:55 +01:00
udp_tunnel.h ipv6: add new arguments to udp_tunnel6_dst_lookup() 2023-10-23 08:48:57 +01:00
udplite.h udplite: fix various data-races 2023-09-14 16:16:36 +02:00
vsock_addr.h
vxlan.h vxlan: add support for flowlabel inherit 2023-11-16 22:33:31 +00:00
wext.h
x25.h x25: preserve const qualifier in [a]x25_sk() 2023-03-18 12:23:34 +00:00
x25device.h
xdp.h net, xdp: Correct grammar 2023-12-14 16:38:59 +01:00
xdp_priv.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
xdp_sock.h xsk: Don't assume metadata is always requested in TX completion 2024-03-19 13:47:29 +01:00
xdp_sock_drv.h xsk: fix usage of multi-buffer BPF helpers for ZC XDP 2024-01-24 16:24:06 -08:00
xfrm.h xfrm: Preserve vlan tags for transport mode software GRO 2024-04-26 06:44:33 +02:00
xsk_buff_pool.h xsk: add functions to fill control buffer 2023-12-13 16:16:40 -08:00