linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-18 08:35:03 +00:00

History

Olof Johansson 9b013e05e0 [NET]: Fix bug in sk_filter race cures. Looks like this might be causing problems, at least for me on ppc. This happened during a normal boot, right around first interface config/dhcp run.. cpu 0x0: Vector: 300 (Data Access) at [c00000000147b820] pc: c000000000435e5c: .sk_filter_delayed_uncharge+0x1c/0x60 lr: c0000000004360d0: .sk_attach_filter+0x170/0x180 sp: c00000000147baa0 msr: 9000000000009032 dar: 4 dsisr: 40000000 current = 0xc000000004780fa0 paca = 0xc000000000650480 pid = 1295, comm = dhclient3 0:mon> t [c00000000147bb20] c0000000004360d0 .sk_attach_filter+0x170/0x180 [c00000000147bbd0] c000000000418988 .sock_setsockopt+0x788/0x7f0 [c00000000147bcb0] c000000000438a74 .compat_sys_setsockopt+0x4e4/0x5a0 [c00000000147bd90] c00000000043955c .compat_sys_socketcall+0x25c/0x2b0 [c00000000147be30] c000000000007508 syscall_exit+0x0/0x40 --- Exception: c01 (System Call) at 000000000ff618d8 SP (fffdf040) is in userspace 0:mon> I.e. null pointer deref at sk_filter_delayed_uncharge+0x1c: 0:mon> di $.sk_filter_delayed_uncharge c000000000435e40 7c0802a6 mflr r0 c000000000435e44 fbc1fff0 std r30,-16(r1) c000000000435e48 7c8b2378 mr r11,r4 c000000000435e4c ebc2cdd0 ld r30,-12848(r2) c000000000435e50 f8010010 std r0,16(r1) c000000000435e54 f821ff81 stdu r1,-128(r1) c000000000435e58 380300a4 addi r0,r3,164 c000000000435e5c 81240004 lwz r9,4(r4) That's the deref of fp: static void sk_filter_delayed_uncharge(struct sock sk, struct sk_filter fp) { unsigned int size = sk_filter_len(fp); ... That is called from sk_attach_filter(): ... rcu_read_lock_bh(); old_fp = rcu_dereference(sk->sk_filter); rcu_assign_pointer(sk->sk_filter, fp); rcu_read_unlock_bh(); sk_filter_delayed_uncharge(sk, old_fp); return 0; ... So, looks like rcu_dereference() returned NULL. I don't know the filter code at all, but it seems like it might be a valid case? sk_detach_filter() seems to handle a NULL sk_filter, at least. So, this needs review by someone who knows the filter, but it fixes the problem for me: Signed-off-by: Olof Johansson <olof@lixom.net> Signed-off-by: David S. Miller <davem@davemloft.net>		2007-10-18 21:48:39 -07:00
..
9p	9p: remove sysctl	2007-10-17 14:35:15 -05:00
802	[NET]: Move hardware header operations out of netdevice.	2007-10-10 16:52:52 -07:00
8021q	[8021Q]: transfer dev_id from real device	2007-10-10 16:54:56 -07:00
appletalk	[NET]: sparse warning fixes	2007-10-10 16:54:48 -07:00
atm	[BR2684]: get rid of broken header code.	2007-10-17 19:39:22 -07:00
ax25	[NET]: Move hardware header operations out of netdevice.	2007-10-10 16:52:52 -07:00
bluetooth	[BLUETOOTH]: Make hidp_setup_input() return int	2007-10-10 16:52:39 -07:00
bridge	[BRIDGE]: Remove SKB share checks in br_nf_pre_routing().	2007-10-15 12:26:35 -07:00
core	[NET]: Fix bug in sk_filter race cures.	2007-10-18 21:48:39 -07:00
dccp	[DCCP]: fix link error with !CONFIG_SYSCTL	2007-10-17 19:33:06 -07:00
decnet	[NETFILTER]: Replace sk_buff ** with sk_buff *	2007-10-15 12:26:29 -07:00
econet	[NET]: Wrap netdevice hardware header creation.	2007-10-10 16:52:50 -07:00
ethernet	[NET]: Move hardware header operations out of netdevice.	2007-10-10 16:52:52 -07:00
ieee80211	[PATCH] ieee80211: fix TKIP QoS bug	2007-10-16 20:58:12 -04:00
ipv4	Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6	2007-10-18 14:40:30 -07:00
ipv6	Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6	2007-10-18 14:40:30 -07:00
ipx	[NET]: Make the device list and device lookups per namespace.	2007-10-10 16:49:10 -07:00
irda	Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6	2007-10-18 14:40:30 -07:00
iucv	[AF_IUCV]: postpone receival of iucv-packets	2007-10-10 16:54:51 -07:00
key	[IPSEC]: Lock state when copying non-atomic fields to user-space	2007-10-10 16:55:02 -07:00
lapb
llc	[NET]: Introduce and use print_mac() and DECLARE_MAC_BUF()	2007-10-10 16:51:42 -07:00
mac80211	[MAC80211]: only honor IW_SCAN_THIS_ESSID in STA, IBSS, and AP modes	2007-10-17 21:16:16 -07:00
netfilter	Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6	2007-10-18 14:40:30 -07:00
netlabel	[NETLINK]: Introduce nested and byteorder flag to netlink attribute	2007-10-10 16:49:16 -07:00
netlink	[NETLINK]: Don't leak 'listeners' in netlink_kernel_create()	2007-10-15 12:26:32 -07:00
netrom	[NET]: Move hardware header operations out of netdevice.	2007-10-10 16:52:52 -07:00
packet	[NET]: Move hardware header operations out of netdevice.	2007-10-10 16:52:52 -07:00
rfkill	[RFKILL]: Add support for hardware-only rfkill buttons	2007-10-10 16:54:11 -07:00
rose	[NET]: Move hardware header operations out of netdevice.	2007-10-10 16:52:52 -07:00
rxrpc	KEYS: Make request_key() and co fundamentally asynchronous	2007-10-17 08:42:57 -07:00
sched	[NET]: fix carrier-on bug?	2007-10-17 23:26:43 -07:00
sctp	Remove "unsafe" from module struct	2007-10-17 08:42:49 -07:00
sunrpc	sysctl: remove broken sunrpc debug binary sysctls	2007-10-18 14:37:22 -07:00
tipc	[NET]: Wrap netdevice hardware header creation.	2007-10-10 16:52:50 -07:00
unix	sched: affine sync wakeups	2007-10-15 17:00:19 +02:00
wanrouter	[NET]: Make /proc/net per network namespace	2007-10-10 16:49:06 -07:00
wireless	Driver core: change add_uevent_var to use a struct	2007-10-12 14:51:01 -07:00
x25	[NET]: Make the device list and device lookups per namespace.	2007-10-10 16:49:10 -07:00
xfrm	[IPSEC]: Rename mode to outer_mode and add inner_mode	2007-10-17 21:35:51 -07:00
compat.c	O_CLOEXEC for SCM_RIGHTS	2007-07-16 09:05:45 -07:00
Kconfig	[NET]: Add network namespace clone & unshare support.	2007-10-10 16:52:46 -07:00
Makefile	9p: Reorganization of 9p file system code	2007-07-14 15:13:40 -05:00
nonet.c
socket.c	r/o bind mounts: filesystem helpers for custom 'struct file's	2007-10-17 08:43:04 -07:00
sysctl_net.c
TUNABLE