linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-18 16:44:33 +00:00

History

Wei Yongjun a454f0ccef xfrm: Fix initialize repl field of struct xfrm_state Commit 'xfrm: Move IPsec replay detection functions to a separate file' (`9fdc4883d9`) introduce repl field to struct xfrm_state, and only initialize it under SA's netlink create path, the other path, such as pf_key, ipcomp/ipcomp6 etc, the repl field remaining uninitialize. So if the SA is created by pf_key, any input packet with SA's encryption algorithm will cause panic. int xfrm_input() { ... x->repl->advance(x, seq); ... } This patch fixed it by introduce new function __xfrm_init_state(). Pid: 0, comm: swapper Not tainted 2.6.38-next+ #14 Bochs Bochs EIP: 0060:[<c078e5d5>] EFLAGS: 00010206 CPU: 0 EIP is at xfrm_input+0x31c/0x4cc EAX: dd839c00 EBX: 00000084 ECX: 00000000 EDX: 01000000 ESI: dd839c00 EDI: de3a0780 EBP: dec1de88 ESP: dec1de64 DS: 007b ES: 007b FS: 00d8 GS: 00e0 SS: 0068 Process swapper (pid: 0, ti=dec1c000 task=c09c0f20 task.ti=c0992000) Stack: 00000000 00000000 00000002 c0ba27c0 00100000 01000000 de3a0798 c0ba27c0 00000033 dec1de98 c0786848 00000000 de3a0780 dec1dea4 c0786868 00000000 dec1debc c074ee56 e1da6b8c de3a0780 c074ed44 de3a07a8 dec1decc c074ef32 Call Trace: [<c0786848>] xfrm4_rcv_encap+0x22/0x27 [<c0786868>] xfrm4_rcv+0x1b/0x1d [<c074ee56>] ip_local_deliver_finish+0x112/0x1b1 [<c074ed44>] ? ip_local_deliver_finish+0x0/0x1b1 [<c074ef32>] NF_HOOK.clone.1+0x3d/0x44 [<c074ef77>] ip_local_deliver+0x3e/0x44 [<c074ed44>] ? ip_local_deliver_finish+0x0/0x1b1 [<c074ec03>] ip_rcv_finish+0x30a/0x332 [<c074e8f9>] ? ip_rcv_finish+0x0/0x332 [<c074ef32>] NF_HOOK.clone.1+0x3d/0x44 [<c074f188>] ip_rcv+0x20b/0x247 [<c074e8f9>] ? ip_rcv_finish+0x0/0x332 [<c072797d>] __netif_receive_skb+0x373/0x399 [<c0727bc1>] netif_receive_skb+0x4b/0x51 [<e0817e2a>] cp_rx_poll+0x210/0x2c4 [8139cp] [<c072818f>] net_rx_action+0x9a/0x17d [<c0445b5c>] __do_softirq+0xa1/0x149 [<c0445abb>] ? __do_softirq+0x0/0x149 Signed-off-by: Wei Yongjun <yjwei@cn.fujitsu.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2011-03-21 18:08:28 -07:00
..
9p	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6	2011-03-16 16:29:25 -07:00
802
8021q	vlan: should take into account needed_headroom	2011-03-18 15:13:12 -07:00
appletalk	appletalk: remove the BKL	2011-03-05 10:55:57 +01:00
atm	ipv4: Create and use route lookup helpers.	2011-03-12 15:08:42 -08:00
ax25
batman-adv	Merge branch 'batman-adv/next' of git://git.open-mesh.org/ecsv/linux-merge	2011-03-07 00:37:13 -08:00
bluetooth	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/hid	2011-03-18 10:35:30 -07:00
bridge	bridge: Reset IPCB when entering IP stack on NF_FORWARD	2011-03-18 15:13:12 -07:00
caif	Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6	2011-02-08 17:19:01 -08:00
can
ceph	libceph: fix msgr standby handling	2011-03-04 12:25:05 -08:00
core	ethtool: __ethtool_set_sg: check for function pointer before using it	2011-03-18 15:13:10 -07:00
dcb	net: dcbnl: Update copyright dates	2011-03-14 17:02:42 -07:00
dccp	net: Put fl6_* macros to struct flowi6 and use them again.	2011-03-12 15:08:55 -08:00
decnet	decnet: Convert to use flowidn where applicable.	2011-03-12 15:08:55 -08:00
dns_resolver	DNS: Fix a NULL pointer deref when trying to read an error key [CVE-2011-1076]	2011-03-04 09:56:19 +11:00
dsa	dsa/mv88e6060: support nonzero mii base address	2011-03-08 14:24:20 -08:00
econet	econet: 4 byte infoleak to the network	2011-03-18 15:12:15 -07:00
ethernet
ieee802154
ipv4	netfilter: ipt_CLUSTERIP: fix buffer overflow	2011-03-20 15:42:52 +01:00
ipv6	netfilter: xtables: fix reentrancy	2011-03-20 15:40:06 +01:00
ipx	ipx: remove the BKL	2011-03-05 10:55:58 +01:00
irda	tty: now phase out the ioctl file pointer for good	2011-02-17 11:59:56 -08:00
iucv
key	pfkey: fix warning	2011-03-01 22:51:52 -08:00
l2tp	ipv4: Create and use route lookup helpers.	2011-03-12 15:08:42 -08:00
lapb
llc	llc: avoid skb_clone() if there is only one handler	2011-02-28 12:28:50 -08:00
mac80211	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial	2011-03-18 10:37:40 -07:00
netfilter	netfilter: ipset: fix checking the type revision at create command	2011-03-20 15:35:01 +01:00
netlabel	netlink: kill loginuid/sessionid/sid members from struct netlink_skb_parms	2011-03-03 10:55:40 -08:00
netlink	Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6	2011-03-03 21:27:42 -08:00
netrom
packet	af_packet: struct socket declared/assigned but unused	2011-03-07 15:51:13 -08:00
phonet	Phonet: fix aligned-mode pipe socket buffer header reserve	2011-03-15 14:55:49 -07:00
rds	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6	2011-03-16 16:29:25 -07:00
rfkill
rose	ROSE: AX25: finding routes simplification	2011-02-14 13:33:49 -08:00
rxrpc	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6	2011-03-16 16:29:25 -07:00
sched	ipv4: Remove flowi from struct rtable.	2011-03-04 21:55:31 -08:00
sctp	ipv6: Convert to use flowi6 where applicable.	2011-03-12 15:08:54 -08:00
sunrpc	Merge branch 'nfs-for-2.6.39' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6	2011-03-17 17:40:00 -07:00
tipc	tipc: delete extra semicolon blocking node deletion	2011-03-14 12:21:12 -04:00
unix	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6	2011-03-16 16:29:25 -07:00
wanrouter
wimax
wireless	Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-next-2.6 into for-davem	2011-03-15 14:16:48 -04:00
x25	x25: remove the BKL	2011-03-05 10:55:45 +01:00
xfrm	xfrm: Fix initialize repl field of struct xfrm_state	2011-03-21 18:08:28 -07:00
compat.c
Kconfig
Makefile	net: Enter net/ipv6/ even if CONFIG_IPV6=n	2011-03-07 12:50:52 -08:00
nonet.c
socket.c	ethtool: Compat handling for struct ethtool_rxnfc	2011-03-18 15:13:11 -07:00
sysctl_net.c
TUNABLE