mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-23 19:11:51 +00:00
Code Issues Releases Wiki Activity
linux-stable/net/ipv6
History
Zhang Changzhong c21bff1c99 xfrm6: fix inet6_dev refcount underflow problem 
[ Upstream commit cc9b364bb1 ]

There are race conditions that may lead to inet6_dev refcount underflow
in xfrm6_dst_destroy() and rt6_uncached_list_flush_dev().

One of the refcount underflow bugs is shown below:
	(cpu 1)                	|	(cpu 2)
xfrm6_dst_destroy()             |
  ...                           |
  in6_dev_put()                 |
				|  rt6_uncached_list_flush_dev()
  ...				|    ...
				|    in6_dev_put()
  rt6_uncached_list_del()       |    ...
  ...                           |

xfrm6_dst_destroy() calls rt6_uncached_list_del() after in6_dev_put(),
so rt6_uncached_list_flush_dev() has a chance to call in6_dev_put()
again for the same inet6_dev.

Fix it by moving in6_dev_put() after rt6_uncached_list_del() in
xfrm6_dst_destroy().

Fixes: 510c321b55 ("xfrm: reuse uncached_list to track xdsts")
Signed-off-by: Zhang Changzhong <zhangchangzhong@huawei.com>
Reviewed-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-10-25 12:03:12 +02:00
..
ila ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() 2023-03-17 08:50:23 +01:00
netfilter netfilter: tproxy: fix deadlock due to missing BH disable 2023-03-17 08:50:25 +01:00
addrconf.c neighbour: switch to standard rcu, instead of rcu_bh 2023-10-10 22:00:42 +02:00
addrconf_core.c
addrlabel.c ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network 2022-11-07 12:26:15 +00:00
af_inet6.c dccp: Call inet6_destroy_sock() via sk->sk_destruct(). 2023-04-26 14:28:43 +02:00
ah6.c xfrm: ah: add extack to ah_init_state, ah6_init_state 2022-09-29 07:17:59 +02:00
anycast.c
calipso.c
datagram.c ipv6: Fix datagram socket connection with DSCP. 2023-02-22 12:59:54 +01:00
esp6.c net: ipv6: fix return value check in esp_remove_trailer 2023-10-25 12:03:06 +02:00
esp6_offload.c xfrm: Linearize the skb after offloading if needed. 2023-06-28 11:12:29 +02:00
exthdrs.c ipv6: rpl: Fix Route of Death. 2023-06-14 11:15:20 +02:00
exthdrs_core.c ipv6: Fix out-of-bounds access in ipv6_find_tlv() 2023-05-30 14:03:21 +01:00
exthdrs_offload.c
fib6_notifier.c
fib6_rules.c
fou6.c
icmp.c icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). 2023-07-23 13:49:23 +02:00
inet6_connection_sock.c
inet6_hashtables.c tcp: Access &tcp_hashinfo via net. 2022-09-20 10:21:49 -07:00
ioam6.c genetlink: start to validate reserved header bytes 2022-08-29 12:47:15 +01:00
ioam6_iptunnel.c
ip6_checksum.c
ip6_fib.c ipv6: remove nexthop_fib6_nh_bh() 2023-10-10 22:00:46 +02:00
ip6_flowlabel.c treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
ip6_gre.c net:ipv6: check return value of pskb_trim() 2023-07-27 08:50:45 +02:00
ip6_icmp.c
ip6_input.c ipv6: ignore dst hint for multipath routes 2023-09-19 12:28:01 +02:00
ip6_offload.c net-next: skbuff: refactor pskb_pull 2022-09-30 12:31:46 +01:00
ip6_offload.h
ip6_output.c neighbour: switch to standard rcu, instead of rcu_bh 2023-10-10 22:00:42 +02:00
ip6_tunnel.c net: tunnels: annotate lockless accesses to dev->needed_headroom 2023-03-22 13:33:46 +01:00
ip6_udp_tunnel.c
ip6_vti.c ip6_vti: fix slab-use-after-free in decode_session6 2023-08-23 17:52:32 +02:00
ip6mr.c ip6mr: Fix skb_under_panic in ip6mr_cache_report() 2023-08-11 12:08:17 +02:00
ipcomp6.c xfrm: ipcomp: add extack to ipcomp{4,6}_init_state 2022-09-29 07:18:00 +02:00
ipv6_sockglue.c tcp: Fix data races around icsk->icsk_af_ops. 2022-10-12 17:50:37 -07:00
Kconfig crypto: lib - make the sha1 library optional 2022-07-15 16:43:59 +08:00
Makefile
mcast.c treewide: use prandom_u32_max() when possible, part 1 2022-10-11 17:42:55 -06:00
mcast_snoop.c
mip6.c xfrm: mip6: add extack to mip6_destopt_init_state, mip6_rthdr_init_state 2022-09-29 07:18:01 +02:00
ndisc.c neighbour: annotate lockless accesses to n->nud_state 2023-10-10 22:00:42 +02:00
netfilter.c
output_core.c treewide: use get_random_u32() when possible 2022-10-11 17:42:58 -06:00
ping.c net: annotate data-races around sk->sk_mark 2023-08-11 12:08:14 +02:00
proc.c
protocol.c
raw.c net: annotate data-races around sk->sk_priority 2023-08-11 12:08:15 +02:00
reassembly.c
route.c ipv6: remove one read_lock()/read_unlock() pair in rt6_check_neigh() 2023-10-10 22:00:46 +02:00
rpl.c net: rpl: fix rpl header size calculation 2023-04-26 14:28:34 +02:00
rpl_iptunnel.c
seg6.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2022-09-08 18:38:30 +02:00
seg6_hmac.c
seg6_iptunnel.c seg6: add support for SRv6 H.L2Encaps.Red behavior 2022-07-29 12:14:03 +01:00
seg6_local.c seg6: add NEXT-C-SID support for SRv6 End behavior 2022-09-20 12:33:22 +02:00
sit.c sit: update dev->needed_headroom in ipip6_tunnel_bind_dev() 2023-05-17 11:53:33 +02:00
syncookies.c tcp: Fix data-races around sysctl_tcp_syncookies. 2022-07-18 12:21:54 +01:00
sysctl_net_ipv6.c
tcp_ipv6.c ipv6: tcp: add a missing nf_reset_ct() in 3WHS handling 2023-10-10 22:00:42 +02:00
tcpv6_offload.c
tunnel6.c
udp.c udp: re-score reuseport groups when connected sockets are present 2023-09-13 09:42:31 +02:00
udp_impl.h tcp/udp: Call inet6_destroy_sock() in IPv6 sk->sk_destruct(). 2022-10-12 17:50:37 -07:00
udp_offload.c
udplite.c udplite: Fix NULL pointer dereference in __sk_mem_raise_allocated(). 2023-05-30 14:03:20 +01:00
xfrm6_input.c xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets 2023-06-28 11:12:28 +02:00
xfrm6_output.c
xfrm6_policy.c xfrm6: fix inet6_dev refcount underflow problem 2023-10-25 12:03:12 +02:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c xfrm: tunnel: add extack to ipip_init_state, xfrm6_tunnel_init_state 2022-09-29 07:18:00 +02:00