linux-stable/net/core
Chinmay Agarwal eefb45eef5 neighbour: Prevent Race condition in neighbour subsytem
Following Race Condition was detected:

<CPU A, t0>: Executing: __netif_receive_skb() ->__netif_receive_skb_core()
-> arp_rcv() -> arp_process().arp_process() calls __neigh_lookup() which
takes a reference on neighbour entry 'n'.
Moves further along, arp_process() and calls neigh_update()->
__neigh_update(). Neighbour entry is unlocked just before a call to
neigh_update_gc_list.

This unlocking paves way for another thread that may take a reference on
the same and mark it dead and remove it from gc_list.

<CPU B, t1> - neigh_flush_dev() is under execution and calls
neigh_mark_dead(n) marking the neighbour entry 'n' as dead. Also n will be
removed from gc_list.
Moves further along neigh_flush_dev() and calls
neigh_cleanup_and_release(n), but since reference count increased in t1,
'n' couldn't be destroyed.

<CPU A, t3>- Code hits neigh_update_gc_list, with neighbour entry
set as dead.

<CPU A, t4> - arp_process() finally calls neigh_release(n), destroying
the neighbour entry and we have a destroyed ntry still part of gc_list.

Fixes: eb4e8fac00d1("neighbour: Prevent a dead entry from updating gc_list")
Signed-off-by: Chinmay Agarwal <chinagar@codeaurora.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2021-04-21 14:47:43 -07:00
..
bpf_sk_storage.c bpf: Expose bpf_sk_storage_* to iterator programs 2020-12-04 22:32:40 +01:00
datagram.c udp: fix skb_copy_and_csum_datagram with odd segment sizes 2021-02-04 18:56:56 -08:00
datagram.h
dev.c gro: fix napi_gro_frags() Fast GRO breakage due to IP alignment check 2021-04-19 16:03:32 -07:00
dev_addr_lists.c net: core: add nested_level variable in net_device 2020-09-28 15:00:15 -07:00
dev_ioctl.c net: fix dev_ifsioc_locked() race condition 2021-02-11 18:14:19 -08:00
devlink.c mlx5 subfunction support 2021-01-28 16:57:19 -08:00
drop_monitor.c drop_monitor: Perform cleanup upon probe registration failure 2021-03-10 15:19:02 -08:00
dst.c net, bpf: Fix ip6ip6 crash with collect_md populated skbs 2021-03-10 12:24:18 -08:00
dst_cache.c
failover.c
fib_notifier.c net: fib_notifier: propagate extack down to the notifier block callback 2019-10-04 11:10:56 -07:00
fib_rules.c treewide: rename nla_strlcpy to nla_strscpy. 2020-11-16 08:08:54 -08:00
filter.c bpf: BPF-helper for MTU checking add length input 2021-03-08 22:44:33 +01:00
flow_dissector.c flow_dissector: fix byteorder of dissected ICMP ID 2021-03-14 14:30:20 -07:00
flow_offload.c net: flow_offload: Fix memory leak for indirect flow block 2020-12-09 16:08:33 -08:00
gen_estimator.c net_sched: gen_estimator: support large ewma log 2021-01-15 18:11:06 -08:00
gen_stats.c docs: networking: convert gen_stats.txt to ReST 2020-04-28 14:39:46 -07:00
gro_cells.c gro_cells: reduce number of synchronize_net() calls 2020-11-25 11:28:12 -08:00
hwbm.c
link_watch.c net: Add IF_OPER_TESTING 2020-04-20 12:43:24 -07:00
lwt_bpf.c lwt_bpf: Replace preempt_disable() with migrate_disable() 2020-12-07 11:53:40 -08:00
lwtunnel.c net: ipv6: add rpl sr tunnel 2020-03-29 22:30:57 -07:00
Makefile ethtool: move to its own directory 2019-12-12 17:07:05 -08:00
neighbour.c neighbour: Prevent Race condition in neighbour subsytem 2021-04-21 14:47:43 -07:00
net-procfs.c net-sysfs: add backlog len and CPU id to softnet data 2020-09-21 13:56:37 -07:00
net-sysfs.c net: add sysfs attribute to control napi threaded mode 2021-02-09 15:27:28 -08:00
net-sysfs.h net-sysfs: add netdev_change_owner() 2020-02-26 20:07:25 -08:00
net-traces.c
net_namespace.c net: initialize net->net_cookie at netns setup 2021-02-11 14:10:07 -08:00
netclassid_cgroup.c net: Remove the err argument from sock_from_file 2020-12-04 22:32:40 +01:00
netevent.c
netpoll.c Revert "net: Have netpoll bring-up DSA management interface" 2021-02-06 14:42:57 -08:00
netprio_cgroup.c net: Remove the err argument from sock_from_file 2020-12-04 22:32:40 +01:00
page_pool.c net: page_pool: simplify page recycling condition tests 2021-02-04 18:20:14 -08:00
pktgen.c pktgen: fix misuse of BUG_ON() in pktgen_thread_worker() 2021-01-27 16:46:37 -08:00
ptp_classifier.c ptp: Add generic ptp v2 header parsing function 2020-08-19 16:07:49 -07:00
request_sock.c tcp: add rcu protection around tp->fastopen_rsk 2019-10-13 10:13:08 -07:00
rtnetlink.c ipv6: report errors for iftoken via netlink extack 2021-04-08 13:52:36 -07:00
scm.c fs: Add receive_fd() wrapper for __receive_fd() 2020-07-13 11:03:44 -07:00
secure_seq.c crypto: lib/sha1 - remove unnecessary includes of linux/cryptohash.h 2020-05-08 15:32:17 +10:00
skbuff.c net: expand textsearch ts_state to fit skb_seq_state 2021-03-01 15:25:24 -08:00
skmsg.c bpf, sockmap: Fix incorrect fwd_alloc accounting 2021-04-07 01:29:06 +02:00
sock.c net: let skb_orphan_partial wake-up waiters. 2021-03-30 13:57:28 -07:00
sock_diag.c bpf, net: Rework cookie generator as per-cpu one 2020-09-30 11:50:35 -07:00
sock_map.c bpf: Replace fput with sockfd_put in sock map 2021-01-08 13:39:24 -08:00
sock_reuseport.c udp: Prevent reuseport_select_sock from reading uninitialized socks 2021-01-08 19:15:40 -08:00
stream.c tcp: make sure EPOLLOUT wont be missed 2019-08-19 13:07:43 -07:00
sysctl_net_core.c net: sysctl: remove redundant #ifdef CONFIG_NET 2021-01-27 17:02:43 -08:00
timestamping.c net: Introduce a new MII time stamping interface. 2019-12-25 19:51:33 -08:00
tso.c net: tso: add UDP segmentation support 2020-06-18 20:46:23 -07:00
utils.c net: Fix skb->csum update in inet_proto_csum_replace16(). 2020-01-24 20:54:30 +01:00
xdp.c xdp: fix xdp_return_frame() kernel BUG throw for page_pool memory model 2021-03-31 15:15:23 -07:00