linux-stable/net
Octavian Purdila fcbdf09d96 net: fix nulls list corruptions in sk_prot_alloc
Special care is taken inside sk_port_alloc to avoid overwriting
skc_node/skc_nulls_node. We should also avoid overwriting
skc_bind_node/skc_portaddr_node.

The patch fixes the following crash:

 BUG: unable to handle kernel paging request at fffffffffffffff0
 IP: [<ffffffff812ec6dd>] udp4_lib_lookup2+0xad/0x370
 [<ffffffff812ecc22>] __udp4_lib_lookup+0x282/0x360
 [<ffffffff812ed63e>] __udp4_lib_rcv+0x31e/0x700
 [<ffffffff812bba45>] ? ip_local_deliver_finish+0x65/0x190
 [<ffffffff812bbbf8>] ? ip_local_deliver+0x88/0xa0
 [<ffffffff812eda35>] udp_rcv+0x15/0x20
 [<ffffffff812bba45>] ip_local_deliver_finish+0x65/0x190
 [<ffffffff812bbbf8>] ip_local_deliver+0x88/0xa0
 [<ffffffff812bb2cd>] ip_rcv_finish+0x32d/0x6f0
 [<ffffffff8128c14c>] ? netif_receive_skb+0x99c/0x11c0
 [<ffffffff812bb94b>] ip_rcv+0x2bb/0x350
 [<ffffffff8128c14c>] netif_receive_skb+0x99c/0x11c0

Signed-off-by: Leonard Crestez <lcrestez@ixiacom.com>
Signed-off-by: Octavian Purdila <opurdila@ixiacom.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-12-16 14:26:56 -08:00
..
9p net/9p: Return error on read with NULL buffer 2010-10-28 09:08:49 -05:00
802 net/802: add __rcu annotations 2010-10-25 13:09:44 -07:00
8021q vlan: rcu annotations 2010-10-25 13:09:43 -07:00
appletalk Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-04-11 14:53:53 -07:00
atm atm: correct sysfs 'device' link creation and parent relationships 2010-12-10 15:45:05 -08:00
ax25 net: ax25: fix information leak to userland 2010-11-10 10:14:33 -08:00
bluetooth Bluetooth: Fix initial RFCOMM DLC security level 2010-12-06 15:47:44 -02:00
bridge bridge: Forward reserved group addresses if !STP 2010-10-21 04:25:48 -07:00
caif caif: Remove noisy printout when disconnecting caif socket 2010-11-03 18:50:04 -07:00
can can-bcm: fix minor heap overflow 2010-11-12 14:07:14 -08:00
ceph Net: ceph: Makefile: Remove unnessary code 2010-11-27 17:39:29 -08:00
core net: fix nulls list corruptions in sk_prot_alloc 2010-12-16 14:26:56 -08:00
dcb include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
dccp dccp: fix error in updating the GAR 2010-11-28 11:29:27 -08:00
decnet DECnet: don't leak uninitialized stack byte 2010-11-28 11:32:30 -08:00
dns_resolver DNS: If the DNS server returns an error, allow that to be cached [ver #2] 2010-08-11 17:11:28 +00:00
dsa phylib: available for any speed ethernet 2010-08-11 23:03:50 -07:00
econet econet: Fix crash in aun_incoming(). 2010-12-08 20:51:15 -08:00
ethernet net: return operator cleanup 2010-09-23 14:33:39 -07:00
ieee802154 ieee802154: Fix possible NULL pointer dereference in wpan_phy_alloc 2010-05-23 23:11:07 -07:00
ipv4 net: fix nulls list corruptions in sk_prot_alloc 2010-12-16 14:26:56 -08:00
ipv6 net: fix nulls list corruptions in sk_prot_alloc 2010-12-16 14:26:56 -08:00
ipx BKL: introduce CONFIG_BKL. 2010-10-21 15:44:13 +02:00
irda net: irda: irttp: sync error paths of data- and udata-requests 2010-11-18 12:24:25 -08:00
iucv [S390] cleanup lowcore access from external interrupts 2010-10-25 16:10:19 +02:00
key net: return operator cleanup 2010-09-23 14:33:39 -07:00
l2tp l2tp: Fix modalias of l2tp_ip 2010-12-08 12:13:43 -08:00
lapb include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
llc llc: fix a device refcount imbalance 2010-12-08 09:58:44 -08:00
mac80211 mac80211: avoid calling ieee80211_work_work unconditionally 2010-12-13 14:55:08 -05:00
netfilter netfilter: fix IP_VS dependencies 2010-11-18 13:14:33 -08:00
netlabel net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
netlink netlink: fix netlink_change_ngroups() 2010-10-24 16:25:39 -07:00
netrom net: sk_sleep() helper 2010-04-20 16:37:13 -07:00
packet net: Fix header size check for GSO case in recvmsg (af_packet) 2010-11-12 11:06:46 -08:00
phonet phonet: remove the unused variable pn 2010-10-20 01:55:54 -07:00
rds rds: Integer overflow in RDS cmsg handling 2010-11-17 12:20:52 -08:00
rfkill Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-10-23 11:47:02 -07:00
rose Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-09-27 01:03:03 -07:00
rxrpc Add a dummy printk function for the maintenance of unused printks 2010-08-12 09:51:35 -07:00
sched classifier: report statistics for basic classifier 2010-11-08 12:17:05 -08:00
sctp SCTP: Fix SCTP_SET_PEER_PRIMARY_ADDR to accpet v4mapped address 2010-12-10 15:29:49 -08:00
sunrpc convert get_sb_single() users 2010-10-29 04:16:28 -04:00
tipc net: tipc: fix information leak to userland 2010-11-09 09:25:46 -08:00
unix af_unix: limit recursion level 2010-11-29 09:45:15 -08:00
wanrouter fix printk typo 'faild' 2010-08-09 11:25:17 +02:00
wimax Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2010-05-20 21:04:44 -07:00
wireless cfg80211: fix can_beacon_sec_chan, reenable HT40 2010-11-18 11:35:05 -05:00
x25 x25: decrement netdev reference counts on unload 2010-12-08 12:13:44 -08:00
xfrm xfrm: Fix xfrm_state_migrate leak 2010-12-09 20:35:27 -08:00
compat.c net: Limit socket I/O iovec total length to INT_MAX. 2010-10-28 11:47:52 -07:00
Kconfig ceph: factor out libceph from Ceph file system 2010-10-20 15:37:28 -07:00
Makefile ceph: factor out libceph from Ceph file system 2010-10-20 15:37:28 -07:00
nonet.c llseek: automatically add .llseek fop 2010-10-15 15:53:27 +02:00
socket.c net: Document the kernel_recvmsg() function 2010-12-10 11:13:18 -08:00
sysctl_net.c net: Remove unnecessary returns from void function()s 2010-05-17 23:23:14 -07:00
TUNABLE