1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
android_kernel_google_msm/net/ipv6
Weilong Chen 9a6fbaeb68 ipv6: add check for blackhole or prohibited entry in rt6_redire
There's a check for ip6_null_entry, but it's not enough if the config
CONFIG_IPV6_MULTIPLE_TABLES is selected. Blackhole or prohibited entries
should also be ignored.

This path is for kernel before v3.6, as there's a commit b94f1c0
use icmpv6_notify() instead of rt6_redirect() and rt6_redirect has
been deleted.

The oops as follow:
    [exception RIP: do_raw_write_lock+12]
    RIP: ffffffff8122c42c  RSP: ffff880666e45820  RFLAGS: 00010282
    RAX: ffff8801207bffd8  RBX: 0000000000000018  RCX: 0000000000000000
    RDX: 0000000000000000  RSI: ffff880666e45898  RDI: 0000000000000018
    RBP: ffff880666e45830   R8: 000000000000001e   R9: 0000000006000000
    R10: ffff88011796b8a0  R11: 0000000000000004  R12: ffff88010391ed00
    R13: 0000000000000000  R14: ffff880666e45898  R15: ffff88011796b890
    ORIG_RAX: ffffffffffffffff  CS: 0010  SS: 0018
    [ffff880666e45838] _raw_write_lock_bh at ffffffff81450b39
    [ffff880666e45858] __ip6_ins_rt at ffffffff813ed8c1
    [ffff880666e45888] ip6_ins_rt at ffffffff813eef58
    [ffff880666e458b8] rt6_redirect at ffffffff813f0b84
    [ffff880666e45958] ndisc_rcv at ffffffff813f95d8
    [ffff880666e45a08] icmpv6_rcv at ffffffff814000e8
    [ffff880666e45ae8] ip6_input_finish at ffffffff813e43bb
    [ffff880666e45b38] ip6_input at ffffffff813e4b08
    [ffff880666e45b68] ipv6_rcv at ffffffff813e4969
    [ffff880666e45bc8] __netif_receive_skb at ffffffff8135158a
    [ffff880666e45c38] dev_gro_receive at ffffffff81351cb0
    [ffff880666e45c78] napi_gro_receive at ffffffff81351fc5
    [ffff880666e45cb8] tg3_rx at ffffffffa0bfb354 [tg]
    [ffff880666e45d88] tg3_poll_work at ffffffffa0c07857 [tg]
    [ffff880666e45e18] tg3_poll_msix at ffffffffa0c07d1b [tg]
    [ffff880666e45e68] net_rx_action at ffffffff81352219
    [ffff880666e45ec8] __do_softirq at ffffffff8103e5a1
    [ffff880666e45f38] call_softirq at ffffffff81459c4c
    [ffff880666e45f50] do_softirq at ffffffff8100413d
    [ffff880666e45f80] do_IRQ at ffffffff81003cce
This happened when ip6_route_redirect found a rt which was set
blackhole, the rt had a NULL rt6i_table argument which is accessed by
__ip6_ins_rt() when trying to lock rt6i_table->tb6_lock caused a BUG:
"BUG: unable to handle kernel NULL pointer"

Signed-off-by: Weilong Chen <chenweilong@huawei.com>
2015-09-14 09:27:08 +08:00
..
netfilter netfilter: Can't fail and free after table replacement 2014-05-18 05:25:56 -07:00
addrconf.c ipv6: reallocate addrconf router for ipv6 address when lo device up 2014-08-07 12:00:11 -07:00
addrconf_core.c
addrlabel.c
af_inet6.c
ah6.c
anycast.c
datagram.c ipv6: fix leaking uninitialized port number of offender sockaddr 2013-12-08 07:29:42 -08:00
esp6.c
exthdrs.c
exthdrs_core.c
fib6_rules.c
icmp.c ipv6: some ipv6 statistic counters failed to disable bh 2014-04-26 17:13:18 -07:00
inet6_connection_sock.c
inet6_hashtables.c net: do not call sock_put() on TIMEWAIT sockets 2013-11-04 04:23:40 -08:00
ip6_fib.c ipv6: replacing a rt6_info needs to purge possible propagated rt6_infos too 2015-04-14 17:33:57 +08:00
ip6_flowlabel.c
ip6_input.c
ip6_output.c ip: make IP identifiers less predictable 2014-08-14 08:42:35 +08:00
ip6_tunnel.c net: tunnels - enable module autoloading 2014-06-26 15:10:28 -04:00
ip6mr.c net: avoid reference counter overflows on fib_rules in multicast forwarding 2014-02-06 11:05:48 -08:00
ipcomp6.c
ipv6_sockglue.c
Kconfig
Makefile drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets 2015-02-02 17:05:26 +08:00
mcast.c ipv6: some ipv6 statistic counters failed to disable bh 2014-04-26 17:13:18 -07:00
mip6.c
ndisc.c ipv6: Don't depend on per socket memory for neighbour discovery messages 2013-09-14 06:02:10 -07:00
netfilter.c
output_core.c drivers/net, ipv6: Select IPv6 fragment idents for virtio UFO packets 2015-02-02 17:05:26 +08:00
proc.c
protocol.c
raw.c inet: fix addr_len/msg->msg_namelen assignment in recv_error and rxpmtu functions 2013-12-08 07:29:42 -08:00
reassembly.c ipv6: drop packets with multiple fragmentation headers 2013-09-14 06:02:10 -07:00
route.c ipv6: add check for blackhole or prohibited entry in rt6_redire 2015-09-14 09:27:08 +08:00
sit.c net: tunnels - enable module autoloading 2014-06-26 15:10:28 -04:00
syncookies.c
sysctl_net_ipv6.c
tcp_ipv6.c net: ipv6: tcp: fix potential use after free in tcp_v6_do_rcv 2013-09-14 06:02:10 -07:00
tunnel6.c
udp.c ipv6: reuse ip6_frag_id from ip6_ufo_append_data 2014-12-01 18:02:44 +08:00
udp_impl.h
udplite.c
xfrm6_input.c
xfrm6_mode_beet.c
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c
xfrm6_output.c
xfrm6_policy.c
xfrm6_state.c
xfrm6_tunnel.c