Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/net/core
History
Eric Dumazet 7d9577d0b2 ipv6: do not clear pinet6 field 
[ Upstream commit f77d602124 ]

We have seen multiple NULL dereferences in __inet6_lookup_established()

After analysis, I found that inet6_sk() could be NULL while the
check for sk_family == AF_INET6 was true.

Bug was added in linux-2.6.29 when RCU lookups were introduced in UDP
and TCP stacks.

Once an IPv6 socket, using SLAB_DESTROY_BY_RCU is inserted in a hash
table, we no longer can clear pinet6 field.

This patch extends logic used in commit fcbdf09d96
("net: fix nulls list corruptions in sk_prot_alloc")

TCP/UDP/UDPLite IPv6 protocols provide their own .clear_sk() method
to make sure we do not clear pinet6 field.

At socket clone phase, we do not really care, as cloning the parent (non
NULL) pinet6 is not adding a fatal race.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-05-19 10:54:47 -07:00
..
datagram.c net: fix infinite loop in __skb_recv_datagram() 2013-02-28 06:59:06 -08:00
dev.c net: use netdev_features_t in skb_needs_linearize() 2013-05-19 10:54:45 -07:00
dev_addr_lists.c net: count hw_addr syncs so that unsync works properly. 2013-05-01 09:41:06 -07:00
drop_monitor.c drop_monitor: dont sleep in atomic context 2012-07-16 09:03:44 -07:00
dst.c net: Rename dst_get_neighbour{, _raw} to dst_get_neighbour_noref{, _raw}. 2011-12-05 15:20:19 -05:00
ethtool.c net: vlan,ethtool: netdev_features_t is more than 32 bit 2013-05-19 10:54:45 -07:00
fib_rules.c
filter.c bpf jit: Make the filter.c::__load_pointer helper non-static for the jits 2012-04-03 18:01:03 -04:00
flow.c net: Add a flow_cache_flush_deferred function 2011-12-21 16:48:08 -05:00
flow_dissector.c net: flow_dissector.c missing include linux/export.h 2012-01-24 16:03:33 -05:00
gen_estimator.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
gen_stats.c
iovec.c net: get rid of some pointless casts to sockaddr 2012-03-11 19:11:22 -07:00
kmap_skb.h net: remove the second argument of k[un]map_atomic() 2012-03-20 21:48:27 +08:00
link_watch.c
Makefile sock_diag: Move the sock_ code to net/core/ 2011-12-06 13:58:02 -05:00
neighbour.c net: Fix skb_under_panic oops in neigh_resolve_output 2012-10-28 10:14:15 -07:00
net-sysfs.c static keys: Introduce 'struct static_key', static_key_true()/false() and static_key_slow_[inc|dec]() 2012-02-24 10:05:59 +01:00
net-sysfs.h
net-traces.c
net_namespace.c net: Statically initialize init_net.dev_base_head 2012-10-02 10:30:35 -07:00
netevent.c
netpoll.c netpoll: fix netpoll_send_udp() bugs 2012-07-16 09:03:47 -07:00
netprio_cgroup.c Merge branch 'for-3.4' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup 2012-03-20 18:11:21 -07:00
pktgen.c pktgen: correctly handle failures when adding a device 2013-02-14 10:49:05 -08:00
request_sock.c ipv4:correct description for tcp_max_syn_backlog 2011-12-06 13:02:28 -05:00
rtnetlink.c rtnetlink: Call nlmsg_parse() with correct header length 2013-05-01 09:41:07 -07:00
scm.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
secure_seq.c net: fix some sparse errors 2012-01-17 10:31:12 -05:00
skbuff.c splice: fix racy pipe->buffers uses 2012-07-16 09:04:42 -07:00
sock.c ipv6: do not clear pinet6 field 2013-05-19 10:54:47 -07:00
sock_diag.c sock_diag: Fix out-of-bounds access to sock_diag_handlers[] 2013-02-28 06:59:06 -08:00
stream.c
sysctl_net_core.c static keys: Introduce 'struct static_key', static_key_true()/false() and static_key_slow_[inc|dec]() 2012-02-24 10:05:59 +01:00
timestamping.c
user_dma.c
utils.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00