Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/net
History
Eric Dumazet d5127daf88 ipv6: add complete rcu protection around np->opt 
[ Upstream commit 45f6fad84cc305103b28d73482b344d7f5b76f39 ]

This patch addresses multiple problems :

UDP/RAW sendmsg() need to get a stable struct ipv6_txoptions
while socket is not locked : Other threads can change np->opt
concurrently. Dmitry posted a syzkaller
(http://github.com/google/syzkaller) program desmonstrating
use-after-free.

Starting with TCP/DCCP lockless listeners, tcp_v6_syn_recv_sock()
and dccp_v6_request_recv_sock() also need to use RCU protection
to dereference np->opt once (before calling ipv6_dup_options())

This patch adds full RCU protection to np->opt

BUG: 28746669

Change-Id: I207da29ac48bb6dd7c40d65f9e27c4e3ff508da0
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Pierre Imai <imaipi@google.com>
2016-06-17 02:54:32 +00:00
..
9p
802
8021q Revert "net: maintain namespace isolation between vlan and real device" 2012-05-10 23:03:34 -04:00
appletalk
atm
ax25 net ax25: Reorder ax25_exit to remove races. 2012-04-19 15:37:48 -04:00
batman-adv
bluetooth msm: kgsl: Restructure IOMMU clock management 2014-06-24 10:22:15 -06:00
bridge Merge commit 'v3.4-rc6' into android-3.4 2012-05-07 18:20:34 -07:00
caif
can
ceph
core fix infoleak in rtnetlink 2016-06-15 06:22:23 +00:00
dcb
dccp ipv6: add complete rcu protection around np->opt 2016-06-17 02:54:32 +00:00
decnet
dns_resolver
dsa
econet
ethernet
ieee802154 6lowpan: add missing spin_lock_init() 2012-04-26 05:32:55 -04:00
ipv4 net: ping: Return EAFNOSUPPORT when appropriate. 2015-05-20 15:24:04 +09:00
ipv6 ipv6: add complete rcu protection around np->opt 2016-06-17 02:54:32 +00:00
ipx
irda
iucv
key
l2tp net/l2tp: don't fall back on UDP [get|set]sockopt 2014-07-24 15:36:39 -07:00
lapb
llc
mac80211 ieee80211: Rename VHT cap struct 2013-09-04 12:43:32 -07:00
netfilter Don't show empty tag stats for unprivileged uids 2016-06-08 11:29:32 -07:00
netlabel
netlink netlink: validate addr_len on bind 2013-07-03 10:34:22 -07:00
netrom
nfc
openvswitch openvswitch: checking wrong variable in queue_userspace_packet() 2012-05-13 15:47:34 -04:00
packet
phonet
rds
rfkill
rose
rxrpc
sched net: sched: export an api to enable/disable flow on sch 2013-03-07 15:20:04 -08:00
sctp sctp: check cached dst before using it 2012-05-10 23:15:47 -04:00
sunrpc freezer: add unsafe versions of freezable helpers for NFS 2013-07-12 14:22:55 -07:00
tipc
unix af_unix: use freezable blocking calls in read 2013-07-12 14:22:59 -07:00
wanrouter
wimax
wireless cfg80211: add flags to define country IE processing rules 2014-02-10 15:57:17 -08:00
x25
xfrm
activity_stats.c
compat.c net/compat.c,linux/filter.h: share compat_sock_fprog 2014-10-31 19:46:10 -07:00
Kconfig
Makefile
nonet.c
socket.c net: validate the range we feed to iov_iter_init() in sys_sendto/sys_recvfrom 2016-06-15 06:22:38 +00:00
sysctl_net.c