Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/net/ipv4
History
Eric Dumazet 1d0dd1db15 net: drop dst before queueing fragments 
[ Upstream commit 97599dc792 ]

Commit 4a94445c9a (net: Use ip_route_input_noref() in input path)
added a bug in IP defragmentation handling, as non refcounted
dst could escape an RCU protected section.

Commit 64f3b9e203 (net: ip_expire() must revalidate route) fixed
the case of timeouts, but not the general problem.

Tom Parkin noticed crashes in UDP stack and provided a patch,
but further analysis permitted us to pinpoint the root cause.

Before queueing a packet into a frag list, we must drop its dst,
as this dst has limited lifetime (RCU protected)

When/if a packet is finally reassembled, we use the dst of the very
last skb, still protected by RCU and valid, as the dst of the
reassembled packet.

Use same logic in IPv6, as there is no need to hold dst references.

Reported-by: Tom Parkin <tparkin@katalix.com>
Tested-by: Tom Parkin <tparkin@katalix.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2013-05-01 09:41:20 -07:00
..
netfilter netfilter: nf_nat: don't check for port change on ICMP tuples 2012-11-26 11:37:48 -08:00
af_inet.c ipv6: use a stronger hash for tcp 2013-02-28 06:59:06 -08:00
ah4.c net: ipv4: Standardize prefixes for message logging 2012-03-12 17:05:21 -07:00
arp.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
cipso_ipv4.c cipso: don't follow a NULL pointer when setsockopt() is called 2012-08-09 08:31:42 -07:00
datagram.c
devinet.c Disintegrate and delete asm/system.h 2012-03-28 15:58:21 -07:00
esp4.c esp4: fix error return code in esp_output() 2013-05-01 09:41:07 -07:00
fib_frontend.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
fib_lookup.h
fib_rules.c
fib_semantics.c ipv4: fix the rcu race between free_fib_info and ip_route_output_slow 2012-06-10 00:36:14 +09:00
fib_trie.c ipv4: Do not use dead fib_info entries. 2012-05-10 22:16:32 -04:00
gre.c net: ipv4: Standardize prefixes for message logging 2012-03-12 17:05:21 -07:00
icmp.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
igmp.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
inet_connection_sock.c inet: Fix kmemleak in tcp_v4/6_syn_recv_sock and dccp_v4/6_request_recv_sock 2013-01-11 09:07:14 -08:00
inet_diag.c inet_diag: validate port comparison byte code to prevent unsafe reads 2013-01-11 09:06:29 -08:00
inet_fragment.c inet: limit length of fragment queue hash table bucket lists 2013-03-28 12:11:54 -07:00
inet_hashtables.c
inet_lro.c
inet_timewait_sock.c
inetpeer.c inetpeer: fix a race in inetpeer_gc_worker() 2012-07-16 09:03:45 -07:00
ip_forward.c
ip_fragment.c net: drop dst before queueing fragments 2013-05-01 09:41:20 -07:00
ip_gre.c net: ipv4: Standardize prefixes for message logging 2012-03-12 17:05:21 -07:00
ip_input.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ip_options.c net/ipv4: Ensure that location of timestamp option is stored 2013-03-28 12:11:52 -07:00
ip_output.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
ip_sockglue.c net: prevent setting ttl=0 via IP_TTL 2013-02-14 10:48:54 -08:00
ipcomp.c net: Convert printks to pr_<level> 2012-03-11 23:42:51 -07:00
ipconfig.c net: Convert printks to pr_<level> 2012-03-11 23:42:51 -07:00
ipip.c net: Convert printks to pr_<level> 2012-03-11 23:42:51 -07:00
ipmr.c net: ipv4: ipmr_expire_timer causes crash when removing net namespace 2012-10-02 10:29:50 -07:00
Kconfig
Makefile
netfilter.c
ping.c ipv4: fix a bug in ping_err(). 2013-02-28 06:59:06 -08:00
proc.c tcp: implement RFC 5961 4.2 2013-01-11 09:07:15 -08:00
protocol.c
raw.c ipv4: raw: fix icmp_filter() 2012-10-13 05:38:44 +09:00
route.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-04-02 17:53:39 -07:00
syncookies.c tcp: incoming connections might use wrong route under synflood 2013-05-01 09:41:07 -07:00
sysctl_net_ipv4.c tcp: implement RFC 5961 3.2 2013-01-11 09:07:14 -08:00
tcp.c tcp: fix skb_availroom() 2013-03-28 12:11:53 -07:00
tcp_bic.c
tcp_cong.c tcp: Apply device TSO segment limit earlier 2012-10-02 10:29:34 -07:00
tcp_cubic.c
tcp_diag.c
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c net: fix divide by zero in tcp algorithm illinois 2012-11-17 13:16:17 -08:00
tcp_input.c tcp: call tcp_replace_ts_recent() from tcp_ack() 2013-05-01 09:41:08 -07:00
tcp_ipv4.c inet: Fix kmemleak in tcp_v4/6_syn_recv_sock and dccp_v4/6_request_recv_sock 2013-01-11 09:07:14 -08:00
tcp_lp.c
tcp_memcontrol.c Merge branch 'for-3.4' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup 2012-03-20 18:11:21 -07:00
tcp_minisocks.c
tcp_output.c tcp: Reallocate headroom if it would overflow csum_start 2013-05-01 09:41:07 -07:00
tcp_probe.c net: ipv4: Standardize prefixes for message logging 2012-03-12 17:05:21 -07:00
tcp_scalable.c
tcp_timer.c net: ipv4: Standardize prefixes for message logging 2012-03-12 17:05:21 -07:00
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tunnel4.c net: Convert printks to pr_<level> 2012-03-11 23:42:51 -07:00
udp.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
udp_diag.c udp_diag: implement idiag_get_info for udp/udplite to get queue information 2012-04-25 20:43:01 -04:00
udp_impl.h
udplite.c net: ipv4: Standardize prefixes for message logging 2012-03-12 17:05:21 -07:00
xfrm4_input.c
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c
xfrm4_policy.c
xfrm4_state.c
xfrm4_tunnel.c net: ipv4: Standardize prefixes for message logging 2012-03-12 17:05:21 -07:00