Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/net/netfilter
History
Francesco Ruggeri 05aa559283 netfilter: compat: initialize all fields in xt_init 
commit 8d29d16d21342a0c86405d46de0c4ac5daf1760f upstream

If a non zero value happens to be in xt[NFPROTO_BRIDGE].cur at init
time, the following panic can be caused by running

% ebtables -t broute -F BROUTING

from a 32-bit user level on a 64-bit kernel. This patch replaces
kmalloc_array with kcalloc when allocating xt.

[  474.680846] BUG: unable to handle kernel paging request at 0000000009600920
[  474.687869] PGD 2037006067 P4D 2037006067 PUD 2038938067 PMD 0
[  474.693838] Oops: 0000 [#1] SMP
[  474.697055] CPU: 9 PID: 4662 Comm: ebtables Kdump: loaded Not tainted 4.19.17-11302235.AroraKernelnext.fc18.x86_64 #1
[  474.707721] Hardware name: Supermicro X9DRT/X9DRT, BIOS 3.0 06/28/2013
[  474.714313] RIP: 0010:xt_compat_calc_jump+0x2f/0x63 [x_tables]
[  474.720201] Code: 40 0f b6 ff 55 31 c0 48 6b ff 70 48 03 3d dc 45 00 00 48 89 e5 8b 4f 6c 4c 8b 47 60 ff c9 39 c8 7f 2f 8d 14 08 d1 fa 48 63 fa <41> 39 34 f8 4c 8d 0c fd 00 00 00 00 73 05 8d 42 01 eb e1 76 05 8d
[  474.739023] RSP: 0018:ffffc9000943fc58 EFLAGS: 00010207
[  474.744296] RAX: 0000000000000000 RBX: ffffc90006465000 RCX: 0000000002580249
[  474.751485] RDX: 00000000012c0124 RSI: fffffffff7be17e9 RDI: 00000000012c0124
[  474.758670] RBP: ffffc9000943fc58 R08: 0000000000000000 R09: ffffffff8117cf8f
[  474.765855] R10: ffffc90006477000 R11: 0000000000000000 R12: 0000000000000001
[  474.773048] R13: 0000000000000000 R14: ffffc9000943fcb8 R15: ffffc9000943fcb8
[  474.780234] FS:  0000000000000000(0000) GS:ffff88a03f840000(0063) knlGS:00000000f7ac7700
[  474.788612] CS:  0010 DS: 002b ES: 002b CR0: 0000000080050033
[  474.794632] CR2: 0000000009600920 CR3: 0000002037422006 CR4: 00000000000606e0
[  474.802052] Call Trace:
[  474.804789]  compat_do_replace+0x1fb/0x2a3 [ebtables]
[  474.810105]  compat_do_ebt_set_ctl+0x69/0xe6 [ebtables]
[  474.815605]  ? try_module_get+0x37/0x42
[  474.819716]  compat_nf_setsockopt+0x4f/0x6d
[  474.824172]  compat_ip_setsockopt+0x7e/0x8c
[  474.828641]  compat_raw_setsockopt+0x16/0x3a
[  474.833220]  compat_sock_common_setsockopt+0x1d/0x24
[  474.838458]  __compat_sys_setsockopt+0x17e/0x1b1
[  474.843343]  ? __check_object_size+0x76/0x19a
[  474.847960]  __ia32_compat_sys_socketcall+0x1cb/0x25b
[  474.853276]  do_fast_syscall_32+0xaf/0xf6
[  474.857548]  entry_SYSENTER_compat+0x6b/0x7a

Signed-off-by: Francesco Ruggeri <fruggeri@arista.com>
Acked-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Zubin Mithra <zsm@chromium.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2019-07-27 22:10:42 +02:00
..
ipset netfilter: ipset: small potential read beyond the end of buffer 2015-01-27 07:52:33 -08:00
ipvs ipvs: fix buffer overflow with sync daemon and service 2019-07-27 22:08:33 +02:00
Kconfig BACKPORT: netfilter: Kconfig: get rid of parens around depends on 2019-07-27 21:51:02 +02:00
Makefile
core.c
nf_conntrack_acct.c
nf_conntrack_amanda.c
nf_conntrack_broadcast.c
nf_conntrack_core.c This is the 3.10.99 stable release 2017-04-18 17:17:46 +02:00
nf_conntrack_ecache.c netfilter: invoke synchronize_rcu after set the _hook_ to NULL 2019-07-27 21:44:22 +02:00
nf_conntrack_expect.c netfilter: nf_conntrack: Support expectations in different zones 2015-10-22 14:37:50 -07:00
nf_conntrack_extend.c netfilter: nf_ct_ext: fix possible panic after nf_ct_extend_unregister 2019-07-27 21:44:26 +02:00
nf_conntrack_ftp.c
nf_conntrack_h323_asn1.c
nf_conntrack_h323_main.c
nf_conntrack_h323_types.c
nf_conntrack_helper.c
nf_conntrack_irc.c Netfilter: IRC DCC fixes 2015-06-19 14:38:50 +05:30
nf_conntrack_l3proto_generic.c
nf_conntrack_labels.c
nf_conntrack_netbios_ns.c
nf_conntrack_netlink.c netfilter: ctnetlink: fix incorrect nf_ct_put during hash resize 2019-07-27 21:44:51 +02:00
nf_conntrack_pptp.c
nf_conntrack_proto.c
nf_conntrack_proto_dccp.c
nf_conntrack_proto_generic.c netfilter: conntrack: disable generic tracking for known protocols 2015-04-29 10:33:59 +02:00
nf_conntrack_proto_gre.c
nf_conntrack_proto_sctp.c
nf_conntrack_proto_tcp.c netfilter: nf_conntrack: avoid large timeout for mid-stream pickup 2014-10-05 14:54:15 -07:00
nf_conntrack_proto_udp.c
nf_conntrack_proto_udplite.c
nf_conntrack_sane.c
nf_conntrack_sip.c netfilter: Fix to MO call issue 2015-03-24 11:53:07 +05:30
nf_conntrack_snmp.c
nf_conntrack_standalone.c
nf_conntrack_tftp.c
nf_conntrack_timeout.c
nf_conntrack_timestamp.c
nf_internals.h
nf_log.c netfilter: nf_log: don't hold nf_log_mutex during user access 2019-07-27 21:50:15 +02:00
nf_nat_amanda.c
nf_nat_core.c netfilter: nf_nat: add full port randomization support 2019-07-27 22:08:25 +02:00
nf_nat_ftp.c
nf_nat_helper.c
nf_nat_irc.c netfilter:Changes to Allow IRC DCC 2014-11-17 09:24:00 +05:30
nf_nat_proto_common.c netfilter: nf_nat: add full port randomization support 2019-07-27 22:08:25 +02:00
nf_nat_proto_dccp.c
nf_nat_proto_sctp.c
nf_nat_proto_tcp.c
nf_nat_proto_udp.c
nf_nat_proto_udplite.c
nf_nat_proto_unknown.c
nf_nat_sip.c msm: netfilter: changes to handle contact address modification in SIP ALG 2015-01-28 01:54:53 -08:00
nf_nat_tftp.c
nf_queue.c
nf_sockopt.c
nf_tproxy_core.c
nfnetlink.c
nfnetlink_acct.c
nfnetlink_cthelper.c netfilter: nfnetlink_cthelper: Add missing permission checks 2019-07-27 21:45:53 +02:00
nfnetlink_cttimeout.c netfilter: invoke synchronize_rcu after set the _hook_ to NULL 2019-07-27 21:44:22 +02:00
nfnetlink_log.c netfilter: nf_log: release skbuff on nlmsg put failure 2014-11-21 09:22:54 -08:00
nfnetlink_queue_core.c netfilter: nf_queue: augment nfqa_cfg_policy 2019-07-27 21:52:53 +02:00
nfnetlink_queue_ct.c
x_tables.c netfilter: compat: initialize all fields in xt_init 2019-07-27 22:10:42 +02:00
xt_AUDIT.c
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_CONNSECMARK.c
xt_CT.c
xt_DSCP.c
xt_HARDIDLETIMER.c netfilter:Notify user space on creating sysfs file 2019-07-27 21:51:05 +02:00
xt_HL.c
xt_HMARK.c
xt_IDLETIMER.c netfilter: xt_IDLETIMER: add sysfs filename checking routine 2019-07-27 22:08:35 +02:00
xt_LED.c netfilter: x_tables: fix missing timer initialization in xt_LED 2019-07-27 21:49:20 +02:00
xt_LOG.c
xt_NETMAP.c
xt_NFLOG.c
xt_NFQUEUE.c
xt_RATEEST.c netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert 2019-07-27 21:49:19 +02:00
xt_REDIRECT.c
xt_SECMARK.c
xt_TCPMSS.c netfilter: xt_TCPMSS: correct return value in tcpmss_mangle_packet 2019-07-27 21:46:06 +02:00
xt_TCPOPTSTRIP.c
xt_TEE.c
xt_TPROXY.c
xt_TRACE.c
xt_addrtype.c
xt_bpf.c
xt_cluster.c
xt_comment.c
xt_connbytes.c
xt_connlabel.c
xt_connlimit.c
xt_connmark.c Import latest Samsung release 2017-04-18 03:43:52 +02:00
xt_conntrack.c
xt_cpu.c
xt_dccp.c
xt_devgroup.c
xt_dscp.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c netfilter: x_tables: add and use xt_check_proc_name 2019-07-27 22:08:34 +02:00
xt_helper.c
xt_hl.c
xt_iprange.c
xt_ipvs.c
xt_length.c
xt_limit.c
xt_mac.c
xt_mark.c
xt_multiport.c
xt_nat.c
xt_nfacct.c
xt_osf.c netfilter: xt_osf: Add missing permission checks 2019-07-27 21:45:53 +02:00
xt_owner.c
xt_physdev.c
xt_pkttype.c
xt_policy.c
xt_qtaguid.c BACKPORT: ANDROID: Use sk_uid to replace uid get from socket file 2019-07-27 21:51:34 +02:00
xt_qtaguid_internal.h BACKPORT: ANDROID: Use sk_uid to replace uid get from socket file 2019-07-27 21:51:34 +02:00
xt_qtaguid_print.c ANDROID: Add untag hacks to inet_release function 2019-07-27 21:50:41 +02:00
xt_qtaguid_print.h
xt_quota.c
xt_quota2.c Import latest Samsung release 2017-04-18 03:43:52 +02:00
xt_rateest.c
xt_realm.c
xt_recent.c netfilter: x_tables: add and use xt_check_proc_name 2019-07-27 22:08:34 +02:00
xt_repldata.h
xt_sctp.c
xt_set.c
xt_socket.c netfilter: xt_socket: add XT_SOCKET_RESTORESKMARK flag 2015-12-14 09:53:08 -07:00
xt_state.c
xt_statistic.c
xt_string.c
xt_tcpmss.c
xt_tcpudp.c
xt_time.c
xt_u32.c