iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Eric Dumazet aec9cfdd09 ipv4: ensure rcu_read_lock() in ipv4_link_failure() 
[ Upstream commit c543cb4a5f07e09237ec0fc2c60c9f131b2c79ad ]

fib_compute_spec_dst() needs to be called under rcu protection.

syzbot reported :

WARNING: suspicious RCU usage
5.1.0-rc4+ #165 Not tainted
include/linux/inetdevice.h:220 suspicious rcu_dereference_check() usage!

other info that might help us debug this:

rcu_scheduler_active = 2, debug_locks = 1
1 lock held by swapper/0/0:
 #0: 0000000051b67925 ((&n->timer)){+.-.}, at: lockdep_copy_map include/linux/lockdep.h:170 [inline]
 #0: 0000000051b67925 ((&n->timer)){+.-.}, at: call_timer_fn+0xda/0x720 kernel/time/timer.c:1315

stack backtrace:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.1.0-rc4+ #165
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:5162
 __in_dev_get_rcu include/linux/inetdevice.h:220 [inline]
 fib_compute_spec_dst+0xbbd/0x1030 net/ipv4/fib_frontend.c:294
 spec_dst_fill net/ipv4/ip_options.c:245 [inline]
 __ip_options_compile+0x15a7/0x1a10 net/ipv4/ip_options.c:343
 ipv4_link_failure+0x172/0x400 net/ipv4/route.c:1195
 dst_link_failure include/net/dst.h:427 [inline]
 arp_error_report+0xd1/0x1c0 net/ipv4/arp.c:297
 neigh_invalidate+0x24b/0x570 net/core/neighbour.c:995
 neigh_timer_handler+0xc35/0xf30 net/core/neighbour.c:1081
 call_timer_fn+0x190/0x720 kernel/time/timer.c:1325
 expire_timers kernel/time/timer.c:1362 [inline]
 __run_timers kernel/time/timer.c:1681 [inline]
 __run_timers kernel/time/timer.c:1649 [inline]
 run_timer_softirq+0x652/0x1700 kernel/time/timer.c:1694
 __do_softirq+0x266/0x95a kernel/softirq.c:293
 invoke_softirq kernel/softirq.c:374 [inline]
 irq_exit+0x180/0x1d0 kernel/softirq.c:414
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x14a/0x570 arch/x86/kernel/apic/apic.c:1062
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807

Fixes: ed0de45a1008 ("ipv4: recompile ip options in ipv4_link_failure")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Stephen Suryaputra <ssuryaextr@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-04-27 09:34:41 +02:00
..
6lowpan
6lowpan: iphc: reset mac_header after decompress to fix panic
2018-10-03 17:01:42 -07:00
9p
9p: do not trust pdu content for stat item size
2019-04-20 09:07:51 +02:00
802
8021q
vlan: also check phy_driver ts_info for vlan's real device
2018-04-13 19:48:34 +02:00
appletalk
appletalk: Fix use-after-free in atalk_proc_exit
2019-04-20 09:07:53 +02:00
atm
net: atm: Fix potential Spectre v1 vulnerabilities
2019-04-27 09:34:40 +02:00
ax25
ax25: fix possible use-after-free
2019-02-23 09:05:59 +01:00
batman-adv
batman-adv: fix uninit-value in batadv_interface_tx()
2019-02-27 10:07:00 +01:00
bluetooth
Bluetooth: Verify that l2cap_get_conf_opt provides large enough buffer
2019-04-03 06:24:13 +02:00
bridge
net: bridge: multicast: use rcu to access port list from br_multicast_start_querier
2019-04-27 09:34:40 +02:00
caif
net: caif: Add a missing rcu_read_unlock() in caif_flow_cb
2018-09-05 09:20:00 +02:00
can
can: bcm: check timer values before ktime conversion
2019-01-31 08:12:36 +01:00
ceph
libceph: wait for latest osdmap in ceph_monc_blacklist_add()
2019-03-27 14:13:02 +09:00
core
net: ethtool: not call vzalloc for zero sized memory request
2019-04-17 08:36:46 +02:00
dcb
net: dcb: For wild-card lookups, use priority -1, not 0
2018-09-19 22:47:15 +02:00
dccp
dccp: do not use ipv6 header for ipv4 flow
2019-04-03 06:24:14 +02:00
decnet
dn_getsockoptdecnet: move nf_{get/set}sockopt outside sock lock
2018-02-25 11:05:44 +01:00
dns_resolver
KEYS: DNS: fix parsing multiple options
2018-07-22 14:27:39 +02:00
dsa
net: dsa: slave: Don't propagate flag changes on down slave interfaces
2019-02-12 19:45:00 +01:00
ethernet
net: introduce device min_header_len
2017-02-18 15:11:43 +01:00
hsr
net/hsr: fix possible crash in add_timer()
2019-03-19 13:14:08 +01:00
ieee802154
ieee802154: lowpan_header_create check must check daddr
2019-01-09 16:16:40 +01:00
ipv4
ipv4: ensure rcu_read_lock() in ipv4_link_failure()
2019-04-27 09:34:41 +02:00
ipv6
ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type
2019-04-17 08:36:46 +02:00
ipx
ipx: call ipxitf_put() in ioctl error path
2017-05-25 15:44:41 +02:00
irda
irda: Only insert new objects into the global database via setsockopt
2018-09-15 09:43:01 +02:00
iucv
net/iucv: Free memory obtained by kzalloc
2018-03-31 18:11:34 +02:00
kcm
kcm: switch order of device registration to fix a crash
2019-04-17 08:36:44 +02:00
key
af_key: Always verify length of provided sadb_key
2018-06-16 09:52:32 +02:00
l2tp
l2tp: fix infoleak in l2tp_ip6_recvmsg()
2019-03-19 13:14:08 +01:00
l3mdev
net: ipv6: Remove l3mdev_get_saddr6
2016-09-10 23:12:53 -07:00
lapb
llc
llc: do not use sk_eat_skb()
2018-12-01 09:44:19 +01:00
mac80211
mac80211: Add attribute aligned(2) to struct 'action'
2019-03-05 17:57:06 +01:00
mac802154
net: mac802154: tx: expand tailroom if necessary
2018-09-09 20:01:19 +02:00
mpls
mpls, nospec: Sanitize array index in mpls_label_ok()
2018-03-11 16:21:34 +01:00
ncsi
net/ncsi: Improve HNCDSC AEN handler
2016-10-20 11:23:08 -04:00
netfilter
netfilter: physdev: relax br_netfilter dependency
2019-04-05 22:29:14 +02:00
netlabel
netlabel: fix out-of-bounds memory accesses
2019-03-13 14:04:53 -07:00
netlink
netlink: Don't shift on 64 for ngroups
2018-08-09 12:17:59 +02:00
netrom
netrom: switch to sock timer API
2019-02-06 17:33:27 +01:00
nfc
net: nfc: Fix NULL dereference on nfc_llcp_build_tlv fails
2019-03-13 14:04:53 -07:00
openvswitch
openvswitch: fix flow actions reallocation
2019-04-17 08:36:44 +02:00
packet
packets: Always register packet sk in the same order
2019-04-03 06:24:15 +02:00
phonet
phonet: fix building with clang
2019-03-23 13:19:44 +01:00
qrtr
net: qrtr: Broadcast messages only from control port
2018-08-24 13:12:36 +02:00
rds
net: rds: force to destroy connection if t_sock is NULL in rds_tcp_kill_sock().
2019-04-17 08:36:44 +02:00
rfkill
rfkill: gpio: fix memory leak in probe error path
2018-05-16 10:08:43 +02:00
rose
net: rose: fix a possible stack overflow
2019-04-03 06:24:14 +02:00
rxrpc
rxrpc: Fix client call queueing, waiting for channel
2019-03-19 13:14:10 +01:00
sched
net: netem: fix skb length BUG_ON in __skb_to_sgvec
2019-03-13 14:04:53 -07:00
sctp
sctp: initialize _pad of sockaddr_in before copying to user memory
2019-04-17 08:36:45 +02:00
strparser
strparser: Fix incorrect strp->need_bytes value.
2018-04-29 11:32:02 +02:00
sunrpc
sunrpc: handle ENOMEM in rpcb_getport_async
2019-01-23 08:10:55 +01:00
switchdev
switchdev: Execute bridge ndos only for bridge ports
2016-10-19 10:58:04 -04:00
tipc
tipc: fix uninit-value in tipc_nl_compat_doit
2019-01-23 08:10:56 +01:00
unix
missing barriers in some of unix_sock ->addr and ->path accesses
2019-03-19 13:14:10 +01:00
vmw_vsock
vsock/virtio: reset connected sockets on device removal
2019-03-13 14:05:00 -07:00
wimax
wireless
cfg80211: size various nl80211 messages correctly
2019-04-03 06:24:14 +02:00
x25
net/x25: fix a race in x25_bind()
2019-03-19 13:14:09 +01:00
xfrm
xfrm: refine validation of template and selector families
2019-02-15 08:07:39 +01:00
compat.c
sock: Make sock->sk_stamp thread-safe
2019-01-09 16:16:41 +01:00
Kconfig
Makefile
socket.c
net: socket: fix a missing-check bug
2018-11-10 07:42:58 -08:00
sysctl_net.c
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
2016-10-06 09:52:23 -07:00