iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
525f20b755
linux/net/ipv6
History
Ziyang Xuan 06a0716949 ipv6/addrconf: fix a potential refcount underflow for idev 
Now in addrconf_mod_rs_timer(), reference idev depends on whether
rs_timer is not pending. Then modify rs_timer timeout.

There is a time gap in [1], during which if the pending rs_timer
becomes not pending. It will miss to hold idev, but the rs_timer
is activated. Thus rs_timer callback function addrconf_rs_timer()
will be executed and put idev later without holding idev. A refcount
underflow issue for idev can be caused by this.

	if (!timer_pending(&idev->rs_timer))
		in6_dev_hold(idev);
		  <--------------[1]
	mod_timer(&idev->rs_timer, jiffies + when);

To fix the issue, hold idev if mod_timer() return 0.

Fixes: b7b1bfce0b ("ipv6: split duplicate address detection and router solicitation timer")
Suggested-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: Ziyang Xuan <william.xuanziyang@huawei.com>
Reviewed-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2023-07-09 11:19:01 +01:00
..
ila ila: do not generate empty messages in ila_xlat_nl_cmd_get_mapping() 2023-03-01 08:48:46 +00:00
netfilter Revert "net: Remove low_thresh in ip defrag" 2023-05-16 20:46:30 -07:00
addrconf_core.c
addrconf.c ipv6/addrconf: fix a potential refcount underflow for idev 2023-07-09 11:19:01 +01:00
addrlabel.c
af_inet6.c sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
ah6.c net: ipv6: Remove completion function scaffolding 2023-02-13 18:35:15 +08:00
anycast.c
calipso.c
datagram.c ipv6: Fix datagram socket connection with DSCP. 2023-02-09 22:49:04 -08:00
esp6_offload.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-06-22 18:40:38 -07:00
esp6.c net: ipv6: Remove completion function scaffolding 2023-02-13 18:35:15 +08:00
exthdrs_core.c ipv6: Fix out-of-bounds access in ipv6_find_tlv() 2023-05-24 08:43:39 +01:00
exthdrs_offload.c
exthdrs.c ipv6: exthdrs: Remove redundant skb_headlen() check in ip6_parse_tlv(). 2023-06-19 11:32:58 -07:00
fib6_notifier.c
fib6_rules.c
fou6.c
icmp.c icmp6: Fix null-ptr-deref of ip6_null_entry->rt6i_idev in icmp6_dev(). 2023-07-08 10:08:54 +01:00
inet6_connection_sock.c net: annotate lockless accesses to sk->sk_err_soft 2023-03-17 08:25:05 +00:00
inet6_hashtables.c
ioam6_iptunnel.c
ioam6.c
ip6_checksum.c
ip6_fib.c ipv6: remove nexthop_fib6_nh_bh() 2023-05-11 18:07:05 -07:00
ip6_flowlabel.c ipv6: flowlabel: do not disable BH where not needed 2023-03-21 21:32:18 -07:00
ip6_gre.c erspan: get the proto with the md version for collect_md 2023-05-13 16:58:58 +01:00
ip6_icmp.c
ip6_input.c netfilter: keep conntrack reference until IPsecv6 policy checks are done 2023-03-22 21:50:23 +01:00
ip6_offload.c net: move gso declarations and functions to their own files 2023-06-10 00:11:41 -07:00
ip6_offload.h
ip6_output.c ip, ip6: Fix splice to raw and ping sockets 2023-06-16 11:45:16 -07:00
ip6_tunnel.c net: tunnels: annotate lockless accesses to dev->needed_headroom 2023-03-15 00:04:04 -07:00
ip6_udp_tunnel.c
ip6_vti.c ipv6: tunnels: use DEV_STATS_INC() 2022-11-16 12:48:44 +00:00
ip6mr.c net: ioctl: Use kernel memory on protocol ioctl callbacks 2023-06-15 22:33:26 -07:00
ipcomp6.c
ipv6_sockglue.c net/ipv6: Initialise msg_control_is_user 2023-04-14 11:09:27 +01:00
Kconfig
Makefile
mcast_snoop.c
mcast.c ipv6: constify inet6_mc_check() 2023-03-17 08:56:37 +00:00
mip6.c
ndisc.c neighbour: annotate lockless accesses to n->nud_state 2023-03-15 00:37:32 -07:00
netfilter.c
output_core.c treewide: use get_random_u32_{above,below}() instead of manual loop 2022-11-18 02:15:22 +01:00
ping.c ping6: Fix send to link-local addresses with VRF. 2023-06-08 18:59:57 -07:00
proc.c icmp: Add counters for rate limits 2023-01-26 10:52:18 +01:00
protocol.c
raw.c sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
reassembly.c Revert "net: Remove low_thresh in ip defrag" 2023-05-16 20:46:30 -07:00
route.c ipv6: also use netdev_hold() in ip6_route_check_nh() 2023-06-18 14:27:45 +01:00
rpl_iptunnel.c net: ipv6: rpl_iptunnel: Replace 0-length arrays with flexible arrays 2023-01-06 19:28:01 -08:00
rpl.c ipv6: rpl: Remove pskb(_may)?_pull() in ipv6_rpl_srh_rcv(). 2023-06-19 11:32:58 -07:00
seg6_hmac.c
seg6_iptunnel.c seg6: Cleanup duplicates of skb_dst_drop calls 2023-05-17 09:05:47 +01:00
seg6_local.c seg6: add PSP flavor support for SRv6 End behavior 2023-02-16 13:18:06 +01:00
seg6.c
sit.c sit: update dev->needed_headroom in ipip6_tunnel_bind_dev() 2023-04-28 09:48:14 +01:00
syncookies.c
sysctl_net_ipv6.c
tcp_ipv6.c sock: Remove ->sendpage*() in favour of sendmsg(MSG_SPLICE_PAGES) 2023-06-24 15:50:13 -07:00
tcpv6_offload.c net: Make gro complete function to return void 2023-05-31 09:50:17 +01:00
tunnel6.c
udp_impl.h
udp_offload.c net: move gso declarations and functions to their own files 2023-06-10 00:11:41 -07:00
udp.c udp6: fix udp6_ehashfn() typo 2023-07-08 15:20:48 +01:00
udplite.c udplite: Print deprecation notice. 2023-06-15 15:08:58 -07:00
xfrm6_input.c xfrm: fix inbound ipv4/udp/esp packets to UDPv6 dualstack sockets 2023-06-09 08:16:34 +02:00
xfrm6_output.c
xfrm6_policy.c net: dst: fix missing initialization of rt_uncached 2023-04-21 20:26:56 -07:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c