iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Eric Dumazet c543cb4a5f ipv4: ensure rcu_read_lock() in ipv4_link_failure() 
fib_compute_spec_dst() needs to be called under rcu protection.

syzbot reported :

WARNING: suspicious RCU usage
5.1.0-rc4+ #165 Not tainted
include/linux/inetdevice.h:220 suspicious rcu_dereference_check() usage!

other info that might help us debug this:

rcu_scheduler_active = 2, debug_locks = 1
1 lock held by swapper/0/0:
 #0: 0000000051b67925 ((&n->timer)){+.-.}, at: lockdep_copy_map include/linux/lockdep.h:170 [inline]
 #0: 0000000051b67925 ((&n->timer)){+.-.}, at: call_timer_fn+0xda/0x720 kernel/time/timer.c:1315

stack backtrace:
CPU: 0 PID: 0 Comm: swapper/0 Not tainted 5.1.0-rc4+ #165
Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011
Call Trace:
 <IRQ>
 __dump_stack lib/dump_stack.c:77 [inline]
 dump_stack+0x172/0x1f0 lib/dump_stack.c:113
 lockdep_rcu_suspicious+0x153/0x15d kernel/locking/lockdep.c:5162
 __in_dev_get_rcu include/linux/inetdevice.h:220 [inline]
 fib_compute_spec_dst+0xbbd/0x1030 net/ipv4/fib_frontend.c:294
 spec_dst_fill net/ipv4/ip_options.c:245 [inline]
 __ip_options_compile+0x15a7/0x1a10 net/ipv4/ip_options.c:343
 ipv4_link_failure+0x172/0x400 net/ipv4/route.c:1195
 dst_link_failure include/net/dst.h:427 [inline]
 arp_error_report+0xd1/0x1c0 net/ipv4/arp.c:297
 neigh_invalidate+0x24b/0x570 net/core/neighbour.c:995
 neigh_timer_handler+0xc35/0xf30 net/core/neighbour.c:1081
 call_timer_fn+0x190/0x720 kernel/time/timer.c:1325
 expire_timers kernel/time/timer.c:1362 [inline]
 __run_timers kernel/time/timer.c:1681 [inline]
 __run_timers kernel/time/timer.c:1649 [inline]
 run_timer_softirq+0x652/0x1700 kernel/time/timer.c:1694
 __do_softirq+0x266/0x95a kernel/softirq.c:293
 invoke_softirq kernel/softirq.c:374 [inline]
 irq_exit+0x180/0x1d0 kernel/softirq.c:414
 exiting_irq arch/x86/include/asm/apic.h:536 [inline]
 smp_apic_timer_interrupt+0x14a/0x570 arch/x86/kernel/apic/apic.c:1062
 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:807

Fixes: ed0de45a1008 ("ipv4: recompile ip options in ipv4_link_failure")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Stephen Suryaputra <ssuryaextr@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-14 13:43:17 -07:00
..
6lowpan
6lowpan: fix debugfs_simple_attr.cocci warnings
2019-01-22 09:51:19 +01:00
9p
9p/net: fix memory leak in p9_client_create
2019-03-13 11:50:04 +01:00
802
8021q
vlan: conditional inclusion of FCoE hooks to match netdevice.h and bnx2x
2019-04-04 17:18:34 -07:00
appletalk
appletalk: Fix potential NULL pointer dereference in unregister_snap_client
2019-03-15 11:25:48 -07:00
atm
net: atm: Add another IS_ENABLED(CONFIG_COMPAT) in atm_dev_ioctl
2019-03-07 10:14:50 -08:00
ax25
ax25: fix possible use-after-free
2019-01-23 11:18:00 -08:00
batman-adv
batman-adv: Fix genl notification for throughput_override
2019-03-25 09:31:19 +01:00
bluetooth
Bluetooth: Check address length before reading address field
2019-04-12 10:25:03 -07:00
bpf
bpf: fix warning about using plain integer as NULL
2019-03-08 21:17:07 +01:00
bpfilter
bpfilter: re-add header search paths to tools include to fix build error
2019-02-23 13:34:40 -08:00
bridge
net: bridge: multicast: use rcu to access port list from br_multicast_start_querier
2019-04-11 11:13:51 -07:00
caif
net: caif: use skb helpers instead of open-coding them
2019-02-17 11:01:17 -08:00
can
can: bcm: check timer values before ktime conversion
2019-01-22 11:33:46 +01:00
ceph
libceph: fix breakage caused by multipage bvecs
2019-03-25 22:28:07 +01:00
core
bpf: Check address length before reading address family
2019-04-12 10:25:03 -07:00
dcb
dccp
dccp: Fix memleak in __feat_register_sp
2019-04-01 18:15:10 -07:00
decnet
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2019-01-29 21:18:54 -08:00
dns_resolver
dns: Allow the dns resolver to retrieve a server set
2018-10-04 09:40:52 -07:00
dsa
net: dsa: Implement flow_dissect callback for tag_qca
2019-03-28 16:57:19 -07:00
ethernet
net/ethernet: Add parse_protocol header_ops support
2019-02-22 12:55:31 -08:00
hsr
net/hsr: fix possible crash in add_timer()
2019-03-07 11:02:08 -08:00
ieee802154
net: remove unused struct inet_frag_queue.fragments field
2019-02-26 08:27:05 -08:00
ife
ipv4
ipv4: ensure rcu_read_lock() in ipv4_link_failure()
2019-04-14 13:43:17 -07:00
ipv6
udpv6: Check address length before reading address family
2019-04-12 10:25:03 -07:00
iucv
iucv: Remove SKB list assumptions.
2018-11-10 16:55:11 -08:00
kcm
kcm: switch order of device registration to fix a crash
2019-04-01 14:59:20 -07:00
key
af_key: unconditionally clone on broadcast
2019-02-12 10:36:42 +01:00
l2tp
l2tp: fix infoleak in l2tp_ip6_recvmsg()
2019-03-13 14:19:35 -07:00
l3mdev
l3mdev: add function to retreive upper master
2018-12-03 14:15:26 -08:00
lapb
llc
llc: Check address length before reading address field
2019-04-12 10:25:03 -07:00
mac80211
mac80211: Honor SW_CRYPTO_CONTROL for unicast keys in AP VLAN mode
2019-04-09 13:40:32 +02:00
mac802154
mpls
mpls: Fix 6PE forwarding
2019-03-19 16:00:22 -07:00
ncsi
net: ncsi: fix a missing check for nla_nest_start
2019-03-16 11:44:33 -07:00
netfilter
netfilter: nf_tables: add missing ->release_ops() in error path of newrule()
2019-03-20 08:32:58 +01:00
netlabel
netlabel: fix out-of-bounds memory accesses
2019-02-27 21:45:24 -08:00
netlink
net: netlink: Check address length before reading groups field
2019-04-12 10:25:03 -07:00
netrom
net: netrom: Fix error cleanup path of nr_proto_init
2019-04-11 13:59:49 -07:00
nfc
NFC: nci: Add some bounds checking in nci_hci_cmd_received()
2019-04-06 15:05:07 -07:00
nsh
openvswitch
openvswitch: fix flow actions reallocation
2019-03-28 17:15:44 -07:00
packet
net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec
2019-03-20 10:46:50 -07:00
phonet
phonet: fix building with clang
2019-02-21 16:23:56 -08:00
psample
qrtr
mm: replace all open encodings for NUMA_NO_NODE
2019-03-05 21:07:14 -08:00
rds
net/rds: Check address length before reading address family
2019-04-12 10:25:03 -07:00
rfkill
rfkill: gpio: Remove unused include
2018-12-18 13:13:56 +01:00
rose
net: rose: fix a possible stack overflow
2019-03-18 16:53:22 -07:00
rxrpc
rxrpc: Fix detection of out of order acks
2019-04-12 16:57:23 -07:00
sched
sch_cake: Make sure we can write the IP header before changing DSCP bits
2019-04-04 10:55:59 -07:00
sctp
sctp: Check address length before reading address family
2019-04-12 10:25:03 -07:00
smc
net/smc: move unhash before release of clcsock
2019-04-11 11:04:08 -07:00
strparser
net: strparser: partially revert "strparser: Call skb_unclone conditionally"
2019-04-10 13:07:02 -07:00
sunrpc
SUNRPC: fix uninitialized variable warning
2019-03-26 13:04:32 -07:00
switchdev
switchdev: Remove unused transaction item queue
2019-03-01 21:35:19 -08:00
tipc
tipc: missing entries in name table of publications
2019-04-10 22:58:09 -07:00
tls
net/tls: fix build without CONFIG_TLS_DEVICE
2019-04-10 17:23:26 -07:00
unix
io_uring-2019-03-06
2019-03-08 14:48:40 -08:00
vmw_vsock
vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock
2019-03-08 15:15:44 -08:00
wimax
wireless
nl80211: Add NL80211_FLAG_CLEAR_SKB flag for other NL commands
2019-03-29 11:23:09 +01:00
x25
net/x25: reset state in x25_connect()
2019-03-11 15:40:14 -07:00
xdp
xsk: fix umem memory leak on cleanup
2019-03-16 01:27:51 +01:00
xfrm
xfrm: Fix inbound traffic via XFRM interfaces across network namespaces
2019-02-18 10:58:54 +01:00
compat.c
Merge branch 'timers-2038-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip
2019-03-05 14:08:26 -08:00
Kconfig
net: devlink: turn devlink into a built-in
2019-02-26 08:49:05 -08:00
Makefile
net: split out functions related to registering inflight socket files
2019-02-28 08:24:23 -07:00
socket.c
net: add documentation to socket.c
2019-03-15 15:29:47 -07:00
sysctl_net.c