iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9edd7ca0a3
linux/net
History
Patrick McHardy 9edd7ca0a3 netfilter: nf_conntrack: fix memory corruption with multiple namespaces 
As discovered by Jon Masters <jonathan@jonmasters.org>, the "untracked"
conntrack, which is located in the data section, might be accidentally
freed when a new namespace is instantiated while the untracked conntrack
is attached to a skb because the reference count it re-initialized.

The best fix would be to use a seperate untracked conntrack per
namespace since it includes a namespace pointer. Unfortunately this is
not possible without larger changes since the namespace is not easily
available everywhere we need it. For now move the untracked conntrack
initialization to the init_net setup function to make sure the reference
count is not re-initialized and handle cleanup in the init_net cleanup
function to make sure namespaces can exit properly while the untracked
conntrack is in use in other namespaces.

Cc: stable@kernel.org
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-02-08 11:16:26 -08:00
..
9p 9p connect fixes 2009-12-16 12:16:41 -05:00
802 sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00
8021q vlan: fix vlan_skb_recv() 2010-01-24 19:52:24 -08:00
appletalk appletalk:: da.s_net not copied but assigned to itself in aarp_rcv() 2010-01-15 01:49:28 -08:00
atm atm: [br2684] allow routed mode operation again 2009-12-08 20:22:31 -08:00
ax25 ax25: netrom: rose: Fix timer oopses 2010-01-16 01:04:04 -08:00
bluetooth Bluetooth: Use the control channel for raw HID reports 2010-01-30 05:57:39 -08:00
bridge netfilter: ebtables: enforce CAP_NET_ADMIN 2010-01-08 17:31:24 +01:00
can net: Move && and || to end of previous line 2009-11-29 16:55:45 -08:00
core pktgen: Fix freezing problem 2010-02-04 14:00:41 -08:00
dcb net: Move && and || to end of previous line 2009-11-29 16:55:45 -08:00
dccp dccp: fix auto-loading of dccp(_probe) 2010-02-03 19:00:31 -08:00
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
dsa netdev: convert pseudo-devices to netdev_tx_t 2009-09-01 01:13:07 -07:00
econet net: use net_eq to compare nets 2009-11-25 15:14:13 -08:00
ethernet remove deprecated and not used: print_mac() 2009-11-15 22:21:34 -08:00
ieee802154 net: use net_eq to compare nets 2009-11-25 15:14:13 -08:00
ipv4 tcp_probe: avoid modulus operation and wrap fix 2010-01-25 15:47:50 -08:00
ipv6 ipv6: conntrack: Add member of user to nf_ct_frag6_queue structure 2010-01-26 05:13:27 -08:00
ipx Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
irda irda: add missing BKL in irnet_ppp ioctl 2010-02-03 20:14:23 -08:00
iucv const: constify remaining dev_pm_ops 2009-12-15 08:53:25 -08:00
key af_key: fix netns ops ordering on module load/unload 2010-02-03 18:11:11 -08:00
lapb net: remove NET_RX_BAD and NET_RX_CN* defines 2009-07-05 19:15:35 -07:00
llc Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
mac80211 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/linville/wireless-2.6 2010-01-28 05:42:33 -08:00
netfilter netfilter: nf_conntrack: fix memory corruption with multiple namespaces 2010-02-08 11:16:26 -08:00
netlabel Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2009-12-09 19:43:33 -08:00
netlink netlink: fix for too early rmmod 2010-02-03 18:13:43 -08:00
netrom ax25: netrom: rose: Fix timer oopses 2010-01-16 01:04:04 -08:00
packet af_packet: Don't use skb after dev_queue_xmit() 2010-01-11 15:39:42 -08:00
phonet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
rds Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/roland/infiniband 2009-12-16 10:32:31 -08:00
rfkill net/rfkill/core.c: work around gcc-4.0.2 silliness 2009-12-07 16:51:23 -05:00
rose ax25: netrom: rose: Fix timer oopses 2010-01-16 01:04:04 -08:00
rxrpc net: use net_eq to compare nets 2009-11-25 15:14:13 -08:00
sched Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2009-12-09 19:43:33 -08:00
sctp net/sctp/socket.c: squish warning 2010-01-03 21:25:53 -08:00
sunrpc Merge branch 'bugfixes' of git://git.linux-nfs.org/projects/trondmy/nfs-2.6 2010-01-08 13:55:14 -08:00
tipc net: Move && and || to end of previous line 2009-11-29 16:55:45 -08:00
unix Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
wanrouter headers: smp_lock.h redux 2009-07-12 12:22:34 -07:00
wimax Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2009-12-09 19:43:33 -08:00
wireless cfg80211: fix channel setting for wext 2010-01-14 17:14:58 -05:00
x25 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6 2009-12-08 07:55:01 -08:00
xfrm netns xfrm: deal with dst entries in netns 2010-01-24 22:47:53 -08:00
compat.c net: use compat helper functions in compat_sys_recvmmsg 2009-12-11 15:07:57 -08:00
Kconfig net/compat/wext: send different messages to compat tasks 2009-07-15 08:53:39 -07:00
Makefile net: remove redundant sched/ in net/Makefile 2009-07-12 20:11:14 -07:00
nonet.c
socket.c fs: no games with DCACHE_UNHASHED 2009-12-17 10:51:40 -05:00
sysctl_net.c
TUNABLE