linux/include/net
Eric Dumazet 92f1655aa2 net: fix __dst_negative_advice() race
__dst_negative_advice() does not enforce proper RCU rules when
sk->dst_cache must be cleared, leading to possible UAF.

RCU rules are that we must first clear sk->sk_dst_cache,
then call dst_release(old_dst).

Note that sk_dst_reset(sk) is implementing this protocol correctly,
while __dst_negative_advice() uses the wrong order.

Given that ip6_negative_advice() has special logic
against RTF_CACHE, this means each of the three ->negative_advice()
existing methods must perform the sk_dst_reset() themselves.

Note the check against NULL dst is centralized in
__dst_negative_advice(), there is no need to duplicate
it in various callbacks.

Many thanks to Clement Lecigne for tracking this issue.

This old bug became visible after the blamed commit, using UDP sockets.

Fixes: a87cb3e48e ("net: Facility to report route quality of connected sockets")
Reported-by: Clement Lecigne <clecigne@google.com>
Diagnosed-by: Clement Lecigne <clecigne@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Tom Herbert <tom@herbertland.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Link: https://lore.kernel.org/r/20240528114353.1794151-1-edumazet@google.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2024-05-29 17:34:49 -07:00
..
9p netfs, 9p: Implement helpers for new write code 2024-05-01 18:07:37 +01:00
bluetooth Bluetooth: hci_core: Fix not handling hdev->le_num_of_adv_sets=1 2024-05-14 10:56:37 -04:00
caif net: caif: Remove unused declaration cfsrvl_ctrlcmd() 2023-08-10 18:24:48 -07:00
iucv s390/iucv: Unexport iucv_root 2024-05-14 20:21:04 +02:00
libeth libeth: add Rx buffer management 2024-04-24 11:06:25 -07:00
mana Merge branch mana-ib-flex of git://git.kernel.org/pub/scm/linux/kernel/git/rdma/rdma.git 2024-04-11 07:38:28 -07:00
netfilter netfilter: nf_tables: allow clone callbacks to sleep 2024-05-10 11:13:45 +02:00
netns net: Namespace-ify sysctl_optmem_max 2023-12-15 11:01:27 +00:00
nfc nfc: core: make nfc_class constant 2024-03-05 11:21:18 -08:00
page_pool page_pool: fix &page_pool_params kdoc issues 2024-05-27 17:00:22 -07:00
phonet net: ioctl: Use kernel memory on protocol ioctl callbacks 2023-06-15 22:33:26 -07:00
sctp sctp: preserve const qualifier in sctp_sk() 2024-02-05 11:08:06 +00:00
tc_act net/sched: Retire ipt action 2024-01-02 12:41:16 +00:00
6lowpan.h
act_api.h net/sched: Add helper macros with module names 2024-02-02 10:57:55 -08:00
addrconf.h ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr 2024-04-09 17:09:05 -07:00
af_ieee802154.h
af_rxrpc.h rxrpc, afs: Allow afs to pin rxrpc_peer objects 2023-12-24 15:22:50 +00:00
af_unix.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-04-25 12:41:37 -07:00
af_vsock.h virtio/vsock: send credit update during setting SO_RCVLOWAT 2023-12-15 10:37:35 +00:00
ah.h
amt.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
arp.h neighbour: switch to standard rcu, instead of rcu_bh 2023-03-21 21:32:18 -07:00
atmclip.h
ax25.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-05-14 10:53:19 -07:00
ax88796.h ax88796: Fix some typo in a comment 2022-08-09 22:14:02 -07:00
bareudp.h bareudp: Move definition of struct bareudp_conf to bareudp.c 2021-12-13 12:34:09 +00:00
bond_3ad.h bonding: Add independent control state machine 2024-02-06 13:17:54 +01:00
bond_alb.h bonding (gcc13): synchronize bond_{a,t}lb_xmit() types 2022-11-02 20:38:13 -07:00
bond_options.h bonding: Add independent control state machine 2024-02-06 13:17:54 +01:00
bonding.h bonding: Add independent control state machine 2024-02-06 13:17:54 +01:00
bpf_sk_storage.h
busy_poll.h net: add napi_busy_loop_rcu() 2024-02-09 10:01:09 -08:00
calipso.h
cfg80211-wext.h wifi: cfg80211: Avoid clashing function prototypes 2022-11-16 11:31:47 +02:00
cfg80211.h wifi: cfg80211: handle color change per link 2024-05-03 10:18:03 +02:00
cfg802154.h mac802154: fix llsec key resources release in mac802154_llsec_key_del 2024-03-06 21:01:26 +01:00
checksum.h net: checksum: drop the linux/uaccess.h include 2023-01-27 11:19:46 +00:00
cipso_ipv4.h netlabel: fix RCU annotation for IPv4 options on socket creation 2024-05-13 14:58:12 -07:00
cls_cgroup.h
codel_impl.h codel: remove unnecessary sock.h include 2021-12-22 15:03:47 -08:00
codel_qdisc.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
codel.h codel: fix kernel-doc notation warnings 2023-07-14 20:39:29 -07:00
compat.h net: copy from user before calling __get_compat_msghdr 2022-07-24 18:39:17 -06:00
datalink.h net: datalink: Remove unused declarations 2023-07-27 17:17:32 -07:00
dcbevent.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
dcbnl.h net: dcb: add helper functions to retrieve PCP and DSCP rewrite maps 2023-01-20 09:33:22 +00:00
devlink.h devlink: extend devlink_param *set pointer 2024-04-22 13:05:19 -07:00
dropreason-core.h tcp: introduce dropreasons in receive path 2024-02-28 10:39:21 +00:00
dropreason.h net: openvswitch: add last-action drop reason 2023-08-14 08:01:06 +01:00
dsa_stubs.h net: dsa: Use conduit and user terms 2023-10-24 13:08:14 -07:00
dsa.h net: dsa: add support switches global DSCP priority mapping 2024-05-08 10:35:10 +01:00
dscp.h net: add IEEE 802.1q specific helpers 2024-05-08 10:35:09 +01:00
dsfield.h
dst_cache.h net: dst_cache: annotate data-races around dst_cache->reset_ts 2024-05-08 18:49:51 -07:00
dst_metadata.h ip_tunnel: convert __be16 tunnel flags to bitmaps 2024-04-01 10:49:28 +01:00
dst_ops.h net: fix __dst_negative_advice() race 2024-05-29 17:34:49 -07:00
dst.h net: dst: Make dst_destroy() static and return void. 2024-02-06 11:45:53 +01:00
eee.h net: add helpers for EEE configuration 2024-03-05 19:21:17 -08:00
erspan.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
esp.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
espintcp.h inet: preserve const qualifier in inet_csk() 2024-04-01 21:27:08 -07:00
ethoc.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
failover.h net: failover: add net device refcount tracker 2021-12-06 16:06:02 -08:00
fib_notifier.h
fib_rules.h fib: remove unnecessary input parameters in fib_default_rule_add 2024-01-03 16:42:48 -08:00
firewire.h firewire: net: Make use of get_unaligned_be48(), put_unaligned_be48() 2022-07-28 22:21:54 -07:00
flow_dissector.h ip_tunnel: convert __be16 tunnel flags to bitmaps 2024-04-01 10:49:28 +01:00
flow_offload.h flow_offload: add control flag checking helpers 2024-04-15 10:33:14 +01:00
flow.h inet: shrink struct flowi_common 2023-11-02 09:31:02 +01:00
fou.h bpf,fou: Add bpf_skb_{set,get}_fou_encap kfuncs 2023-04-12 16:40:39 -07:00
fq_impl.h wifi: mac80211: add support for restricting netdev features per vif 2022-12-01 15:09:10 +01:00
fq.h net: fq: Remove unused typedef fq_flow_get_default_t 2023-08-08 15:58:23 -07:00
garp.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
gen_stats.h net: sched: Remove Qdisc::running sequence counter 2021-10-18 12:54:41 +01:00
genetlink.h genetlink: remove linux/genetlink.h 2024-04-01 21:44:34 -07:00
geneve.h net: geneve: fix array of flexible structures warnings 2022-10-31 10:43:04 +00:00
gre.h ip_tunnel: convert __be16 tunnel flags to bitmaps 2024-04-01 10:49:28 +01:00
gro_cells.h
gro.h net: gro: fix napi_gro_cb zeroed alignment 2024-05-14 10:49:50 -07:00
gso.h net: move gso declarations and functions to their own files 2023-06-10 00:11:41 -07:00
gtp.h gtp: properly parse extension headers 2024-05-07 01:35:55 +02:00
gue.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
handshake.h net/handshake: Add helpers for parsing incoming TLS Alerts 2023-07-28 14:07:59 -07:00
hotdata.h net: move sysctl_mem_pcpu_rsv to net_hotdata 2024-04-30 18:46:52 -07:00
hwbm.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
icmp.h
ieee8021q.h net: add IEEE 802.1q specific helpers 2024-05-08 10:35:09 +01:00
ieee80211_radiotap.h wifi: radiotap: add bandwidth definition of EHT U-SIG 2023-10-12 15:14:27 +03:00
ieee802154_netdev.h mac802154: Handle association requests from peers 2023-11-20 11:43:03 +01:00
if_inet6.h ipv6: anycast: complete RCU handling of struct ifacaddr6 2024-02-26 18:40:34 -08:00
ife.h
inet6_connection_sock.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
inet6_hashtables.h net: Fix slab-out-of-bounds in inet[6]_steal_sock 2023-08-15 13:57:51 -07:00
inet_common.h net: change proto and proto_ops accept type 2024-05-13 18:19:09 -06:00
inet_connection_sock.h net: change proto and proto_ops accept type 2024-05-13 18:19:09 -06:00
inet_dscp.h ipv6: Define dscp_t and stop taking ECN bits into account in fib6-rules 2022-02-07 20:12:45 -08:00
inet_ecn.h net: add skb_get_dsfield() helper 2021-10-15 11:33:08 +01:00
inet_frag.h inet: frags: eliminate kernel-doc warning 2023-07-14 20:39:29 -07:00
inet_hashtables.h tcp: Remove dead code and fields for bhash2. 2023-12-22 22:15:35 +00:00
inet_sock.h inet: Add getsockopt support for IP_ROUTER_ALERT and IPV6_ROUTER_ALERT 2024-03-06 12:37:06 +00:00
inet_timewait_sock.h tcp/dccp: do not care about families in inet_twsk_purge() 2024-04-01 21:27:58 -07:00
inetpeer.h
ioam6.h net: ioam6: multicast event 2024-02-28 11:19:41 +00:00
ip6_checksum.h net: move gro definitions to include/net/gro.h 2021-11-16 13:16:54 +00:00
ip6_fib.h ipv6: introduce dst_rt6_info() helper 2024-04-29 13:32:01 +01:00
ip6_route.h ipv6: introduce dst_rt6_info() helper 2024-04-29 13:32:01 +01:00
ip6_tunnel.h ip_tunnel: convert __be16 tunnel flags to bitmaps 2024-04-01 10:49:28 +01:00
ip_fib.h inet: allow ip_valid_fib_dump_req() to be called with RTNL or RCU 2024-02-26 11:46:12 +00:00
ip_tunnels.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-04-11 14:23:47 -07:00
ip_vs.h ipvs: Correct spelling in comments 2023-04-22 01:39:41 +02:00
ip.h inet: introduce dst_rtable() helper 2024-04-30 18:32:38 -07:00
ipcomp.h xfrm: ipcomp: add extack to ipcomp{4,6}_init_state 2022-09-29 07:18:00 +02:00
ipconfig.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
ipv6_frag.h net: dropreason: add SKB_DROP_REASON_FRAG_REASM_TIMEOUT 2022-10-31 20:14:27 -07:00
ipv6_stubs.h ipsec-next-2023-10-28 2023-10-30 14:36:57 -07:00
ipv6.h ipv6: annotate data-races around cnf.forwarding 2024-03-01 08:42:31 +00:00
iw_handler.h wifi: wext: Remove unused declaration dev_get_wireless_info() 2023-08-22 21:40:40 +02:00
kcm.h kcm: Send multiple frags in one sendmsg() 2023-06-12 21:13:23 -07:00
l3mdev.h
lag.h
lapb.h
lib80211.h
llc_c_ac.h net: llc: Remove unused function declarations 2023-08-04 15:33:17 -07:00
llc_c_ev.h net: llc: Remove unused function declarations 2023-08-04 15:33:17 -07:00
llc_c_st.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
llc_conn.h llc: Check netns in llc_estab_match() and llc_listener_match(). 2023-07-20 10:46:28 +02:00
llc_if.h llc/snap: constify dev_addr passing 2021-10-13 09:40:46 -07:00
llc_pdu.h llc: Drop support for ETH_P_TR_802_2. 2024-01-19 21:30:09 -08:00
llc_s_ac.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
llc_s_ev.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
llc_s_st.h add missing includes and forward declarations to networking includes under linux/ 2022-07-28 11:29:36 +02:00
llc_sap.h
llc.h llc: fix out-of-bound array index in llc_sk_dev_hash() 2021-11-07 19:25:29 +00:00
lwtunnel.h lwt: Check LWTUNNEL_XMIT_CONTINUE strictly 2023-08-18 16:05:26 +02:00
mac80211.h wifi: mac80211: handle color change per link 2024-05-03 10:18:19 +02:00
mac802154.h mac802154: Drop IEEE802154_HW_RX_DROP_BAD_CKSUM 2022-10-12 12:57:19 +02:00
macsec.h macsec: Enable devices to advertise whether they update sk_buff md_dst during offloads 2024-04-25 08:20:54 -07:00
mctp.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-02-29 14:24:56 -08:00
mctpdevice.h mctp: Pass flow data & flow release events to drivers 2021-10-29 13:23:51 +01:00
mip6.h
mld.h
mpls_iptunnel.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
mpls.h
mptcp.h mptcp: add net.mptcp.available_schedulers 2024-05-13 18:29:23 -07:00
mrp.h mrp: introduce active flags to prevent UAF when applicant uninit 2022-11-18 12:14:55 +00:00
ncsi.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
ndisc.h ndisc: Remove unused ndisc_ifinfo_sysctl_strategy() declaration 2023-08-07 08:53:55 +01:00
neighbour.h neighbour: Fix __randomize_layout crash in struct neighbour 2023-11-28 12:18:29 +01:00
net_debug.h net: add CONFIG_DEBUG_NET 2022-05-11 12:43:10 +01:00
net_failover.h
net_namespace.h net: add exit_batch_rtnl() method 2024-02-07 18:55:10 -08:00
net_ratelimit.h
net_trackers.h net: add networking namespace refcount tracker 2021-12-10 06:38:26 -08:00
netdev_queues.h netdev: Add queue stats for TX stop and wake 2024-05-13 14:58:36 -07:00
netdev_rx_queue.h net: Add queue and napi association 2023-12-04 18:04:05 -08:00
netevent.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
netkit.h bpf, netkit: Add indirect call wrapper for fetching peer dev 2023-11-20 10:15:16 -08:00
netlabel.h The usual shower of singleton fixes and minor series all over MM, 2024-05-19 09:21:03 -07:00
netlink.h The usual shower of singleton fixes and minor series all over MM, 2024-05-19 09:21:03 -07:00
netmem.h net: introduce abstraction for network memory 2024-02-20 09:22:58 +01:00
netprio_cgroup.h
netrom.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
nexthop.h net: add two more call_rcu_hurry() 2024-04-25 15:24:23 -07:00
nl802154.h ieee802154: Give the user the association list 2023-11-20 11:43:45 +01:00
nsh.h net: NSH: fix kernel-doc notation warning 2023-07-14 20:39:29 -07:00
p8022.h net: 802: Remove unused function declarations 2023-08-04 15:33:50 -07:00
pfcp.h pfcp: always set pfcp metadata 2024-04-01 10:49:28 +01:00
pie.h pie: fix kernel-doc notation warning 2023-07-14 20:39:30 -07:00
ping.h net/ipv4: ping_group_range: allow GID from 2147483648 to 4294967294 2023-06-02 09:55:22 +01:00
pkt_cls.h net: sched: make skip_sw actually skip software 2024-03-29 09:46:39 +00:00
pkt_sched.h net/sched: Add helper macros with module names 2024-02-02 10:57:55 -08:00
pptp.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
proto_memory.h net: move sysctl_mem_pcpu_rsv to net_hotdata 2024-04-30 18:46:52 -07:00
protocol.h ipv6: move tcp_ipv6_hash_secret and udp_ipv6_hash_secret to net_hotdata 2024-03-07 21:12:43 -08:00
psample.h
psnap.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
raw.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2023-04-06 12:01:20 -07:00
rawv6.h ipv6: raw: constify raw_v6_match() socket argument 2023-03-17 08:56:37 +00:00
red.h net_sched: sch_choke: implement lockless choke_dump() 2024-04-19 11:34:07 +01:00
regulatory.h wifi: cfg80211: save power spectral density(psd) of regulatory rule 2023-09-18 09:44:05 +02:00
request_sock.h tcp: reduce accepted window in NEW_SYN_RECV state 2024-05-27 16:47:23 -07:00
rose.h net: rose: add netdev ref tracker to 'struct rose_sock' 2022-08-01 11:59:23 -07:00
route.h inet: introduce dst_rtable() helper 2024-04-30 18:32:38 -07:00
rpl.h ipv6: rpl: Remove pskb(_may)?_pull() in ipv6_rpl_srh_rcv(). 2023-06-19 11:32:58 -07:00
rps.h net: rps: add rps_input_queue_head_add() helper 2024-04-01 11:28:32 +01:00
rsi_91x.h rsi: remove kernel-doc comment marker 2023-07-14 20:39:30 -07:00
rstreason.h tcp: rstreason: fully support in tcp_check_req() 2024-05-13 17:33:57 -07:00
rtnetlink.h rtnetlink: add RTNL_FLAG_DUMP_UNLOCKED flag 2024-02-26 11:46:12 +00:00
rtnh.h
sch_generic.h net/sched: fix false lockdep warning on qdisc root lock 2024-04-26 10:46:41 +02:00
scm.h af_unix: Add dead flag to struct scm_fp_list. 2024-05-10 18:52:45 -07:00
secure_seq.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
seg6_hmac.h
seg6_local.h
seg6.h udp6: Use Segment Routing Header for dest address if present 2022-01-04 12:17:35 +00:00
selftests.h
slhc_vj.h
smc.h net/smc: add operations to merge sndbuf with peer DMB 2024-04-30 13:24:48 +02:00
snmp.h
sock_reuseport.h soreuseport: Fix socket selection for SO_INCOMING_CPU. 2022-10-25 11:35:16 +02:00
sock.h net: fix __dst_negative_advice() race 2024-05-29 17:34:49 -07:00
Space.h net: appletalk: remove cops support 2023-10-04 11:49:20 -07:00
stp.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
strparser.h tls: rx: remove the message decrypted tracking 2022-07-18 11:24:10 +01:00
switchdev.h net: bridge: switchdev: Skip MDB replays of deferred events on offload 2024-02-16 09:36:37 +00:00
tc_wrapper.h Merge branch 'x86/bugs' into x86/core, to pick up pending changes before dependent patches 2024-02-14 10:49:37 +01:00
tcp_ao.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-01-04 18:06:46 -08:00
tcp_states.h tcp: Dump bound-only sockets in inet_diag. 2023-12-04 14:45:26 -08:00
tcp.h bpf-next-for-netdev 2024-05-13 16:41:10 -07:00
tcx.h mm: change inlined allocation helpers to account at the call site 2024-04-25 20:55:59 -07:00
timewait_sock.h tcp: get rid of twsk_unique() 2024-05-09 20:25:55 -07:00
tipc.h
tls_prot.h net/tls: Add TLS Alert definitions 2023-07-28 14:07:59 -07:00
tls_toe.h
tls.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-04-25 12:41:37 -07:00
transp_v6.h inet6: Remove unused function declaration udpv6_connect() 2023-08-01 15:06:27 -07:00
tso.h net: tso: inline tso_count_descs() 2022-12-12 15:04:39 -08:00
tun_proto.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
udp_tunnel.h ip_tunnel: convert __be16 tunnel flags to bitmaps 2024-04-01 10:49:28 +01:00
udp.h new helper: copy_to_iter_full() 2024-04-07 02:42:36 -04:00
udplite.h udplite: fix various data-races 2023-09-14 16:16:36 +02:00
vsock_addr.h
vxlan.h vxlan: add support for flowlabel inherit 2023-11-16 22:33:31 +00:00
wext.h
x25.h x25: preserve const qualifier in [a]x25_sk() 2023-03-18 12:23:34 +00:00
x25device.h
xdp_priv.h net: add missing includes and forward declarations under net/ 2022-07-22 12:53:22 +01:00
xdp_sock_drv.h xsk: use generic DMA sync shortcut instead of a custom one 2024-05-08 08:51:20 +02:00
xdp_sock.h xsk: Don't assume metadata is always requested in TX completion 2024-03-19 13:47:29 +01:00
xdp.h net, xdp: Correct grammar 2023-12-14 16:38:59 +01:00
xfrm.h Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2024-05-09 10:01:01 -07:00
xsk_buff_pool.h xsk: use generic DMA sync shortcut instead of a custom one 2024-05-08 08:51:20 +02:00