linux/net
David Howells b13023421b rxrpc: Fix net namespace cleanup
In rxrpc_destroy_all_calls(), there are two phases: (1) make sure the
->calls list is empty, emitting error messages if not, and (2) wait for the
RCU cleanup to happen on outstanding calls (ie. ->nr_calls becomes 0).

To avoid taking the call_lock, the function prechecks ->calls and if empty,
it returns to avoid taking the lock - this is wrong, however: it still
needs to go and do the second phase and wait for ->nr_calls to become 0.

Without this, the rxrpc_net struct may get deallocated before we get to the
RCU cleanup for the last calls.  This can lead to:

  Slab corruption (Not tainted): kmalloc-16k start=ffff88802b178000, len=16384
  050: 6b 6b 6b 6b 6b 6b 6b 6b 61 6b 6b 6b 6b 6b 6b 6b  kkkkkkkkakkkkkkk

Note the "61" at offset 0x58.  This corresponds to the ->nr_calls member of
struct rxrpc_net (which is >9k in size, and thus allocated out of the 16k
slab).

Fix this by flipping the condition on the if-statement, putting the locked
section inside the if-body and dropping the return from there.  The
function will then always go on to wait for the RCU cleanup on outstanding
calls.

Fixes: 2baec2c3f8 ("rxrpc: Support network namespacing")
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-04-30 10:50:50 -04:00
..
6lowpan 6lowpan: fix debugfs_simple_attr.cocci warnings 2019-01-22 09:51:19 +01:00
9p 9p/net: fix memory leak in p9_client_create 2019-03-13 11:50:04 +01:00
802
8021q vlan: conditional inclusion of FCoE hooks to match netdevice.h and bnx2x 2019-04-04 17:18:34 -07:00
appletalk appletalk: Fix potential NULL pointer dereference in unregister_snap_client 2019-03-15 11:25:48 -07:00
atm net: atm: Fix potential Spectre v1 vulnerabilities 2019-04-16 21:01:45 -07:00
ax25 ax25: fix possible use-after-free 2019-01-23 11:18:00 -08:00
batman-adv batman-adv: Fix genl notification for throughput_override 2019-03-25 09:31:19 +01:00
bluetooth Bluetooth: Check address length before reading address field 2019-04-12 10:25:03 -07:00
bpf bpf: fix warning about using plain integer as NULL 2019-03-08 21:17:07 +01:00
bpfilter bpfilter: re-add header search paths to tools include to fix build error 2019-02-23 13:34:40 -08:00
bridge Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf 2019-04-22 21:23:55 -07:00
caif net: caif: use skb helpers instead of open-coding them 2019-02-17 11:01:17 -08:00
can can: bcm: check timer values before ktime conversion 2019-01-22 11:33:46 +01:00
ceph libceph: fix breakage caused by multipage bvecs 2019-03-25 22:28:07 +01:00
core socket: fix compat SO_RCVTIMEO_NEW/SO_SNDTIMEO_NEW 2019-04-16 21:52:22 -07:00
dcb
dccp dccp: Fix memleak in __feat_register_sp 2019-04-01 18:15:10 -07:00
decnet Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-01-29 21:18:54 -08:00
dns_resolver
dsa net: dsa: Implement flow_dissect callback for tag_qca 2019-03-28 16:57:19 -07:00
ethernet net/ethernet: Add parse_protocol header_ops support 2019-02-22 12:55:31 -08:00
hsr net/hsr: fix possible crash in add_timer() 2019-03-07 11:02:08 -08:00
ieee802154 net: remove unused struct inet_frag_queue.fragments field 2019-02-26 08:27:05 -08:00
ife
ipv4 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2019-04-30 09:11:10 -04:00
ipv6 Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec 2019-04-30 09:11:10 -04:00
iucv
kcm kcm: switch order of device registration to fix a crash 2019-04-01 14:59:20 -07:00
key xfrm: clean up xfrm protocol checks 2019-03-26 08:35:36 +01:00
l2tp l2tp: use rcu_dereference_sk_user_data() in l2tp_udp_encap_recv() 2019-04-26 11:18:23 -04:00
l3mdev l3mdev: add function to retreive upper master 2018-12-03 14:15:26 -08:00
lapb
llc llc: Check address length before reading address field 2019-04-12 10:25:03 -07:00
mac80211 mac80211: don't attempt to rename ERR_PTR() debugfs dirs 2019-04-23 13:47:05 +02:00
mac802154
mpls mpls: Fix 6PE forwarding 2019-03-19 16:00:22 -07:00
ncsi net/ncsi: handle overflow when incrementing mac address 2019-04-23 21:15:15 -07:00
netfilter netfilter: fix nf_l4proto_log_invalid to log invalid packets 2019-04-22 10:38:50 +02:00
netlabel netlabel: fix out-of-bounds memory accesses 2019-02-27 21:45:24 -08:00
netlink genetlink: use idr_alloc_cyclic for family->id assignment 2019-04-26 11:59:58 -04:00
netrom net: netrom: Fix error cleanup path of nr_proto_init 2019-04-11 13:59:49 -07:00
nfc NFC: nci: Add some bounds checking in nci_hci_cmd_received() 2019-04-06 15:05:07 -07:00
nsh
openvswitch openvswitch: fix flow actions reallocation 2019-03-28 17:15:44 -07:00
packet net/packet: Set __GFP_NOWARN upon allocation in alloc_pg_vec 2019-03-20 10:46:50 -07:00
phonet phonet: fix building with clang 2019-02-21 16:23:56 -08:00
psample
qrtr mm: replace all open encodings for NUMA_NO_NODE 2019-03-05 21:07:14 -08:00
rds net: rds: exchange of 8K and 1M pool 2019-04-24 12:07:08 -07:00
rfkill rfkill: gpio: Remove unused include 2018-12-18 13:13:56 +01:00
rose net/rose: fix unbound loop in rose_loopback_timer() 2019-04-24 14:39:26 -07:00
rxrpc rxrpc: Fix net namespace cleanup 2019-04-30 10:50:50 -04:00
sched sch_cake: Make sure we can write the IP header before changing DSCP bits 2019-04-04 10:55:59 -07:00
sctp sctp: Check address length before reading address family 2019-04-12 10:25:03 -07:00
smc net/smc: move unhash before release of clcsock 2019-04-11 11:04:08 -07:00
strparser net: strparser: partially revert "strparser: Call skb_unclone conditionally" 2019-04-10 13:07:02 -07:00
sunrpc Fix miscellaneous nfsd bugs, in NFSv4.1 callbacks, NFSv4.1 2019-04-23 13:40:55 -07:00
switchdev switchdev: Remove unused transaction item queue 2019-03-01 21:35:19 -08:00
tipc tipc: set sysctl_tipc_rmem and named_timeout right range 2019-04-16 21:32:02 -07:00
tls net/tls: fix copy to fragments in reencrypt 2019-04-27 20:17:19 -04:00
unix io_uring-2019-03-06 2019-03-08 14:48:40 -08:00
vmw_vsock vsock/virtio: fix kernel panic from virtio_transport_reset_no_sock 2019-03-08 15:15:44 -08:00
wimax
wireless cfg80211: Notify previous user request during self managed wiphy registration 2019-04-23 13:45:30 +02:00
x25 net/x25: reset state in x25_connect() 2019-03-11 15:40:14 -07:00
xdp xsk: fix umem memory leak on cleanup 2019-03-16 01:27:51 +01:00
xfrm xfrm: Honor original L3 slave device in xfrmi policy lookup 2019-03-27 16:14:05 +01:00
compat.c Merge branch 'timers-2038-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2019-03-05 14:08:26 -08:00
Kconfig net: devlink: turn devlink into a built-in 2019-02-26 08:49:05 -08:00
Makefile net: split out functions related to registering inflight socket files 2019-02-28 08:24:23 -07:00
socket.c net: add documentation to socket.c 2019-03-15 15:29:47 -07:00
sysctl_net.c