torvalds-linux/net/core
Eric Dumazet f77d602124 ipv6: do not clear pinet6 field
We have seen multiple NULL dereferences in __inet6_lookup_established()

After analysis, I found that inet6_sk() could be NULL while the
check for sk_family == AF_INET6 was true.

Bug was added in linux-2.6.29 when RCU lookups were introduced in UDP
and TCP stacks.

Once an IPv6 socket, using SLAB_DESTROY_BY_RCU is inserted in a hash
table, we no longer can clear pinet6 field.

This patch extends logic used in commit fcbdf09d96
("net: fix nulls list corruptions in sk_prot_alloc")

TCP/UDP/UDPLite IPv6 protocols provide their own .clear_sk() method
to make sure we do not clear pinet6 field.

At socket clone phase, we do not really care, as cloning the parent (non
NULL) pinet6 is not adding a fatal race.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-05-11 16:26:38 -07:00
..
datagram.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-30 03:55:20 -04:00
dev_addr_lists.c
dev_ioctl.c
dev.c gso: Handle Trans-Ether-Bridging protocol in skb_network_protocol() 2013-05-08 13:13:30 -07:00
drop_monitor.c
dst.c
ethtool.c net: vlan,ethtool: netdev_features_t is more than 32 bit 2013-05-02 13:58:12 -04:00
fib_rules.c
filter.c
flow_dissector.c
flow.c
gen_estimator.c
gen_stats.c
iovec.c
link_watch.c
Makefile
neighbour.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
net_namespace.c proc: Split the namespace stuff out into linux/proc_ns.h 2013-05-01 17:29:39 -04:00
net-procfs.c
net-sysfs.c rps_dev_flow_table_release(): no need to delay vfree() 2013-05-06 11:06:51 -04:00
net-sysfs.h
net-traces.c
netevent.c
netpoll.c netpoll: inverted down_trylock() test 2013-05-06 11:06:52 -04:00
netprio_cgroup.c
pktgen.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
request_sock.c
rtnetlink.c net: fix address check in rtnl_fdb_del 2013-04-25 04:14:08 -04:00
scm.c
secure_seq.c net: defer net_secret[] initialization 2013-04-29 15:14:02 -04:00
skbuff.c packet: tx timestamping on tpacket ring 2013-04-25 01:22:22 -04:00
sock_diag.c sock_diag: allow to dump bpf filters 2013-04-29 13:21:30 -04:00
sock.c ipv6: do not clear pinet6 field 2013-05-11 16:26:38 -07:00
stream.c
sysctl_net_core.c
timestamping.c
user_dma.c
utils.c