AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
15e668070a
kernel_optimize_test/net/ipv6
History
WANG Cong 15e668070a ipv6: reorder icmpv6_init() and ip6_mr_init() 
Andrey reported the following kernel crash:

kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: 0000 [#1] SMP KASAN
Dumping ftrace buffer:
   (ftrace buffer empty)
Modules linked in:
CPU: 0 PID: 14446 Comm: syz-executor6 Not tainted 4.10.0+ #82
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS Bochs 01/01/2011
task: ffff88001f311700 task.stack: ffff88001f6e8000
RIP: 0010:ip6mr_sk_done+0x15a/0x3d0 net/ipv6/ip6mr.c:1618
RSP: 0018:ffff88001f6ef418 EFLAGS: 00010202
RAX: dffffc0000000000 RBX: 1ffff10003edde8c RCX: ffffc900043ee000
RDX: 0000000000000004 RSI: ffffffff83e3b3f8 RDI: 0000000000000020
RBP: ffff88001f6ef508 R08: fffffbfff0dcc5d8 R09: 0000000000000000
R10: ffffffff86e62ec0 R11: 0000000000000000 R12: 0000000000000000
R13: 0000000000000000 R14: ffff88001f6ef4e0 R15: ffff8800380a0040
FS:  00007f7a52cec700(0000) GS:ffff88003ec00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 000000000061c500 CR3: 000000001f1ae000 CR4: 00000000000006f0
DR0: 0000000020000000 DR1: 0000000020000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000600
Call Trace:
 rawv6_close+0x4c/0x80 net/ipv6/raw.c:1217
 inet_release+0xed/0x1c0 net/ipv4/af_inet.c:425
 inet6_release+0x50/0x70 net/ipv6/af_inet6.c:432
 sock_release+0x8d/0x1e0 net/socket.c:597
 __sock_create+0x39d/0x880 net/socket.c:1226
 sock_create_kern+0x3f/0x50 net/socket.c:1243
 inet_ctl_sock_create+0xbb/0x280 net/ipv4/af_inet.c:1526
 icmpv6_sk_init+0x163/0x500 net/ipv6/icmp.c:954
 ops_init+0x10a/0x550 net/core/net_namespace.c:115
 setup_net+0x261/0x660 net/core/net_namespace.c:291
 copy_net_ns+0x27e/0x540 net/core/net_namespace.c:396
9pnet_virtio: no channels available for device ./file1
 create_new_namespaces+0x437/0x9b0 kernel/nsproxy.c:106
 unshare_nsproxy_namespaces+0xae/0x1e0 kernel/nsproxy.c:205
 SYSC_unshare kernel/fork.c:2281 [inline]
 SyS_unshare+0x64e/0x1000 kernel/fork.c:2231
 entry_SYSCALL_64_fastpath+0x1f/0xc2

This is because net->ipv6.mr6_tables is not initialized at that point,
ip6mr_rules_init() is not called yet, therefore on the error path when
we iterator the list, we trigger this oops. Fix this by reordering
ip6mr_rules_init() before icmpv6_sk_init().

Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2017-03-07 14:57:33 -08:00
..
ila lwtunnel: remove device arg to lwtunnel_build_state 2017-01-30 15:14:22 -05:00
netfilter ipv6: orphan skbs in reassembly unit 2017-03-01 20:55:57 -08:00
addrconf_core.c
addrconf.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-03-04 17:31:39 -08:00
addrlabel.c
af_inet6.c ipv6: reorder icmpv6_init() and ip6_mr_init() 2017-03-07 14:57:33 -08:00
ah6.c
anycast.c
calipso.c
datagram.c ipv6: Handle IPv4-mapped src to in6addr_any dst. 2017-02-14 12:13:51 -05:00
esp6_offload.c esp: Add a software GRO codepath 2017-02-15 11:04:11 +01:00
esp6.c
exthdrs_core.c
exthdrs_offload.c
exthdrs.c ipv6: sr: remove cleanup flag and fix HMAC computation 2017-02-03 11:05:23 -05:00
fib6_rules.c
fou6.c
icmp.c
inet6_connection_sock.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-01-28 10:33:06 -05:00
inet6_hashtables.c
ip6_checksum.c
ip6_fib.c net: ipv6: Change notifications for multipath delete to RTA_MULTIPATH 2017-02-04 19:58:14 -05:00
ip6_flowlabel.c
ip6_gre.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-02-07 16:29:30 -05:00
ip6_icmp.c
ip6_input.c
ip6_offload.c net: Add a skb_gro_flush_final helper. 2017-02-15 09:39:39 +01:00
ip6_offload.h
ip6_output.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-02-19 11:18:46 -05:00
ip6_tunnel.c ipv6: pointer math error in ip6_tnl_parse_tlv_enc_lim() 2017-02-01 12:27:33 -05:00
ip6_udp_tunnel.c
ip6_vti.c vti6: return GRE_KEY for vti6 2017-02-24 11:42:55 -05:00
ip6mr.c ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt 2017-02-26 21:25:46 -05:00
ipcomp6.c
ipv6_sockglue.c
Kconfig Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2017-02-16 21:25:49 -05:00
Makefile esp: Add a software GRO codepath 2017-02-15 11:04:11 +01:00
mcast_snoop.c
mcast.c igmp, mld: Fix memory leak in igmpv3/mld_del_delrec() 2017-02-09 16:43:45 -05:00
mip6.c
ndisc.c
netfilter.c
output_core.c
ping.c
proc.c
protocol.c
raw.c net: use dst_confirm_neigh for UDP, RAW, ICMP, L2TP 2017-02-07 13:07:47 -05:00
reassembly.c
route.c ipv6: ignore null_entry in inet6_rtm_getroute() too 2017-03-02 14:35:31 -08:00
seg6_hmac.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-02-07 16:29:30 -05:00
seg6_iptunnel.c ipv6: sr: fix non static symbol warnings 2017-02-07 11:42:35 -05:00
seg6.c
sit.c sit: fix a double free on error path 2017-02-08 13:12:22 -05:00
syncookies.c
sysctl_net_ipv6.c
tcp_ipv6.c tcp: setup timestamp offset when write_seq already set 2017-02-22 16:35:32 -05:00
tcpv6_offload.c
tunnel6.c
udp_impl.h
udp_offload.c
udp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-02-16 19:34:01 -05:00
udplite.c
xfrm6_input.c esp: Add a software GRO codepath 2017-02-15 11:04:11 +01:00
xfrm6_mode_beet.c
xfrm6_mode_ro.c
xfrm6_mode_transport.c esp: Add a software GRO codepath 2017-02-15 11:04:11 +01:00
xfrm6_mode_tunnel.c
xfrm6_output.c
xfrm6_policy.c xfrm: policy: make policy backend const 2017-02-09 10:22:19 +01:00
xfrm6_protocol.c xfrm: input: constify xfrm_input_afinfo 2017-02-09 10:22:17 +01:00
xfrm6_state.c
xfrm6_tunnel.c