linux/net/ipv6
Thomas Graf c58dd2dd44 netfilter: Can't fail and free after table replacement
All xtables variants suffer from the defect that the copy_to_user()
to copy the counters to user memory may fail after the table has
already been exchanged and thus exposed. Return an error at this
point will result in freeing the already exposed table. Any
subsequent packet processing will result in a kernel panic.

We can't copy the counters before exposing the new tables as we
want provide the counter state after the old table has been
unhooked. Therefore convert this into a silent error.

Cc: Florian Westphal <fw@strlen.de>
Signed-off-by: Thomas Graf <tgraf@suug.ch>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2014-04-05 17:46:22 +02:00
..
netfilter netfilter: Can't fail and free after table replacement 2014-04-05 17:46:22 +02:00
addrconf_core.c ipv6: move in6_dev_finish_destroy() into core kernel 2013-08-31 22:30:00 -04:00
addrconf.c ipv6: move DAD and addrconf_verify processing to workqueue 2014-03-28 16:54:50 -04:00
addrlabel.c ipv6:fix checkpatch errors with assignment in if condition 2014-02-17 16:57:29 -05:00
af_inet6.c ipv6: add flowlabel_consistency sysctl 2014-01-19 17:12:31 -08:00
ah6.c ah6: Use the IPsec protocol multiplexer API 2014-03-14 07:28:07 +01:00
anycast.c ipv6: enable anycast addresses as source addresses for datagrams 2014-01-22 21:57:05 -08:00
datagram.c ipv6: enable anycast addresses as source addresses for datagrams 2014-01-22 21:57:05 -08:00
esp6.c esp6: Use the IPsec protocol multiplexer API 2014-03-14 07:28:07 +01:00
exthdrs_core.c ipv6: ipv6_find_hdr restore prev functionality 2014-02-27 18:27:26 -05:00
exthdrs_offload.c ipv6: Fix exthdrs offload registration. 2014-03-06 16:35:55 -05:00
exthdrs.c ipv6/exthdrs: accept tlv which includes only padding 2013-09-11 15:52:27 -04:00
fib6_rules.c ipv6: move IPV6_TCLASS_SHIFT into ipv6.h and define a helper 2014-01-15 15:53:18 -08:00
icmp.c ipv6: some ipv6 statistic counters failed to disable bh 2014-03-31 16:38:12 -04:00
inet6_connection_sock.c net: Remove FLOWI_FLAG_CAN_SLEEP 2013-12-06 07:24:39 +01:00
inet6_hashtables.c inet: convert inet_ehash_secret and ipv6_hash_secret to net_get_random_once 2013-10-19 19:45:35 -04:00
ip6_checksum.c ipv6: log src and dst along with "udp checksum is 0" 2014-02-26 15:46:25 -05:00
ip6_fib.c ipv6: fix checkpatch errors of "foo*" and "foo * bar" 2014-03-29 18:15:52 -04:00
ip6_flowlabel.c ipv6: remove some unused include in flowlabel 2014-02-18 18:11:05 -05:00
ip6_gre.c net: introduce netdev_alloc_pcpu_stats() for drivers 2014-02-14 15:49:55 -05:00
ip6_icmp.c ipv6: Kill ipv6 dependency of icmpv6_send(). 2013-04-29 13:54:36 -04:00
ip6_input.c net: Fix memory leak if TPROXY used with TCP early demux 2014-01-27 16:22:11 -08:00
ip6_offload.c ipv4: ipv6: better estimate tunnel header cut for correct ufo handling 2014-02-25 18:27:06 -05:00
ip6_offload.h ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
ip6_output.c ipv6: some ipv6 statistic counters failed to disable bh 2014-03-31 16:38:12 -04:00
ip6_tunnel.c net: Replace u64_stats_fetch_begin_bh to u64_stats_fetch_begin_irq 2014-03-14 22:41:36 -04:00
ip6_vti.c vti6: Enable namespace changing 2014-03-14 07:28:09 +01:00
ip6mr.c ip6mr: fix mfc notification flags 2014-03-20 16:24:28 -04:00
ipcomp6.c ipcomp6: Use the IPsec protocol multiplexer API 2014-03-14 07:28:07 +01:00
ipv6_sockglue.c ipv6: yet another new IPV6_MTU_DISCOVER option IPV6_PMTUDISC_OMIT 2014-02-26 15:51:01 -05:00
Kconfig ip6_vti: Fix build when NET_IP_TUNNEL is not set. 2014-02-20 14:29:49 +01:00
Makefile xfrm6: Add IPsec protocol multiplexer 2014-03-14 07:28:07 +01:00
mcast.c ipv6: some ipv6 statistic counters failed to disable bh 2014-03-31 16:38:12 -04:00
mip6.c ipv4/ipv6: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
ndisc.c neigh: use tbl->family to distinguish ipv4 from ipv6 2013-12-09 20:56:12 -05:00
netfilter.c netfilter: add nf_ipv6_ops hook to fix xt_addrtype with IPv6 2013-05-23 11:58:55 +02:00
output_core.c ipv6: strengthen fallback fragmentation id generation 2014-03-31 16:33:38 -04:00
ping.c ipv6: some ipv6 statistic counters failed to disable bh 2014-03-31 16:38:12 -04:00
proc.c net: add SNMP counters tracking incoming ECN bits 2013-08-08 22:24:59 -07:00
protocol.c net: remove outdated comment for ipv4 and ipv6 protocol handler 2013-11-28 18:47:51 -05:00
raw.c ipv6: protect protocols not handling ipv4 from v4 connection/bind attempts 2014-01-21 16:59:19 -08:00
reassembly.c ipv6: split inet6_hash_frag for netfilter and initialize secrets with net_get_random_once 2013-10-23 17:01:40 -04:00
route.c ipv6: reuse rt6_need_strict 2014-03-31 16:16:16 -04:00
sit.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-03-05 20:32:02 -05:00
syncookies.c net: Remove FLOWI_FLAG_CAN_SLEEP 2013-12-06 07:24:39 +01:00
sysctl_net_ipv6.c ipv6: add flowlabel_consistency sysctl 2014-01-19 17:12:31 -08:00
tcp_ipv6.c ipv6: tcp_ipv6 policy route issue 2014-03-31 16:16:17 -04:00
tcpv6_offload.c net-gro: Prepare GRO stack for the upcoming tunneling support 2013-12-12 13:47:53 -05:00
tunnel6.c ipv4/ipv6: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
udp_impl.h net: ipv4/ipv6: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
udp_offload.c ipv6: reuse ip6_frag_id from ip6_ufo_append_data 2014-02-22 00:28:21 -05:00
udp.c ipv6: make IPV6_RECVPKTINFO work for ipv4 datagrams 2014-01-19 19:53:18 -08:00
udplite.c ipv6: do not clear pinet6 field 2013-05-11 16:26:38 -07:00
xfrm6_input.c
xfrm6_mode_beet.c
xfrm6_mode_ro.c ipv4/ipv6: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c xfrm6: Remove xfrm_tunnel_notifier 2014-03-14 07:28:08 +01:00
xfrm6_output.c xfrm: revert ipv4 mtu determination to dst_mtu 2013-08-26 12:40:53 +02:00
xfrm6_policy.c xfrm6: Add IPsec protocol multiplexer 2014-03-14 07:28:07 +01:00
xfrm6_protocol.c xfrm6: Add IPsec protocol multiplexer 2014-03-14 07:28:07 +01:00
xfrm6_state.c xfrm: make local error reporting more robust 2013-08-14 13:07:12 +02:00
xfrm6_tunnel.c ipv4/ipv6: Fix FSF address in file headers 2013-12-06 12:37:56 -05:00