leandrof/linux
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
8822b64a0fa64a5dd1dfcf837c5b0be83f8c05d1
linux/include/net
History
Hannes Frederic Sowa 8822b64a0f ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET pending data 
We accidentally call down to ip6_push_pending_frames when uncorking
pending AF_INET data on a ipv6 socket. This results in the following
splat (from Dave Jones):

skbuff: skb_under_panic: text:ffffffff816765f6 len:48 put:40 head:ffff88013deb6df0 data:ffff88013deb6dec tail:0x2c end:0xc0 dev:<NULL>
------------[ cut here ]------------
kernel BUG at net/core/skbuff.c:126!
invalid opcode: 0000 [#1] PREEMPT SMP DEBUG_PAGEALLOC
Modules linked in: dccp_ipv4 dccp 8021q garp bridge stp dlci mpoa snd_seq_dummy sctp fuse hidp tun bnep nfnetlink scsi_transport_iscsi rfcomm can_raw can_bcm af_802154 appletalk caif_socket can caif ipt_ULOG x25 rose af_key pppoe pppox ipx phonet irda llc2 ppp_generic slhc p8023 psnap p8022 llc crc_ccitt atm bluetooth
+netrom ax25 nfc rfkill rds af_rxrpc coretemp hwmon kvm_intel kvm crc32c_intel snd_hda_codec_realtek ghash_clmulni_intel microcode pcspkr snd_hda_codec_hdmi snd_hda_intel snd_hda_codec snd_hwdep usb_debug snd_seq snd_seq_device snd_pcm e1000e snd_page_alloc snd_timer ptp snd pps_core soundcore xfs libcrc32c
CPU: 2 PID: 8095 Comm: trinity-child2 Not tainted 3.10.0-rc7+ #37
task: ffff8801f52c2520 ti: ffff8801e6430000 task.ti: ffff8801e6430000
RIP: 0010:[<ffffffff816e759c>]  [<ffffffff816e759c>] skb_panic+0x63/0x65
RSP: 0018:ffff8801e6431de8  EFLAGS: 00010282
RAX: 0000000000000086 RBX: ffff8802353d3cc0 RCX: 0000000000000006
RDX: 0000000000003b90 RSI: ffff8801f52c2ca0 RDI: ffff8801f52c2520
RBP: ffff8801e6431e08 R08: 0000000000000000 R09: 0000000000000000
R10: 0000000000000001 R11: 0000000000000001 R12: ffff88022ea0c800
R13: ffff88022ea0cdf8 R14: ffff8802353ecb40 R15: ffffffff81cc7800
FS:  00007f5720a10740(0000) GS:ffff880244c00000(0000) knlGS:0000000000000000
CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
CR2: 0000000005862000 CR3: 000000022843c000 CR4: 00000000001407e0
DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000600
Stack:
 ffff88013deb6dec 000000000000002c 00000000000000c0 ffffffff81a3f6e4
 ffff8801e6431e18 ffffffff8159a9aa ffff8801e6431e90 ffffffff816765f6
 ffffffff810b756b 0000000700000002 ffff8801e6431e40 0000fea9292aa8c0
Call Trace:
 [<ffffffff8159a9aa>] skb_push+0x3a/0x40
 [<ffffffff816765f6>] ip6_push_pending_frames+0x1f6/0x4d0
 [<ffffffff810b756b>] ? mark_held_locks+0xbb/0x140
 [<ffffffff81694919>] udp_v6_push_pending_frames+0x2b9/0x3d0
 [<ffffffff81694660>] ? udplite_getfrag+0x20/0x20
 [<ffffffff8162092a>] udp_lib_setsockopt+0x1aa/0x1f0
 [<ffffffff811cc5e7>] ? fget_light+0x387/0x4f0
 [<ffffffff816958a4>] udpv6_setsockopt+0x34/0x40
 [<ffffffff815949f4>] sock_common_setsockopt+0x14/0x20
 [<ffffffff81593c31>] SyS_setsockopt+0x71/0xd0
 [<ffffffff816f5d54>] tracesys+0xdd/0xe2
Code: 00 00 48 89 44 24 10 8b 87 d8 00 00 00 48 89 44 24 08 48 8b 87 e8 00 00 00 48 c7 c7 c0 04 aa 81 48 89 04 24 31 c0 e8 e1 7e ff ff <0f> 0b 55 48 89 e5 0f 0b 55 48 89 e5 0f 0b 55 48 89 e5 0f 0b 55
RIP  [<ffffffff816e759c>] skb_panic+0x63/0x65
 RSP <ffff8801e6431de8>

This patch adds a check if the pending data is of address family AF_INET
and directly calls udp_push_ending_frames from udp_v6_push_pending_frames
if that is the case.

This bug was found by Dave Jones with trinity.

(Also move the initialization of fl6 below the AF_INET check, even if
not strictly necessary.)

Cc: Dave Jones <davej@redhat.com>
Cc: YOSHIFUJI Hideaki <yoshfuji@linux-ipv6.org>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-07-02 12:44:18 -07:00
..
9p
9p: turn fid->dlist into hlist
2013-02-27 22:51:08 -05:00
bluetooth
Bluetooth: Remove unneeded flag
2013-06-23 00:23:53 +01:00
caif
caif: Remove my bouncing email address.
2013-04-23 13:25:51 -04:00
irda
irda: small read past the end of array in debug code
2013-04-19 17:32:31 -04:00
iucv
af_iucv: fix recvmsg by replacing skb_pull() function
2013-04-08 17:16:57 -04:00
netfilter
net_sched: add 64bit rate estimators
2013-06-11 02:51:03 -07:00
netns
netfilter: {ipt,ebt}_ULOG: rise warning on deprecation
2013-05-23 14:23:16 +02:00
nfc
NFC: Add secure elements addition and removal API
2013-06-14 13:44:58 +02:00
phonet
net: remove my future former mail address
2012-06-17 16:29:38 -07:00
sctp
net: sctp: prevent checksum.h from double inclusion
2013-07-02 00:23:57 -07:00
tc_act
act_api.h
net_sched: add 64bit rate estimators
2013-06-11 02:51:03 -07:00
addrconf.h
ipv6,mcast: always hold idev->lock before mca_lock
2013-07-01 23:39:21 -07:00
af_ieee802154.h
af_rxrpc.h
af_unix.h
af_unix: fix a fatal race with bit fields
2013-05-01 15:13:49 -04:00
ah.h
arp.h
net: Dont use ifindices in hash fns
2012-08-09 16:18:06 -07:00
atmclip.h
atm: clip: Use device neigh support on top of "arp_tbl".
2011-11-30 18:51:03 -05:00
ax25.h
hlist: drop the node parameter from iterators
2013-02-27 19:10:24 -08:00
ax88796.h
cfg80211-wext.h
cfg80211.h
cfg80211: require passing BSS struct back to cfg80211_assoc_timeout
2013-06-19 18:55:39 +02:00
checksum.h
net: core: add function for incremental IPv6 pseudo header checksum updates
2012-08-30 03:00:16 +02:00
cipso_ipv4.h
cipso: handle CIPSO options correctly when NetLabel is disabled
2012-06-01 14:18:29 -04:00
cls_cgroup.h
cls_cgroup: remove task_struct parameter from sock_update_classid()
2013-04-09 13:19:35 -04:00
codel.h
codel: refine one condition to avoid a nul rec_inv_sqrt
2012-08-10 16:52:54 -07:00
compat.h
net: cleanup unsigned to unsigned int
2012-04-15 12:44:40 -04:00
datalink.h
dcbevent.h
dcbnl.h
net/dcb: Add an optional max rate attribute
2012-04-05 05:08:04 -04:00
dn_dev.h
dn_fib.h
decnet: Parse netlink attributes on our own
2013-03-22 10:31:16 -04:00
dn_neigh.h
dn_nsp.h
dn_route.h
decnet: use correct RCU API to deref sk_dst_cache field
2013-01-28 00:15:27 -05:00
dn.h
net: cleanup unsigned to unsigned int
2012-04-15 12:44:40 -04:00
dsa.h
dsa: Include linux/if_ether.h to fix build error
2011-12-01 11:41:06 -05:00
dsfield.h
ipv6: Optimize ipv6_change_dsfield().
2013-01-09 23:59:53 -08:00
dst_ops.h
net: Fix warnings in dst_ops.h
2012-07-19 10:43:03 -07:00
dst.h
Fix dst_neigh_lookup/dst_neigh_lookup_skb return value handling bug
2013-03-15 09:06:58 -04:00
esp.h
ethoc.h
fib_rules.h
ipv4: Elide fib_validate_source() completely when possible.
2012-06-29 01:36:36 -07:00
firewire.h
firewire net, ipv4 arp: Extend hardware address and remove driver-level packet inspection.
2013-03-26 12:32:13 -04:00
flow_keys.h
flow_keys: include thoff into flow_keys for later usage
2013-03-20 12:14:36 -04:00
flow.h
ipv4: Add FLOWI_FLAG_KNOWN_NH
2012-10-08 17:42:36 -04:00
garp.h
gen_stats.h
net_sched: add 64bit rate estimators
2013-06-11 02:51:03 -07:00
genetlink.h
genl: Allow concurrent genl callbacks.
2013-04-25 01:43:15 -04:00
gre.h
gre: export gre_handle_offloads() function.
2013-06-19 18:07:41 -07:00
gro_cells.h
gro: Fix kcalloc argument order
2013-01-27 22:46:33 -05:00
icmp.h
ipv4: fix error handling in icmp_protocol.
2013-02-22 15:10:18 -05:00
ieee80211_radiotap.h
mac80211: add STBC flag for radiotap
2013-05-24 12:07:25 +02:00
ieee802154_netdev.h
ieee802154/nl-mac.c: make some MLME operations optional
2013-04-08 12:00:16 -04:00
ieee802154.h
6LoWPAN: add fragmentation support
2011-11-14 00:19:42 -05:00
if_inet6.h
ipv6: resend MLD report if a link-local address completes DAD
2013-06-28 21:19:17 -07:00
inet6_connection_sock.h
ipv6: Add helper inet6_csk_update_pmtu().
2012-07-16 03:44:56 -07:00
inet6_hashtables.h
ipv6: use a stronger hash for tcp
2013-02-21 18:15:58 -05:00
inet_common.h
net-tcp: Fast Open client - sendmsg(MSG_FASTOPEN)
2012-07-19 11:02:03 -07:00
inet_connection_sock.h
tcp: Tail loss probe (TLP)
2013-03-12 08:30:34 -04:00
inet_ecn.h
net: Correct comparisons and calculations using skb->tail and skb-transport_header
2013-05-28 23:49:07 -07:00
inet_frag.h
net: frag, fix race conditions in LRU list maintenance
2013-05-06 11:06:51 -04:00
inet_hashtables.h
hlist: drop the node parameter from iterators
2013-02-27 19:10:24 -08:00
inet_sock.h
ipv4: remove is_data also from ip_options documentation.
2013-06-12 03:13:50 -07:00
inet_timewait_sock.h
hlist: drop the node parameter from iterators
2013-02-27 19:10:24 -08:00
inetpeer.h
ipv4: Maintain redirect and PMTU info in struct rtable again.
2012-07-10 22:40:14 -07:00
ip6_checksum.h
ipv6: move csum_ipv6_magic() and udp6_csum_init() into static library
2013-01-08 17:56:10 -08:00
ip6_fib.h
ipv6: fix race condition regarding dst->expires and dst->from.
2013-02-20 15:11:45 -05:00
ip6_route.h
ipv6: Remove unused neigh argument for icmp6_dst_alloc() and its callers.
2013-01-18 14:41:13 -05:00
ip6_tunnel.h
GRE: Refactor GRE tunneling code.
2013-03-26 12:27:18 -04:00
ip_fib.h
ipv4: remove fib_update_nh_saddrs() declaration.
2013-07-02 00:33:52 -07:00
ip_tunnels.h
sit: add support of x-netns
2013-06-27 22:30:47 -07:00
ip_vs.h
ipvs: add sync_persist_mode flag
2013-06-26 18:01:46 +09:00
ip.h
ipv4: Add a socket release callback for datagram sockets
2013-01-21 14:17:05 -05:00
ipcomp.h
ipconfig.h
ipv6.h
ipv6: Convert use of typedef ctl_table to struct ctl_table
2013-06-19 23:18:07 -07:00
ipx.h
iw_handler.h
lapb.h
lapb: Neaten debugging
2012-05-17 18:45:20 -04:00
lib80211.h
hostap: Don't use create_proc_read_entry()
2013-04-29 15:41:56 -04:00
ll_poll.h
net: avoid calling sched_clock when LLS is off
2013-07-01 14:06:47 -07:00
llc_c_ac.h
llc_c_ev.h
net: cleanup unsigned to unsigned int
2012-04-15 12:44:40 -04:00
llc_c_st.h
llc_conn.h
llc_if.h
llc_pdu.h
net: delete all instances of special processing for token ring
2012-05-15 20:14:35 -04:00
llc_s_ac.h
llc_s_ev.h
llc_s_st.h
llc_sap.h
llc.h
llc: Remove stray reference to sysctl_llc_station_ack_timeout.
2012-09-17 13:13:24 -04:00
mac80211.h
mac80211: track AP's beacon rate and give it to the driver
2013-06-13 11:58:47 +02:00
mac802154.h
mac802154: add wpan device-class support
2012-06-26 21:06:11 -07:00
mip6.h
mld.h
mrp.h
net/802: Implement Multiple Registration Protocol (MRP)
2013-02-10 20:37:22 -05:00
ndisc.h
ndisc: Convert use of typedef ctl_table to struct ctl_table
2013-06-19 23:18:07 -07:00
neighbour.h
net neighbour, decnet: Ensure to align device private data on preferred alignment.
2013-02-11 00:21:44 -05:00
net_namespace.h
netns: exclude ipvs from struct net when IPVS disabled
2013-06-26 18:01:46 +09:00
net_ratelimit.h
netdma.h
netevent.h
ipv6 netevent: Remove old_neigh from netevent_redirect.
2013-01-14 15:04:59 -05:00
netlabel.h
userns: Convert the audit loginuid to be a kuid
2012-09-17 18:08:54 -07:00
netlink.h
netlink: Rename pid to portid to avoid confusion
2012-09-10 15:30:41 -04:00
netprio_cgroup.h
netprio_cgroup: remove task_struct parameter from sock_update_netprio()
2013-04-09 13:19:37 -04:00
netrom.h
hlist: drop the node parameter from iterators
2013-02-27 19:10:24 -08:00
nexthop.h
nl802154.h
p8022.h
ping.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2013-06-05 16:37:30 -07:00
pkt_cls.h
pkt_sched: namespace aware act_mirred
2013-01-14 15:09:36 -05:00
pkt_sched.h
sch_api: introduce qdisc_watchdog_schedule_ns()
2013-02-12 18:59:45 -05:00
protocol.h
net: Remove code duplication between offload structures
2012-11-15 17:39:51 -05:00
psnap.h
raw.h
rawv6.h
ipv6: bool/const conversions phase2
2012-05-19 01:08:16 -04:00
red.h
net_sched: red: Make minor corrections to comments
2012-04-16 23:53:11 -04:00
regulatory.h
regulatory: use RCU to protect last_request
2013-01-03 13:01:30 +01:00
request_sock.h
net: remove a stale comment for dl_next
2013-04-22 15:55:48 -04:00
rose.h
route.h
ipv4: avoid a test in ip_rt_put()
2012-11-03 14:59:04 -04:00
rtnetlink.h
rtnetlink: Remove passing of attributes into rtnl_doit functions
2013-03-22 10:31:16 -04:00
sch_generic.h
net_sched: psched_ratecfg_precompute() improvements
2013-06-11 22:39:47 -07:00
scm.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2013-04-22 20:32:51 -04:00
secure_seq.h
net: defer net_secret[] initialization
2013-04-29 15:14:02 -04:00
slhc_vj.h
snmp.h
net: avoid reloads in SNMP_UPD_PO_STATS
2012-08-06 13:40:47 -07:00
sock.h
net: sock: adapt SOCK_MIN_RCVBUF and SOCK_MIN_SNDBUF
2013-06-19 21:16:53 -07:00
stp.h
tcp_memcontrol.h
cgroup: pass struct mem_cgroup instead of struct cgroup to socket memcg
2012-04-10 10:04:07 -07:00
tcp_states.h
tcp.h
tcp: remove invalid __rcu annotation
2013-06-25 02:44:05 -07:00
timewait_sock.h
[PATCH] tcp: Cache inetpeer in timewait socket, and only when necessary.
2012-06-09 14:56:12 -07:00
transp_v6.h
transp_v6.h: style neatening
2013-06-04 16:43:42 -07:00
udp.h
ipv6: call udp_push_pending_frames when uncorking a socket with AF_INET pending data
2013-07-02 12:44:18 -07:00
udplite.h
net: ipv4: Standardize prefixes for message logging
2012-03-12 17:05:21 -07:00
wext.h
wimax.h
net: cleanup unsigned to unsigned int
2012-04-15 12:44:40 -04:00
wpan-phy.h
mac802154: monitor device support
2012-05-16 15:17:08 -04:00
x25.h
net: cleanup unsigned to unsigned int
2012-04-15 12:44:40 -04:00
x25device.h
xfrm.h
xfrm: force a garbage collection after deleting a policy
2013-05-31 17:30:07 -07:00