linux/net/ipv6/netfilter
Eric Dumazet 1d6119baf0 net: fix percpu memory leaks
This patch fixes following problems :

1) percpu_counter_init() can return an error, therefore
  init_frag_mem_limit() must propagate this error so that
  inet_frags_init_net() can do the same up to its callers.

2) If ip[46]_frags_ns_ctl_register() fail, we must unwind
   properly and free the percpu_counter.

Without this fix, we leave freed object in percpu_counters
global list (if CONFIG_HOTPLUG_CPU) leading to crashes.

This bug was detected by KASAN and syzkaller tool
(http://github.com/google/syzkaller)

Fixes: 6d7b857d54 ("net: use lib/percpu_counter API for fragmentation mem accounting")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Cc: Hannes Frederic Sowa <hannes@stressinduktion.org>
Cc: Jesper Dangaard Brouer <brouer@redhat.com>
Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-11-02 22:47:14 -05:00
..
ip6_tables.c netfilter: ip6_tables: improve if statements 2015-10-14 12:29:51 +02:00
ip6t_ah.c
ip6t_eui64.c
ip6t_frag.c
ip6t_hbh.c
ip6t_ipv6header.c netfilter: remove unnecessary break after return 2014-07-15 16:27:00 -07:00
ip6t_MASQUERADE.c netfilter: nf_nat: generalize IPv6 masquerading support for nf_tables 2014-09-09 16:31:29 +02:00
ip6t_mh.c
ip6t_NPT.c
ip6t_REJECT.c netfilter: x_tables: Use par->net instead of computing from the passed net devices 2015-09-18 21:58:25 +02:00
ip6t_rpfilter.c netfilter: x_tables: Use par->net instead of computing from the passed net devices 2015-09-18 21:58:25 +02:00
ip6t_rt.c
ip6t_SYNPROXY.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-10-17 14:28:03 +02:00
ip6table_filter.c netfilter: Pass priv instead of nf_hook_ops to netfilter hooks 2015-09-18 22:00:16 +02:00
ip6table_mangle.c ipv6: Pass struct net into ip6_route_me_harder 2015-09-29 20:21:32 +02:00
ip6table_nat.c netfilter: remove hook owner refcounting 2015-10-16 18:21:39 +02:00
ip6table_raw.c netfilter: Pass priv instead of nf_hook_ops to netfilter hooks 2015-09-18 22:00:16 +02:00
ip6table_security.c netfilter: Pass priv instead of nf_hook_ops to netfilter hooks 2015-09-18 22:00:16 +02:00
Kconfig netfilter: fix Kconfig dependencies for nf_dup_ipv{4,6} 2015-10-01 00:19:54 +02:00
Makefile netfilter: nf_tables: add nft_dup expression 2015-08-07 11:49:49 +02:00
nf_conntrack_l3proto_ipv6.c netfilter: remove hook owner refcounting 2015-10-16 18:21:39 +02:00
nf_conntrack_proto_icmpv6.c netfilter: ipv6: whitespace around operators 2015-10-13 14:12:38 +02:00
nf_conntrack_reasm.c net: fix percpu memory leaks 2015-11-02 22:47:14 -05:00
nf_defrag_ipv6_hooks.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-10-17 14:28:03 +02:00
nf_dup_ipv6.c ipv4, ipv6: Pass net into ip_local_out and ip6_local_out 2015-10-08 04:27:02 -07:00
nf_log_ipv6.c netfilter: Use LOGLEVEL_<FOO> defines 2015-03-25 12:09:39 +01:00
nf_nat_l3proto_ipv6.c ipv6: Pass struct net into ip6_route_me_harder 2015-09-29 20:21:32 +02:00
nf_nat_masquerade_ipv6.c netfilter: Use nf_ct_net instead of dev_net(out) in nf_nat_masquerade_ipv6 2015-09-18 22:00:28 +02:00
nf_nat_proto_icmpv6.c net: Change pseudohdr argument of inet_proto_csum_replace* to be a bool 2015-08-17 21:33:06 -07:00
nf_reject_ipv6.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-10-17 14:28:03 +02:00
nf_tables_ipv6.c netfilter: Pass priv instead of nf_hook_ops to netfilter hooks 2015-09-18 22:00:16 +02:00
nft_chain_nat_ipv6.c netfilter: Pass priv instead of nf_hook_ops to netfilter hooks 2015-09-18 22:00:16 +02:00
nft_chain_route_ipv6.c netfilter: ipv6: code indentation 2015-10-13 14:12:38 +02:00
nft_dup_ipv6.c netfilter: Pass net to nf_dup_ipv4 and nf_dup_ipv6 2015-09-18 21:59:11 +02:00
nft_masq_ipv6.c netfilter: nf_tables: get rid of NFT_REG_VERDICT usage 2015-04-13 17:17:07 +02:00
nft_redir_ipv6.c netfilter: nf_tables: kill nft_pktinfo.ops 2015-09-18 21:58:01 +02:00
nft_reject_ipv6.c netfilter: nf_tables: Use pkt->net instead of computing net from the passed net_devices 2015-09-18 21:58:49 +02:00