linux/net/core
Eric Dumazet f77d602124 ipv6: do not clear pinet6 field
We have seen multiple NULL dereferences in __inet6_lookup_established()

After analysis, I found that inet6_sk() could be NULL while the
check for sk_family == AF_INET6 was true.

Bug was added in linux-2.6.29 when RCU lookups were introduced in UDP
and TCP stacks.

Once an IPv6 socket, using SLAB_DESTROY_BY_RCU is inserted in a hash
table, we no longer can clear pinet6 field.

This patch extends logic used in commit fcbdf09d96
("net: fix nulls list corruptions in sk_prot_alloc")

TCP/UDP/UDPLite IPv6 protocols provide their own .clear_sk() method
to make sure we do not clear pinet6 field.

At socket clone phase, we do not really care, as cloning the parent (non
NULL) pinet6 is not adding a fatal race.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-05-11 16:26:38 -07:00
..
datagram.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-30 03:55:20 -04:00
dev_addr_lists.c net: add dev_uc_sync_multiple() and dev_mc_sync_multiple() api 2013-04-15 16:10:47 -04:00
dev_ioctl.c net: move ioctl functions into a separated file 2013-02-18 12:27:32 -05:00
dev.c gso: Handle Trans-Ether-Bridging protocol in skb_network_protocol() 2013-05-08 13:13:30 -07:00
drop_monitor.c
dst.c net: add skb_dst_set_noref_force 2013-04-02 00:22:53 +02:00
ethtool.c net: vlan,ethtool: netdev_features_t is more than 32 bit 2013-05-02 13:58:12 -04:00
fib_rules.c rtnetlink: Remove passing of attributes into rtnl_doit functions 2013-03-22 10:31:16 -04:00
filter.c filter: add ANC_PAY_OFFSET instruction for loading payload start offset 2013-03-20 13:15:45 -04:00
flow_dissector.c net: flow_dissector: add __skb_get_poff to get a start offset to payload 2013-03-20 13:15:45 -04:00
flow.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-04-01 13:36:50 -04:00
gen_estimator.c
gen_stats.c
iovec.c
link_watch.c
Makefile net: move procfs code to net/core/net-procfs.c 2013-02-19 00:51:10 -05:00
neighbour.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
net_namespace.c proc: Split the namespace stuff out into linux/proc_ns.h 2013-05-01 17:29:39 -04:00
net-procfs.c net: Print functions in /proc/net/ptype without the offset. 2013-03-25 14:12:55 -04:00
net-sysfs.c rps_dev_flow_table_release(): no need to delay vfree() 2013-05-06 11:06:51 -04:00
net-sysfs.h
net-traces.c
netevent.c
netpoll.c netpoll: inverted down_trylock() test 2013-05-06 11:06:52 -04:00
netprio_cgroup.c Revert "netprio_cgroup: make local table static" 2013-04-12 03:06:44 -04:00
pktgen.c Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
request_sock.c tcp: fix a panic on UP machines in reqsk_fastopen_remove 2013-01-14 18:10:05 -05:00
rtnetlink.c net: fix address check in rtnl_fdb_del 2013-04-25 04:14:08 -04:00
scm.c netprio_cgroup: remove task_struct parameter from sock_update_netprio() 2013-04-09 13:19:37 -04:00
secure_seq.c net: defer net_secret[] initialization 2013-04-29 15:14:02 -04:00
skbuff.c packet: tx timestamping on tpacket ring 2013-04-25 01:22:22 -04:00
sock_diag.c sock_diag: allow to dump bpf filters 2013-04-29 13:21:30 -04:00
sock.c ipv6: do not clear pinet6 field 2013-05-11 16:26:38 -07:00
stream.c
sysctl_net_core.c net: avoid to hang up on sending due to sysctl configuration overflow. 2013-01-28 23:15:27 -05:00
timestamping.c
user_dma.c
utils.c net: core: let's use native isxdigit instead of custom 2013-03-27 12:48:32 -04:00