system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-21 19:47:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/net/ipv4
History
Eric Dumazet 64f3b9e203 net: ip_expire() must revalidate route 
Commit 4a94445c9a (net: Use ip_route_input_noref() in input path)
added a bug in IP defragmentation handling, in case timeout is fired.

When a frame is defragmented, we use last skb dst field when building
final skb. Its dst is valid, since we are in rcu read section.

But if a timeout occurs, we take first queued fragment to build one ICMP
TIME EXCEEDED message. Problem is all queued skb have weak dst pointers,
since we escaped RCU critical section after their queueing. icmp_send()
might dereference a now freed (and possibly reused) part of memory.

Calling skb_dst_drop() and ip_route_input_noref() to revalidate route is
the only possible choice.

Reported-by: Denys Fedoryshchenko <denys@visp.net.lb>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-04 14:04:07 -07:00
..
netfilter Fix common misspellings 2011-03-31 11:26:23 -03:00
af_inet.c ipv4: Create and use route lookup helpers. 2011-03-12 15:08:42 -08:00
ah4.c xfrm: Use separate low and high order bits of the sequence numbers in xfrm_skb_cb 2011-03-13 20:22:28 -07:00
arp.c net: gre: provide multicast mappings for ipv4 and ipv6 2011-03-30 00:10:47 -07:00
cipso_ipv4.c Fix common misspellings 2011-03-31 11:26:23 -03:00
datagram.c ipv4: Make output route lookup return rtable directly. 2011-03-02 14:31:35 -08:00
devinet.c sysctl: net: call unregister_net_sysctl_table where needed 2011-05-02 16:12:14 -07:00
esp4.c esp4: Add support for IPsec extended sequence numbers 2011-03-13 20:22:29 -07:00
fib_frontend.c fib: add rtnl locking in ip_fib_net_exit 2011-03-30 16:57:46 -07:00
fib_lookup.h ipv4: Fix nexthop caching wrt. scoping. 2011-03-24 18:06:47 -07:00
fib_rules.c ipv4: Use flowi4 in FIB layer. 2011-03-12 15:08:49 -08:00
fib_semantics.c ipv4: Fix nexthop caching wrt. scoping. 2011-03-24 18:06:47 -07:00
fib_trie.c ipv4: don't spam dmesg with "Using LC-trie" messages 2011-05-01 23:17:50 -07:00
gre.c tunnels: add _rcu annotations 2010-10-25 13:09:45 -07:00
icmp.c Fix common misspellings 2011-03-31 11:26:23 -03:00
igmp.c ipv4: Create and use route lookup helpers. 2011-03-12 15:08:42 -08:00
inet_connection_sock.c Revert "tcp: disallow bind() to reuse addr/port" 2011-04-13 12:01:14 -07:00
inet_diag.c Revert "netlink: test for all flags of the NLM_F_DUMP composite" 2011-01-19 13:34:20 -08:00
inet_fragment.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
inet_hashtables.c inet: Fix __inet_inherit_port() to correctly increment bsockets and num_owners 2010-11-28 18:18:44 -08:00
inet_lro.c net/ipv4: Move && and || to end of previous line 2009-11-23 10:41:23 -08:00
inet_timewait_sock.c tcp: fix inet_twsk_deschedule() 2011-02-19 18:59:04 -08:00
inetpeer.c inetpeer: reduce stack usage 2011-04-12 13:58:33 -07:00
ip_forward.c net-next: remove useless union keyword 2010-06-10 23:31:35 -07:00
ip_fragment.c net: ip_expire() must revalidate route 2011-05-04 14:04:07 -07:00
ip_gre.c ipv4: Create and use route lookup helpers. 2011-03-12 15:08:42 -08:00
ip_input.c netfilter: fix Kconfig dependencies 2011-01-14 13:36:42 +01:00
ip_options.c ip: ip_options_compile() resilient to NULL skb route 2011-04-14 23:26:02 -07:00
ip_output.c Fix common misspellings 2011-03-31 11:26:23 -03:00
ip_sockglue.c ipv4: add __rcu annotations to ip_ra_chain 2010-10-25 14:18:28 -07:00
ipcomp.c xfrm: SA lookups signature with mark 2010-02-22 16:20:22 -08:00
ipconfig.c Fix common misspellings 2011-03-31 11:26:23 -03:00
ipip.c ipv4: Create and use route lookup helpers. 2011-03-12 15:08:42 -08:00
ipmr.c ipv4: Use flowi4 in ipmr code. 2011-03-12 15:08:49 -08:00
Kconfig ipv4: Remove fib_hash. 2011-02-01 15:35:25 -08:00
Makefile ipv4: Remove fib_hash. 2011-02-01 15:35:25 -08:00
netfilter.c netfilter: af_info: add 'strict' parameter to limit lookup to .oif 2011-04-04 17:00:54 +02:00
proc.c tcp: Replace time wait bucket msg by counter 2010-12-08 12:16:33 -08:00
protocol.c net: add __rcu annotations to protocol 2010-10-27 11:37:31 -07:00
raw.c Fix common misspellings 2011-03-31 11:26:23 -03:00
route.c net: provide cow_metrics() methods to blackhole dst_ops 2011-04-25 11:53:08 -07:00
syncookies.c net: Put fl4_* macros to struct flowi4 and use them again. 2011-03-12 15:08:54 -08:00
sysctl_net_ipv4.c net: Do not wrap sysctl igmp_max_memberships in IP_MULTICAST 2011-04-12 13:59:33 -07:00
tcp.c tcp: ioctl type SIOCOUTQNSD returns amount of data not sent 2011-03-09 14:08:09 -08:00
tcp_bic.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_cong.c net/ipv4: Eliminate kstrdup memory leak 2010-08-27 19:31:56 -07:00
tcp_cubic.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-03-15 15:15:17 -07:00
tcp_diag.c tcp: diag: Dont report negative values for rx queue 2009-12-03 16:06:13 -08:00
tcp_highspeed.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_htcp.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_hybla.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_illinois.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_input.c tcp: Make undo_ssthresh arg to tcp_undo_cwr() a bool. 2011-03-22 19:37:11 -07:00
tcp_ipv4.c ipv4: Make output route lookup return rtable directly. 2011-03-02 14:31:35 -08:00
tcp_lp.c Fix common misspellings 2011-03-31 11:26:23 -03:00
tcp_minisocks.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2010-12-08 13:47:38 -08:00
tcp_output.c Merge branch 'for-linus2' of git://git.profusion.mobi/users/lucas/linux-2.6 2011-04-07 11:14:49 -07:00
tcp_probe.c net: ipv4: tcp_probe: cleanup snprintf() use 2010-11-17 12:27:46 -08:00
tcp_scalable.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_timer.c tcp: Remove debug macro of TCP_CHECK_TIMER 2011-02-20 11:10:14 -08:00
tcp_vegas.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_vegas.h
tcp_veno.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_westwood.c tcp: mark tcp_congestion_ops read_mostly 2011-03-10 00:40:17 -08:00
tcp_yeah.c Fix common misspellings 2011-03-31 11:26:23 -03:00
tunnel4.c tunnels: add __rcu annotations 2010-10-27 11:37:32 -07:00
udp.c Fix common misspellings 2011-03-31 11:26:23 -03:00
udp_impl.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
udplite.c net: fix nulls list corruptions in sk_prot_alloc 2010-12-16 14:26:56 -08:00
xfrm4_input.c net/ipv4: EXPORT_SYMBOL cleanups 2010-07-12 12:57:54 -07:00
xfrm4_mode_beet.c ipsec: Interfamily IPSec BEET 2008-08-06 02:39:30 -07:00
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c ipv4: Don't pre-seed hoplimit metric. 2010-12-12 22:08:17 -08:00
xfrm4_output.c netfilter: ipv4: use NFPROTO values for NF_HOOK invocation 2010-03-25 16:00:30 +01:00
xfrm4_policy.c ipv4: Fix "Set rt->rt_iif more sanely on output routes." 2011-04-07 14:04:08 -07:00
xfrm4_state.c net: Use flowi4 and flowi6 in xfrm layer. 2011-03-12 15:08:52 -08:00
xfrm4_tunnel.c net: struct xfrm_tunnel in read_mostly section 2010-08-30 13:50:45 -07:00