system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-29 16:00:27 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/net/ipv6
History
Francesco Ruggeri 013d97e9da net: race condition in ipv6 forwarding and disable_ipv6 parameters 
There is a race condition in addrconf_sysctl_forward() and
addrconf_sysctl_disable().
These functions change idev->cnf.forwarding (resp. idev->cnf.disable_ipv6)
and then try to grab the rtnl lock before performing any actions.
If that fails they restore the original value and restart the syscall.
This creates race conditions if ipv6 code tries to access
these parameters, or if multiple instances try to do the same operation.
As an example of the former, if __ipv6_ifa_notify() finds a 0 in
idev->cnf.forwarding when invoked by addrconf_ifdown() it may not free
anycast addresses, ultimately resulting in the net_device not being freed.
This patch reads the user parameters into a temporary location and only
writes the actual parameters when the rtnl lock is acquired.
Tested in 2.6.38.8.
Signed-off-by: Francesco Ruggeri <fruggeri@aristanetworks.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2012-01-18 16:38:34 -05:00
..
netfilter Merge branch 'for-linus' of git://selinuxproject.org/~jmorris/linux-security 2012-01-14 18:36:33 -08:00
addrconf.c net: race condition in ipv6 forwarding and disable_ipv6 parameters 2012-01-18 16:38:34 -05:00
addrconf_core.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
addrlabel.c rtnetlink: Compute and store minimum ifinfo dump size 2011-06-09 20:38:07 -07:00
af_inet6.c per-netns ipv4 sysctl_tcp_mem 2011-12-12 19:04:11 -05:00
ah6.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
anycast.c ipv6: Kill rt6i_dev and rt6i_expires defines. 2011-12-28 20:19:20 -05:00
datagram.c net: fix some sparse errors 2012-01-17 10:31:12 -05:00
esp6.c Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6 2011-05-05 14:59:02 -07:00
exthdrs.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
exthdrs_core.c ipv6: Add fragment reporting to ipv6_skip_exthdr(). 2011-12-03 09:35:10 -08:00
fib6_rules.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
icmp.c ipv6: Add fragment reporting to ipv6_skip_exthdr(). 2011-12-03 09:35:10 -08:00
inet6_connection_sock.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-11-26 14:47:03 -05:00
inet6_hashtables.c net: Compute protocol sequence numbers and fragment IDs using MD5. 2011-08-06 18:33:19 -07:00
ip6_fib.c IPv6: Avoid taking write lock for /proc/net/ipv6_route 2011-12-30 17:07:33 -05:00
ip6_flowlabel.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
ip6_input.c ipv6: Add fragment reporting to ipv6_skip_exthdr(). 2011-12-03 09:35:10 -08:00
ip6_output.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-12-23 17:13:56 -05:00
ip6_tunnel.c net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
ip6mr.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
ipcomp6.c inet: constify ip headers and in6_addr 2011-04-22 11:04:14 -07:00
ipv6_sockglue.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2011-12-02 13:49:21 -05:00
Kconfig ipv6: ip6mr: support multiple tables 2010-05-11 14:40:55 +02:00
Makefile [IPV6] MROUTE: Support multicast forwarding. 2008-04-05 22:33:38 +09:00
mcast.c ipv6: Kill rt6i_dev and rt6i_expires defines. 2011-12-28 20:19:20 -05:00
mip6.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
ndisc.c ipv6: Check RA for sllao when configuring optimistic ipv6 address (v2) 2012-01-04 15:53:20 -05:00
netfilter.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
proc.c ipv6: fix per device IP snmp counters 2012-01-17 23:56:18 -05:00
protocol.c net: add __rcu annotations to protocol 2010-10-27 11:37:31 -07:00
raw.c net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
reassembly.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
route.c ipv6: release idev when ip6_neigh_lookup failed in icmp6_dst_alloc 2012-01-13 10:10:46 -08:00
sit.c net: reintroduce missing rcu_assign_pointer() calls 2012-01-12 12:26:56 -08:00
syncookies.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
sysctl_net_ipv6.c net: Add export.h for EXPORT_SYMBOL/THIS_MODULE to non-modules 2011-10-31 19:30:30 -04:00
tcp_ipv6.c per-netns ipv4 sysctl_tcp_mem 2011-12-12 19:04:11 -05:00
tunnel6.c tunnels: add _rcu annotations 2010-10-25 13:09:45 -07:00
udp.c udp: Export code sk lookup routines 2011-12-09 14:14:08 -05:00
udp_impl.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
udplite.c Merge branch 'modsplit-Oct31_2011' of git://git.kernel.org/pub/scm/linux/kernel/git/paulg/linux 2011-11-06 19:44:47 -08:00
xfrm6_input.c netfilter: ipv6: use NFPROTO values for NF_HOOK invocation 2010-03-25 16:00:49 +01:00
xfrm6_mode_beet.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
xfrm6_output.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
xfrm6_policy.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
xfrm6_state.c net: remove ipv6_addr_copy() 2011-11-22 16:43:32 -05:00
xfrm6_tunnel.c ipv6: Fix return of xfrm6_tunnel_rcv() 2011-05-24 01:11:51 -04:00