system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-10-11 13:55:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/include
History
Florian Westphal 5173bc679d netfilter: nat: fix crash when conntrack entry is re-used 
Stas Nichiporovich reports oops in nf_nat_bysource_cmp(), trying to
access nf_conn struct at address 0xffffffffffffff50.

This is the result of fetching a null rhash list (struct embedded at
offset 176; 0 - 176 gets us ...fff50).

The problem is that conntrack entries are allocated from a
SLAB_DESTROY_BY_RCU cache, i.e. entries can be free'd and reused
on another cpu while nf nat bysource hash access the same conntrack entry.

Freeing is fine (we hold rcu read lock); zeroing rhlist_head isn't.

-> Move the rhlist struct outside of the memset()-inited area.

Fixes: 7c96643519 ("netfilter: move nat hlist_head to nf_conn")
Reported-by: Stas Nichiporovich <stasn77@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
2016-11-24 14:43:35 +01:00
..
acpi Merge branches 'acpica-fixes', 'acpi-cppc-fixes' and 'acpi-tools-fixes' 2016-11-18 21:34:42 +01:00
asm-generic mm: kmemleak: scan .data.ro_after_init 2016-11-11 08:12:37 -08:00
clocksource
crypto Merge git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2016-10-10 11:19:47 +08:00
drm drm: Don't force all planes to be added to the state due to zpos 2016-10-26 18:48:05 +02:00
dt-bindings Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/rzhang/linux 2016-10-12 11:05:23 -07:00
keys
kvm
linux netdevice.h: fix kernel-doc warning 2016-11-23 20:18:36 -05:00
math-emu
media
memory
misc
net netfilter: nat: fix crash when conntrack entry is re-used 2016-11-24 14:43:35 +01:00
pcmcia
ras
rdma Merge of primary rdma-core code for 4.9 2016-10-09 17:04:33 -07:00
rxrpc
scsi
soc powerpc updates for 4.9 #2 2016-10-14 11:07:42 -07:00
sound
target target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE 2016-10-19 21:22:32 -07:00
trace Merge branch 'for-4.9' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/cgroup 2016-10-14 12:18:50 -07:00
uapi KVM fixes for v4.9-rc6 2016-11-19 13:31:40 -08:00
video fbdev changes for 4.9 2016-10-12 11:01:37 -07:00
xen
Kbuild