| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20110601080324.779067404@blue.kroah.org> Date: Wed, 01 Jun 2011 16:59:59 +0900 From: Greg KH <gregkh@...e.de> To: linux-kernel@...r.kernel.org, stable@...nel.org Cc: stable-review@...nel.org, torvalds@...ux-foundation.org, akpm@...ux-foundation.org, alan@...rguk.ukuu.org.uk, Eric Dumazet <eric.dumazet@...il.com>, Stephen Hemminger <shemminger@...tta.com>, "David S. Miller" <davem@...emloft.net>, Greg Kroah-Hartman <gregkh@...e.de> Subject: [063/146] net: add skb_dst_force() in sock_queue_err_skb() 2.6.38-stable review patch. If anyone has any objections, please let us know. ------------------ From: Eric Dumazet <eric.dumazet@...il.com> [ Upstream commit abb57ea48fd9431fa320a5c55f73e6b5a44c2efb ] Commit 7fee226ad239 (add a noref bit on skb dst) forgot to use skb_dst_force() on packets queued in sk_error_queue This triggers following warning, for applications using IP_CMSG_PKTINFO receiving one error status ------------[ cut here ]------------ WARNING: at include/linux/skbuff.h:457 ip_cmsg_recv_pktinfo+0xa6/0xb0() Hardware name: 2669UYD Modules linked in: isofs vboxnetadp vboxnetflt nfsd ebtable_nat ebtables lib80211_crypt_ccmp uinput xcbc hdaps tp_smapi thinkpad_ec radeonfb fb_ddc radeon ttm drm_kms_helper drm ipw2200 intel_agp intel_gtt libipw i2c_algo_bit i2c_i801 agpgart rng_core cfbfillrect cfbcopyarea cfbimgblt video raid10 raid1 raid0 linear md_mod vboxdrv Pid: 4697, comm: miredo Not tainted 2.6.39-rc6-00569-g5895198-dirty #22 Call Trace: [<c17746b6>] ? printk+0x1d/0x1f [<c1058302>] warn_slowpath_common+0x72/0xa0 [<c15bbca6>] ? ip_cmsg_recv_pktinfo+0xa6/0xb0 [<c15bbca6>] ? ip_cmsg_recv_pktinfo+0xa6/0xb0 [<c1058350>] warn_slowpath_null+0x20/0x30 [<c15bbca6>] ip_cmsg_recv_pktinfo+0xa6/0xb0 [<c15bbdd7>] ip_cmsg_recv+0x127/0x260 [<c154f82d>] ? skb_dequeue+0x4d/0x70 [<c1555523>] ? skb_copy_datagram_iovec+0x53/0x300 [<c178e834>] ? sub_preempt_count+0x24/0x50 [<c15bdd2d>] ip_recv_error+0x23d/0x270 [<c15de554>] udp_recvmsg+0x264/0x2b0 [<c15ea659>] inet_recvmsg+0xd9/0x130 [<c1547752>] sock_recvmsg+0xf2/0x120 [<c11179cb>] ? might_fault+0x4b/0xa0 [<c15546bc>] ? verify_iovec+0x4c/0xc0 [<c1547660>] ? sock_recvmsg_nosec+0x100/0x100 [<c1548294>] __sys_recvmsg+0x114/0x1e0 [<c1093895>] ? __lock_acquire+0x365/0x780 [<c1148b66>] ? fget_light+0xa6/0x3e0 [<c1148b7f>] ? fget_light+0xbf/0x3e0 [<c1148aee>] ? fget_light+0x2e/0x3e0 [<c1549f29>] sys_recvmsg+0x39/0x60 Close bug https://bugzilla.kernel.org/show_bug.cgi?id=34622 Reported-by: Witold Baryluk <baryluk@....if.uj.edu.pl> Signed-off-by: Eric Dumazet <eric.dumazet@...il.com> CC: Stephen Hemminger <shemminger@...tta.com> Signed-off-by: David S. Miller <davem@...emloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@...e.de> --- net/core/skbuff.c | 3 +++ 1 file changed, 3 insertions(+) --- a/net/core/skbuff.c +++ b/net/core/skbuff.c @@ -2997,6 +2997,9 @@ int sock_queue_err_skb(struct sock *sk, skb->destructor = sock_rmem_free; atomic_add(skb->truesize, &sk->sk_rmem_alloc); + /* before exiting rcu section, make sure dst is refcounted */ + skb_dst_force(skb); + skb_queue_tail(&sk->sk_error_queue, skb); if (!sock_flag(sk, SOCK_DEAD)) sk->sk_data_ready(sk, skb->len); -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists