lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 18 Sep 2017 11:11:12 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-kernel@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>, stable@...r.kernel.org, Jianlin Shi <jishi@...hat.com>, Xin Long <lucien.xin@...il.com>, Hannes Frederic Sowa <hannes@...essinduktion.org>, "David S. Miller" <davem@...emloft.net> Subject: [PATCH 4.12 18/52] ipv6: set dst.obsolete when a cached route has expired 4.12-stable review patch. If anyone has any objections, please let me know. ------------------ From: Xin Long <lucien.xin@...il.com> [ Upstream commit 1e2ea8ad37be25a7cdcc974945935829d534d5d3 ] Now it doesn't check for the cached route expiration in ipv6's dst_ops->check(), because it trusts dst_gc that would clean the cached route up when it's expired. The problem is in dst_gc, it would clean the cached route only when it's refcount is 1. If some other module (like xfrm) keeps holding it and the module only release it when dst_ops->check() fails. But without checking for the cached route expiration, .check() may always return true. Meanwhile, without releasing the cached route, dst_gc couldn't del it. It will cause this cached route never to expire. This patch is to set dst.obsolete with DST_OBSOLETE_KILL in .gc when it's expired, and check obsolete != DST_OBSOLETE_FORCE_CHK in .check. Note that this is even needed when ipv6 dst_gc timer is removed one day. It would set dst.obsolete in .redirect and .update_pmtu instead, and check for cached route expiration when getting it, just like what ipv4 route does. Reported-by: Jianlin Shi <jishi@...hat.com> Signed-off-by: Xin Long <lucien.xin@...il.com> Acked-by: Hannes Frederic Sowa <hannes@...essinduktion.org> Signed-off-by: David S. Miller <davem@...emloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org> --- net/ipv6/ip6_fib.c | 4 +++- net/ipv6/route.c | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) --- a/net/ipv6/ip6_fib.c +++ b/net/ipv6/ip6_fib.c @@ -1790,8 +1790,10 @@ static int fib6_age(struct rt6_info *rt, } gc_args->more++; } else if (rt->rt6i_flags & RTF_CACHE) { + if (time_after_eq(now, rt->dst.lastuse + gc_args->timeout)) + rt->dst.obsolete = DST_OBSOLETE_KILL; if (atomic_read(&rt->dst.__refcnt) == 0 && - time_after_eq(now, rt->dst.lastuse + gc_args->timeout)) { + rt->dst.obsolete == DST_OBSOLETE_KILL) { RT6_TRACE("aging clone %p\n", rt); return -1; } else if (rt->rt6i_flags & RTF_GATEWAY) { --- a/net/ipv6/route.c +++ b/net/ipv6/route.c @@ -444,7 +444,8 @@ static bool rt6_check_expired(const stru if (time_after(jiffies, rt->dst.expires)) return true; } else if (rt->dst.from) { - return rt6_check_expired((struct rt6_info *) rt->dst.from); + return rt->dst.obsolete != DST_OBSOLETE_FORCE_CHK || + rt6_check_expired((struct rt6_info *)rt->dst.from); } return false; }
Powered by blists - more mailing lists