redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/net/bridge
History
Linus Lüssing a516993f0a net: fix wrong skb_get() usage / crash in IGMP/MLD parsing code 
The recent refactoring of the IGMP and MLD parsing code into
ipv6_mc_check_mld() / ip_mc_check_igmp() introduced a potential crash /
BUG() invocation for bridges:

I wrongly assumed that skb_get() could be used as a simple reference
counter for an skb which is not the case. skb_get() bears additional
semantics, a user count. This leads to a BUG() invocation in
pskb_expand_head() / kernel panic if pskb_may_pull() is called on an skb
with a user count greater than one - unfortunately the refactoring did
just that.

Fixing this by removing the skb_get() call and changing the API: The
caller of ipv6_mc_check_mld() / ip_mc_check_igmp() now needs to
additionally check whether the returned skb_trimmed is a clone.

Fixes: 9afd85c9e4 ("net: Export IGMP/MLD message validation code")
Reported-by: Brenden Blanco <bblanco@plumgrid.com>
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Acked-by: Alexei Starovoitov <ast@plumgrid.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2015-08-13 17:08:39 -07:00
..
netfilter Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-06-24 16:49:49 -07:00
Kconfig bridge: Add vlan filtering infrastructure 2013-02-13 19:41:46 -05:00
Makefile netfilter: bridge: split ipv6 code into separated file 2015-06-18 21:14:21 +02:00
br.c switchdev: s/netdev_switch_/switchdev_/ and s/NETDEV_SWITCH_/SWITCHDEV_/ 2015-05-12 18:43:52 -04:00
br_device.c netfilter: bridge: use rcu hook to resolve br_netfilter dependency 2015-03-10 15:03:02 +01:00
br_fdb.c bridge: vlan: flush the dynamically learned entries on port vlan delete 2015-06-24 05:40:55 -07:00
br_forward.c bridge: Fix network header pointer for vlan tagged packets 2015-07-29 12:20:16 -07:00
br_if.c bridge: vlan: flush the dynamically learned entries on port vlan delete 2015-06-24 05:40:55 -07:00
br_input.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
br_ioctl.c bridge: fix br_stp_set_bridge_priority race conditions 2015-06-18 03:29:47 -07:00
br_mdb.c bridge: mdb: fix delmdb state in the notification 2015-07-29 15:02:30 -07:00
br_multicast.c net: fix wrong skb_get() usage / crash in IGMP/MLD parsing code 2015-08-13 17:08:39 -07:00
br_netfilter_hooks.c netfilter: bridge: don't leak skb in error paths 2015-07-02 17:59:26 +02:00
br_netfilter_ipv6.c netfilter: bridge: Use __in6_dev_get rather than in6_dev_get in br_validate_ipv6 2015-07-08 11:02:16 +02:00
br_netlink.c bridge: netlink: account for the IFLA_BRPORT_PROXYARP_WIFI attribute size and policy 2015-08-06 23:54:42 -07:00
br_nf_core.c net: Remove protocol from struct dst_ops 2015-03-09 16:06:10 -04:00
br_private.h bridge: vlan: flush the dynamically learned entries on port vlan delete 2015-06-24 05:40:55 -07:00
br_private_stp.h net: 8021q/bluetooth/bridge/can/ceph: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
br_stp.c bridge: stp: when using userspace stp stop kernel hello and hold timers 2015-07-28 23:33:20 -07:00
br_stp_bpdu.c netfilter: Pass socket pointer down through okfn(). 2015-04-07 15:25:55 -04:00
br_stp_if.c bridge: stp: when using userspace stp stop kernel hello and hold timers 2015-07-28 23:33:20 -07:00
br_stp_timer.c bridge: stp: when using userspace stp stop kernel hello and hold timers 2015-07-28 23:33:20 -07:00
br_sysfs_br.c bridge: Add a default_pvid sysfs attribute 2014-10-05 21:21:36 -04:00
br_sysfs_if.c bridge: vlan: flush the dynamically learned entries on port vlan delete 2015-06-24 05:40:55 -07:00
br_vlan.c bridge: vlan: flush the dynamically learned entries on port vlan delete 2015-06-24 05:40:55 -07:00