qiurui
/
Centos-kernel-stream-9
mirror of https://gitlab.com/redhat/centos-stream/src/kernel/centos-stream-9.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Centos-kernel-stream-9/net/ipv6
History
CKI Backport Bot 30b315f5ee ipv6: prevent possible UAF in ip6_xmit() 
JIRA: https://issues.redhat.com/browse/RHEL-60232

commit 2d5ff7e339d04622d8282661df36151906d0e1c7
Author: Eric Dumazet <edumazet@google.com>
Date:   Tue Aug 20 16:08:59 2024 +0000

    ipv6: prevent possible UAF in ip6_xmit()

    If skb_expand_head() returns NULL, skb has been freed
    and the associated dst/idev could also have been freed.

    We must use rcu_read_lock() to prevent a possible UAF.

    Fixes: 0c9f227bee11 ("ipv6: use skb_expand_head in ip6_xmit")
    Signed-off-by: Eric Dumazet <edumazet@google.com>
    Cc: Vasily Averin <vasily.averin@linux.dev>
    Reviewed-by: David Ahern <dsahern@kernel.org>
    Link: https://patch.msgid.link/20240820160859.3786976-4-edumazet@google.com
    Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Signed-off-by: CKI Backport Bot <cki-ci-bot+cki-gitlab-backport-bot@redhat.com>
 		2024-09-26 07:12:35 +00:00
..
ila
netfilter Merge: nftables: backport changes to allow rpfilter in INPUT and FORWARD chains 2024-07-16 19:44:12 +00:00
Kconfig
Makefile
addrconf.c ipv6: lower "link become ready"'s level message 2024-09-26 07:12:27 +00:00
addrconf_core.c ipv6: Ensure natural alignment of const ipv6 loopback and router addresses 2024-04-18 16:09:54 +08:00
addrlabel.c
af_inet6.c Merge: [RHEL9.5 P1] IPv6: stable backport from upstream 2024-05-16 13:20:33 +00:00
ah6.c
anycast.c
calipso.c
datagram.c
esp6.c net: esp: fix bad handling of pages from page_pool 2024-04-11 10:04:27 +02:00
esp6_offload.c
exthdrs.c seg6: Cleanup duplicates of skb_dst_drop calls 2024-04-02 14:23:42 +08:00
exthdrs_core.c
exthdrs_offload.c
fib6_notifier.c
fib6_rules.c Merge: net: ease rtnl contention in cleanup paths 2024-07-04 12:25:29 +00:00
fou6.c
icmp.c
inet6_connection_sock.c
inet6_hashtables.c
ip6_checksum.c
ip6_fib.c ipv6: fib: hide unused 'pn' variable 2024-09-26 07:12:29 +00:00
ip6_flowlabel.c
ip6_gre.c Merge: net: ease rtnl contention in cleanup paths 2024-07-04 12:25:29 +00:00
ip6_icmp.c
ip6_input.c
ip6_offload.c net-next: gro: Fix use of skb_gro_header_slow 2024-05-17 11:06:44 +02:00
ip6_offload.h
ip6_output.c ipv6: prevent possible UAF in ip6_xmit() 2024-09-26 07:12:35 +00:00
ip6_tunnel.c Merge: net: ease rtnl contention in cleanup paths 2024-07-04 12:25:29 +00:00
ip6_udp_tunnel.c ipv6: mark address parameters of udp_tunnel6_xmit_skb() as const 2024-06-11 11:22:51 +02:00
ip6_vti.c Merge: net: ease rtnl contention in cleanup paths 2024-07-04 12:25:29 +00:00
ip6mr.c ip6mr: introduce ip6mr_net_exit_batch() 2024-05-28 15:24:05 +02:00
ipcomp6.c
ipv6_sockglue.c
mcast.c ipv6: mcast: remove one synchronize_net() barrier in ipv6_mc_down() 2024-04-18 16:09:55 +08:00
mcast_snoop.c
mip6.c
ndisc.c
netfilter.c netfilter: Use flowlabel flow key when re-routing mangled packets 2024-08-07 18:40:02 +02:00
output_core.c
ping.c inet: preserve const qualifier in inet_sk() 2024-07-16 17:29:40 +02:00
proc.c
protocol.c
raw.c net: raw: use sk_skb_reason_drop to free rx packets 2024-07-16 17:29:42 +02:00
reassembly.c net: ipv6: fix wrong start position when receive hop-by-hop fragment 2024-07-02 13:45:42 +08:00
route.c Merge: net: fix __dst_negative_advice() race 2024-08-02 10:38:22 -04:00
rpl.c
rpl_iptunnel.c
seg6.c ipv6: sr: restruct ifdefines 2024-09-26 07:12:30 +00:00
seg6_hmac.c ipv6: sr: fix memleak in seg6_hmac_init_algo 2024-05-22 09:26:56 +08:00
seg6_iptunnel.c ipv6: sr: block BH in seg6_output_core() and seg6_input_core() 2024-09-26 07:12:31 +00:00
seg6_local.c seg6: fix parameter passing when calling NF_HOOK() in End.DX4 and End.DX6 behaviors 2024-07-02 13:57:07 +08:00
sit.c Merge: net: ease rtnl contention in cleanup paths 2024-07-04 12:25:29 +00:00
syncookies.c tcp: use sk_skb_reason_drop to free rx packets 2024-07-16 17:29:42 +02:00
sysctl_net_ipv6.c
tcp_ipv6.c tcp: annotate data-races around tw->tw_ts_recent and tw->tw_ts_recent_stamp 2024-08-21 16:55:25 +02:00
tcpv6_offload.c
tunnel6.c
udp.c udp: use sk_skb_reason_drop to free rx packets 2024-07-16 17:29:42 +02:00
udp_impl.h
udp_offload.c udp: do not transition UDP GRO fraglist partial checksums to unnecessary 2024-03-29 13:55:07 +01:00
udplite.c ipv6: remove hard coded limitation on ipv6_pinfo 2024-04-02 17:50:46 +08:00
xfrm6_input.c
xfrm6_output.c
xfrm6_policy.c xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() 2024-07-15 13:14:55 +00:00
xfrm6_protocol.c
xfrm6_state.c
xfrm6_tunnel.c