malhuda/msm-4.14
1
0
Fork 0
mirror of https://github.com/rd-stuffs/msm-4.14.git synced 2025-02-20 11:45:48 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity
msm-4.14/net/netfilter
History
Florian Westphal b0e56e3c56 netfilter: nat: can't use dst_hold on noref dst 
[ Upstream commit 542fbda0f08f1cbbc250f9e59f7537649651d0c8 ]

The dst entry might already have a zero refcount, waiting on rcu list
to be free'd.  Using dst_hold() transitions its reference count to 1, and
next dst release will try to free it again -- resulting in a double free:

  WARNING: CPU: 1 PID: 0 at include/net/dst.h:239 nf_xfrm_me_harder+0xe7/0x130 [nf_nat]
  RIP: 0010:nf_xfrm_me_harder+0xe7/0x130 [nf_nat]
  Code: 48 8b 5c 24 60 65 48 33 1c 25 28 00 00 00 75 53 48 83 c4 68 5b 5d 41 5c c3 85 c0 74 0d 8d 48 01 f0 0f b1 0a 74 86 85 c0 75 f3 <0f> 0b e9 7b ff ff ff 29 c6 31 d2 b9 20 00 48 00 4c 89 e7 e8 31 27
  Call Trace:
  nf_nat_ipv4_out+0x78/0x90 [nf_nat_ipv4]
  nf_hook_slow+0x36/0xd0
  ip_output+0x9f/0xd0
  ip_forward+0x328/0x440
  ip_rcv+0x8a/0xb0

Use dst_hold_safe instead and bail out if we cannot take a reference.

Fixes: a4c2fd7f7891 ("net: remove DST_NOCACHE flag")
Reported-by: Martin Zaharinov <micron10@gmail.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2019-01-13 10:00:58 +01:00
..
ipset
netfilter: ipset: do not call ipset_nest_end after nla_nest_cancel
2019-01-13 10:00:58 +01:00
ipvs
ipvs: call ip_vs_dst_notifier earlier than ipv6_dev_notf
2018-12-17 09:28:51 +01:00
core.c
netfilter: core: remove erroneous warn_on
2017-09-08 18:55:52 +02:00
Kconfig
netfilter: nf_tables: add fib expression to the netdev family
2017-07-31 19:01:40 +02:00
Makefile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
nf_conntrack_acct.c
netfilter: conntrack: mark extension structs as const
2017-04-26 09:30:22 +02:00
nf_conntrack_amanda.c
netfilter: use nf_conntrack_helpers_register when possible
2017-06-19 19:13:21 +02:00
nf_conntrack_broadcast.c
netfilter: Remove duplicated rcu_read_lock.
2017-07-24 13:24:46 +02:00
nf_conntrack_core.c
netfilter: conntrack: fix calculation of next bucket number in early_drop
2018-11-21 09:24:09 +01:00
nf_conntrack_ecache.c
netfilter: conntrack: mark extension structs as const
2017-04-26 09:30:22 +02:00
nf_conntrack_expect.c
net: Replace NF_CT_ASSERT() with WARN_ON().
2017-09-04 13:25:19 +02:00
nf_conntrack_extend.c
net: Replace NF_CT_ASSERT() with WARN_ON().
2017-09-04 13:25:19 +02:00
nf_conntrack_ftp.c
netfilter: helpers: remove data_len usage for inkernel helpers
2017-04-19 17:55:17 +02:00
nf_conntrack_h323_asn1.c
netfilter: nf_conntrack_h323: fix off-by-one in DecodeQ931
2016-07-11 12:32:45 +02:00
nf_conntrack_h323_main.c
netfilter: use nf_conntrack_helpers_register when possible
2017-06-19 19:13:21 +02:00
nf_conntrack_h323_types.c
nf_conntrack_helper.c
netfilter: nf_ct_helper: Fix possible panic after nf_conntrack_helper_unregister
2018-08-24 13:08:57 +02:00
nf_conntrack_irc.c
netfilter: helpers: remove data_len usage for inkernel helpers
2017-04-19 17:55:17 +02:00
nf_conntrack_l3proto_generic.c
netfilter: conntrack: place print_tuple in procfs part
2017-08-24 18:52:32 +02:00
nf_conntrack_labels.c
netfilter: conntrack: mark extension structs as const
2017-04-26 09:30:22 +02:00
nf_conntrack_netbios_ns.c
netfilter: helper: add build-time asserts for helper data size
2017-04-19 17:55:16 +02:00
nf_conntrack_netlink.c
netfilter: fix memory leaks on netlink_dump_start error
2018-09-15 09:45:28 +02:00
nf_conntrack_pptp.c
netfilter: Remove duplicated rcu_read_lock.
2017-07-24 13:24:46 +02:00
nf_conntrack_proto_dccp.c
netfilter: conntrack: dccp: treat SYNC/SYNCACK as invalid if no prior state
2018-08-24 13:09:22 +02:00
nf_conntrack_proto_generic.c
netfilter: remove unused hooknum arg from packet functions
2017-09-04 13:25:18 +02:00
nf_conntrack_proto_gre.c
netfilter: remove unused hooknum arg from packet functions
2017-09-04 13:25:18 +02:00
nf_conntrack_proto_sctp.c
netfilter: remove unused hooknum arg from packet functions
2017-09-04 13:25:18 +02:00
nf_conntrack_proto_tcp.c
netfilter: remove unused hooknum arg from packet functions
2017-09-04 13:25:18 +02:00
nf_conntrack_proto_udp.c
netfilter: remove unused hooknum arg from packet functions
2017-09-04 13:25:18 +02:00
nf_conntrack_proto.c
netfilter: conntrack: make protocol tracker pointers const
2017-08-24 18:52:33 +02:00
nf_conntrack_sane.c
netfilter: helpers: remove data_len usage for inkernel helpers
2017-04-19 17:55:17 +02:00
nf_conntrack_seqadj.c
netfilter: seqadj: re-load tcp header pointer after possible head reallocation
2019-01-13 10:00:57 +01:00
nf_conntrack_sip.c
netfilter: Remove duplicated rcu_read_lock.
2017-07-24 13:24:46 +02:00
nf_conntrack_snmp.c
nf_conntrack_standalone.c
net: Replace NF_CT_ASSERT() with WARN_ON().
2017-09-04 13:25:19 +02:00
nf_conntrack_tftp.c
netfilter: helpers: remove data_len usage for inkernel helpers
2017-04-19 17:55:17 +02:00
nf_conntrack_timeout.c
netfilter: conntrack: mark extension structs as const
2017-04-26 09:30:22 +02:00
nf_conntrack_timestamp.c
netfilter: conntrack: mark extension structs as const
2017-04-26 09:30:22 +02:00
nf_dup_netdev.c
netfilter: dup: resolve warnings about missing prototypes
2017-05-29 11:32:36 +02:00
nf_internals.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
nf_log_common.c
netfilter: nf_log: do not assume ethernet header in netdev family
2016-12-04 20:45:33 +01:00
nf_log_netdev.c
netfilter: nf_log: do not assume ethernet header in netdev family
2016-12-04 20:45:33 +01:00
nf_log.c
netfilter: nf_log: fix uninit read in nf_log_proc_dostring
2018-08-24 13:09:07 +02:00
nf_nat_amanda.c
netfilter: nat: nf_nat_mangle_{udp,tcp}_packet returns boolean
2017-04-06 22:01:38 +02:00
nf_nat_core.c
netfilter: nat: can't use dst_hold on noref dst
2019-01-13 10:00:58 +01:00
nf_nat_ftp.c
nf_nat_helper.c
netfilter: nat: nf_nat_mangle_{udp,tcp}_packet returns boolean
2017-04-06 22:01:38 +02:00
nf_nat_irc.c
netfilter: nat: nf_nat_mangle_{udp,tcp}_packet returns boolean
2017-04-06 22:01:38 +02:00
nf_nat_proto_common.c
netfilter: nat: cope with negative port range
2018-03-15 10:54:23 +01:00
nf_nat_proto_dccp.c
netfilter: built-in NAT support for DCCP
2016-12-04 20:45:30 +01:00
nf_nat_proto_sctp.c
sctp: remove the typedef sctp_sctphdr_t
2017-07-01 09:08:41 -07:00
nf_nat_proto_tcp.c
nf_nat_proto_udp.c
netfilter: nat: merge udp and udplite helpers
2017-01-03 14:33:25 +01:00
nf_nat_proto_unknown.c
nf_nat_redirect.c
net: Replace NF_CT_ASSERT() with WARN_ON().
2017-09-04 13:25:19 +02:00
nf_nat_sip.c
nf_nat_tftp.c
nf_queue.c
netfilter: convert hook list to an array
2017-08-28 17:44:00 +02:00
nf_sockopt.c
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
nf_synproxy_core.c
tcp: switch TCP TS option (RFC 7323) to 1ms clock
2017-05-17 16:06:01 -04:00
nf_tables_api.c
netfilter: nf_tables: deactivate expressions in rule replecement routine
2018-12-17 09:28:52 +01:00
nf_tables_core.c
netfilter: nf_tables: use WARN_ON_ONCE instead of BUG_ON in nft_do_chain()
2018-07-08 15:30:50 +02:00
nf_tables_inet.c
netfilter: Add the missed return value check of nft_register_chain_type
2016-09-12 19:54:45 +02:00
nf_tables_netdev.c
netfilter: nf_tables: add nft_is_base_chain() helper
2017-04-06 18:32:04 +02:00
nf_tables_trace.c
netfilter: nf_tables: Allow chain name of up to 255 chars
2017-07-31 20:41:57 +02:00
nfnetlink_acct.c
netfilter: fix memory leaks on netlink_dump_start error
2018-09-15 09:45:28 +02:00
nfnetlink_cthelper.c
netfilter: nfnetlink_cthelper: Add missing permission checks
2018-01-31 14:03:41 +01:00
nfnetlink_cttimeout.c
netfilter: conntrack: make protocol tracker pointers const
2017-08-24 18:52:33 +02:00
nfnetlink_log.c
netfilter: constify nf_loginfo structures
2017-08-02 14:25:59 +02:00
nfnetlink_queue.c
netfilter: nf_queue: augment nfqa_cfg_policy
2018-07-17 11:39:32 +02:00
nfnetlink.c
netfilter: nfnetlink: Improve input length sanitization in nfnetlink_rcv
2017-07-17 13:27:46 +02:00
nft_bitwise.c
netfilter: nf_tables: revisit chain/object refcounting from elements
2017-05-15 12:51:41 +02:00
nft_byteorder.c
netfilter: nf_tables: simplify the basic expressions' init routine
2016-11-09 23:42:23 +01:00
nft_cmp.c
netfilter: nf_tables: revisit chain/object refcounting from elements
2017-05-15 12:51:41 +02:00
nft_compat.c
netfilter: nf_tables: fix use-after-free when deleting compat expressions
2018-12-17 09:28:48 +01:00
nft_counter.c
netfilter: nf_tables: add select_ops for stateful objects
2017-09-04 13:25:09 +02:00
nft_ct.c
netfilter: nf_tables: fix NULL pointer dereference on nft_ct_helper_obj_dump()
2018-06-16 09:45:14 +02:00
nft_dup_netdev.c
nft_dynset.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf
2017-05-03 10:11:26 -04:00
nft_exthdr.c
netfilter: fix a few (harmless) sparse warnings
2017-08-28 17:42:56 +02:00
nft_fib_inet.c
netfilter: nf_tables: use hook state from xt_action_param structure
2016-11-03 11:52:34 +01:00
nft_fib_netdev.c
netfilter: nf_tables: add fib expression to the netdev family
2017-07-31 19:01:40 +02:00
nft_fib.c
netfilter: nft_fib: Support existence check
2017-03-13 13:45:36 +01:00
nft_fwd_netdev.c
netfilter: add and use nf_fwd_netdev_egress
2016-12-06 21:48:22 +01:00
nft_hash.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2017-05-01 10:47:53 -04:00
nft_immediate.c
netfilter: nf_tables: bogus EBUSY in chain deletions
2018-07-08 15:30:49 +02:00
nft_limit.c
netfilter: nft_limit: fix packet ratelimiting
2018-07-08 15:30:51 +02:00
nft_log.c
netfilter: nft_log: restrict the log prefix length to 127
2017-01-24 21:46:29 +01:00
nft_lookup.c
netfilter: nf_tables: add nft_set_lookup()
2017-03-06 18:23:23 +01:00
nft_masq.c
netfilter: nf_tables: validate the expr explicitly after init successfully
2017-03-06 18:22:12 +01:00
nft_meta.c
netfilter: nft_meta: fix wrong value dereference in nft_meta_set_eval
2018-07-08 15:30:49 +02:00
nft_nat.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-03-23 16:41:27 -07:00
nft_numgen.c
netfilter: Remove exceptional & on function name
2017-04-07 18:24:47 +02:00
nft_objref.c
netfilter: nf_tables: add select_ops for stateful objects
2017-09-04 13:25:09 +02:00
nft_payload.c
netfilter: fix a few (harmless) sparse warnings
2017-08-28 17:42:56 +02:00
nft_queue.c
netfilter: Remove exceptional & on function name
2017-04-07 18:24:47 +02:00
nft_quota.c
netfilter: nf_tables: add select_ops for stateful objects
2017-09-04 13:25:09 +02:00
nft_range.c
netfilter: nf_tables: revisit chain/object refcounting from elements
2017-05-15 12:51:41 +02:00
nft_redir.c
netfilter: nf_tables: validate the expr explicitly after init successfully
2017-03-06 18:22:12 +01:00
nft_reject_inet.c
netfilter: nf_tables: validate the expr explicitly after init successfully
2017-03-06 18:22:12 +01:00
nft_reject.c
netfilter: nf_tables: validate the expr explicitly after init successfully
2017-03-06 18:22:12 +01:00
nft_rt.c
netfilter: rt: account for tcp header size too
2017-08-28 18:14:30 +02:00
nft_set_bitmap.c
netfilter: nf_tables: pass set description to ->privsize
2017-05-29 12:46:18 +02:00
nft_set_hash.c
netfilter: nft_set_hash: add rcu_barrier() in the nft_rhash_destroy()
2018-09-05 09:26:27 +02:00
nft_set_rbtree.c
netfilter: nft_set_rbtree: use seqcount to avoid lock in most cases
2017-07-31 20:41:59 +02:00
x_tables.c
netfilter: x_tables: limit allocation requests for blob rule heads
2018-04-26 11:02:21 +02:00
xt_addrtype.c
netfilter: Remove duplicated rcu_read_lock.
2017-07-24 13:24:46 +02:00
xt_AUDIT.c
audit: normalize NETFILTER_PKT
2017-05-02 10:16:04 -04:00
xt_bpf.c
netfilter: xt_bpf: add overflow checks
2018-02-25 11:08:01 +01:00
xt_cgroup.c
netfilter: xt_cgroup: initialize info->priv in cgroup_mt_check_v1()
2018-02-25 11:07:50 +01:00
xt_CHECKSUM.c
xt_CLASSIFY.c
xt_cluster.c
netfilter: xt_cluster: add dependency on conntrack module
2018-10-10 08:54:23 +02:00
xt_comment.c
xt_connbytes.c
netfilter: add and use nf_ct_netns_get/put
2016-12-04 21:16:50 +01:00
xt_connlabel.c
netfilter: remove nf_ct_is_untracked
2017-04-15 11:51:33 +02:00
xt_connlimit.c
netfilter: nf_conncount: don't skip eviction when age is negative
2019-01-09 17:14:51 +01:00
xt_connmark.c
netfilter: remove nf_ct_is_untracked
2017-04-15 11:51:33 +02:00
xt_CONNSECMARK.c
netfilter: add and use nf_ct_netns_get/put
2016-12-04 21:16:50 +01:00
xt_conntrack.c
netfilter: kill the fake untracked conntrack objects
2017-04-15 11:47:57 +02:00
xt_cpu.c
xt_CT.c
netfilter: conntrack: make protocol tracker pointers const
2017-08-24 18:52:33 +02:00
xt_dccp.c
xt_devgroup.c
netfilter: x_tables: move hook state into xt_action_param structure
2016-11-03 10:56:21 +01:00
xt_dscp.c
netfilter: x_tables: move hook state into xt_action_param structure
2016-11-03 10:56:21 +01:00
xt_DSCP.c
xt_ecn.c
xt_esp.c
xt_hashlimit.c
netfilter: xt_hashlimit: fix a possible memory leak in htable_create()
2018-12-17 09:28:49 +01:00
xt_helper.c
netfilter: add and use nf_ct_netns_get/put
2016-12-04 21:16:50 +01:00
xt_hl.c
xt_HL.c
xt_HMARK.c
netfilter: remove nf_ct_is_untracked
2017-04-15 11:51:33 +02:00
xt_IDLETIMER.c
netfilter: xt_IDLETIMER: add sysfs filename checking routine
2018-11-27 16:10:48 +01:00
xt_ipcomp.c
netfilter: xt_ipcomp: add "ip[6]t_ipcomp" module alias name
2016-10-17 17:38:19 +02:00
xt_iprange.c
xt_ipvs.c
netfilter: remove nf_ct_is_untracked
2017-04-15 11:51:33 +02:00
xt_l2tp.c
xt_LED.c
netfilter: x_tables: fix pointer leaks to userspace
2018-04-26 11:02:13 +02:00
xt_length.c
xt_limit.c
netfilter: x_tables: fix pointer leaks to userspace
2018-04-26 11:02:13 +02:00
xt_LOG.c
netfilter: x_tables: move hook state into xt_action_param structure
2016-11-03 10:56:21 +01:00
xt_mac.c
xt_mark.c
xt_multiport.c
netfilter: xt_multiport: Fix wrong unmatch result with multiple ports
2016-12-06 21:48:20 +01:00
xt_nat.c
net: Replace NF_CT_ASSERT() with WARN_ON().
2017-09-04 13:25:19 +02:00
xt_NETMAP.c
net: Replace NF_CT_ASSERT() with WARN_ON().
2017-09-04 13:25:19 +02:00
xt_nfacct.c
netfilter: x_tables: fix pointer leaks to userspace
2018-04-26 11:02:13 +02:00
xt_NFLOG.c
netfilter: x_tables: move hook state into xt_action_param structure
2016-11-03 10:56:21 +01:00
xt_NFQUEUE.c
netfilter: x_tables: move hook state into xt_action_param structure
2016-11-03 10:56:21 +01:00
xt_osf.c
netfilter: xt_osf: Add missing permission checks
2018-01-31 14:03:41 +01:00
xt_owner.c
sched/headers: Prepare to remove <linux/cred.h> inclusion from <linux/sched.h>
2017-03-02 08:42:31 +01:00
xt_physdev.c
netfilter: physdev: add missed blank
2016-08-12 00:42:14 +02:00
xt_pkttype.c
netfilter: pkttype: unnecessary to check ipv6 multicast address
2017-01-18 20:32:43 +01:00
xt_policy.c
netfilter: x_tables: move hook state into xt_action_param structure
2016-11-03 10:56:21 +01:00
xt_quota.c
xtables: extend matches and targets with .usersize
2017-01-09 17:24:55 +01:00
xt_rateest.c
xtables: extend matches and targets with .usersize
2017-01-09 17:24:55 +01:00
xt_RATEEST.c
netfilter: xt_RATEEST: acquire xt_rateest_mutex for hash insert
2018-02-25 11:07:50 +01:00
xt_realm.c
xt_recent.c
netfilter: x_tables: add and use xt_check_proc_name
2018-04-08 14:26:29 +02:00
xt_REDIRECT.c
netfilter: nat: add dependencies on conntrack module
2016-12-04 21:16:51 +01:00
xt_repldata.h
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
xt_sctp.c
sctp: remove the typedef sctp_chunkhdr_t
2017-07-01 09:08:41 -07:00
xt_SECMARK.c
xt_set.c
netfilter: ipset: Improve skbinfo get/init helpers
2016-11-10 13:28:42 +01:00
xt_socket.c
netfilter: xt_socket: Restore mark from full sockets only
2017-09-26 20:04:34 +02:00
xt_state.c
netfilter: kill the fake untracked conntrack objects
2017-04-15 11:47:57 +02:00
xt_statistic.c
netfilter: x_tables: fix pointer leaks to userspace
2018-04-26 11:02:13 +02:00
xt_string.c
xtables: extend matches and targets with .usersize
2017-01-09 17:24:55 +01:00
xt_tcpmss.c
xt_TCPMSS.c
netfilter: Remove duplicated rcu_read_lock.
2017-07-24 13:24:46 +02:00
xt_TCPOPTSTRIP.c
xt_tcpudp.c
netfilter: Convert FWINV<[foo]> macros and uses to NF_INVF
2016-07-03 10:55:07 +02:00
xt_TEE.c
xtables: extend matches and targets with .usersize
2017-01-09 17:24:55 +01:00
xt_time.c
ktime: Get rid of the union
2016-12-25 17:21:22 +01:00
xt_TPROXY.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next
2017-09-03 17:08:42 -07:00
xt_TRACE.c
netfilter: xt_TRACE: add explicitly nf_logger_find_get call
2016-06-23 13:26:49 +02:00
xt_u32.c