OpenE2K
/
linux
6
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
linux/include
History
Eric Dumazet f1712c7371 can: Fix kernel panic at security_sock_rcv_skb 
Zhang Yanmin reported crashes [1] and provided a patch adding a
synchronize_rcu() call in can_rx_unregister()

The main problem seems that the sockets themselves are not RCU
protected.

If CAN uses RCU for delivery, then sockets should be freed only after
one RCU grace period.

Recent kernels could use sock_set_flag(sk, SOCK_RCU_FREE), but let's
ease stable backports with the following fix instead.

[1]
BUG: unable to handle kernel NULL pointer dereference at (null)
IP: [<ffffffff81495e25>] selinux_socket_sock_rcv_skb+0x65/0x2a0

Call Trace:
 <IRQ>
 [<ffffffff81485d8c>] security_sock_rcv_skb+0x4c/0x60
 [<ffffffff81d55771>] sk_filter+0x41/0x210
 [<ffffffff81d12913>] sock_queue_rcv_skb+0x53/0x3a0
 [<ffffffff81f0a2b3>] raw_rcv+0x2a3/0x3c0
 [<ffffffff81f06eab>] can_rcv_filter+0x12b/0x370
 [<ffffffff81f07af9>] can_receive+0xd9/0x120
 [<ffffffff81f07beb>] can_rcv+0xab/0x100
 [<ffffffff81d362ac>] __netif_receive_skb_core+0xd8c/0x11f0
 [<ffffffff81d36734>] __netif_receive_skb+0x24/0xb0
 [<ffffffff81d37f67>] process_backlog+0x127/0x280
 [<ffffffff81d36f7b>] net_rx_action+0x33b/0x4f0
 [<ffffffff810c88d4>] __do_softirq+0x184/0x440
 [<ffffffff81f9e86c>] do_softirq_own_stack+0x1c/0x30
 <EOI>
 [<ffffffff810c76fb>] do_softirq.part.18+0x3b/0x40
 [<ffffffff810c8bed>] do_softirq+0x1d/0x20
 [<ffffffff81d30085>] netif_rx_ni+0xe5/0x110
 [<ffffffff8199cc87>] slcan_receive_buf+0x507/0x520
 [<ffffffff8167ef7c>] flush_to_ldisc+0x21c/0x230
 [<ffffffff810e3baf>] process_one_work+0x24f/0x670
 [<ffffffff810e44ed>] worker_thread+0x9d/0x6f0
 [<ffffffff810e4450>] ? rescuer_thread+0x480/0x480
 [<ffffffff810ebafc>] kthread+0x12c/0x150
 [<ffffffff81f9ccef>] ret_from_fork+0x3f/0x70

Reported-by: Zhang Yanmin <yanmin.zhang@intel.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2017-01-29 18:30:56 -05:00
..
acpi More ACPI updates for v4.10-rc1 2016-12-22 10:19:32 -08:00
asm-generic asm-prototypes: Clear any CPP defines before declaring the functions 2017-01-05 12:57:42 +01:00
clocksource
crypto This pull contains one set of changes: a conversion of the crypto DocBook 2016-12-17 16:00:34 -08:00
drm Merge tag 'drm-misc-fixes-2017-01-23' of git://anongit.freedesktop.org/git/drm-misc into drm-fixes 2017-01-27 10:16:56 +10:00
dt-bindings dt-bindings: mfd: Remove TPS65217 interrupts 2016-12-27 10:06:00 -08:00
keys
kvm KVM: arm64: Access CNTHCTL_EL2 bit fields correctly on VHE systems 2017-01-13 11:19:25 +00:00
linux can: Fix kernel panic at security_sock_rcv_skb 2017-01-29 18:30:56 -05:00
math-emu
media
memory
misc
net tcp: don't annotate mark on control socket from tcp_v6_send_response() 2017-01-27 10:33:56 -05:00
pcmcia
ras
rdma RDMA/core: Add the function ib_mtu_int_to_enum 2017-01-24 15:34:22 -05:00
rxrpc
scsi Merge remote-tracking branch 'mkp-scsi/fixes' into fixes 2017-01-17 17:32:54 -05:00
soc powerpc updates for 4.10 2016-12-16 09:26:42 -08:00
sound Merge remote-tracking branches 'asoc/fix/arizona', 'asoc/fix/dpcm', 'asoc/fix/dwc', 'asoc/fix/fsl-ssi' and 'asoc/fix/hdmi-codec' into asoc-linus 2017-01-10 10:47:50 +00:00
target target: add XCOPY target/segment desc sense codes 2017-01-10 08:40:32 -08:00
trace Merge branch 'for-linus-4.10' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/linux-btrfs 2017-01-13 17:40:22 -08:00
uapi Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2017-01-27 12:54:16 -08:00
video
xen
Kbuild