linux/net/ipv4
subashab@codeaurora.org fc752f1f43 ping: Fix race in free in receive path
An exception is seen in ICMP ping receive path where the skb
destructor sock_rfree() tries to access a freed socket. This happens
because ping_rcv() releases socket reference with sock_put() and this
internally frees up the socket. Later icmp_rcv() will try to free the
skb and as part of this, skb destructor is called and which leads
to a kernel panic as the socket is freed already in ping_rcv().

-->|exception
-007|sk_mem_uncharge
-007|sock_rfree
-008|skb_release_head_state
-009|skb_release_all
-009|__kfree_skb
-010|kfree_skb
-011|icmp_rcv
-012|ip_local_deliver_finish

Fix this incorrect free by cloning this skb and processing this cloned
skb instead.

This patch was suggested by Eric Dumazet

Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Cc: Eric Dumazet <edumazet@google.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-01-27 00:04:53 -08:00
..
netfilter netfilter: nf_tables: fix port natting in little endian archs 2014-12-23 15:34:28 +01:00
af_inet.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-11-29 20:47:48 -08:00
ah4.c
arp.c neigh: remove dynamic neigh table registration support 2014-11-11 15:23:54 -05:00
cipso_ipv4.c cipso: remove NULL assignment on static 2014-11-04 15:09:52 -05:00
datagram.c
devinet.c
esp4.c net: esp: Convert NETDEBUG to pr_info 2014-11-06 15:11:10 -05:00
fib_frontend.c
fib_lookup.h
fib_rules.c ipv4: Fix incorrect error code when adding an unreachable route 2014-11-16 14:11:45 -05:00
fib_semantics.c
fib_trie.c fib_trie: Fix trie balancing issue if new node pushes down existing node 2014-12-12 10:58:53 -05:00
fou.c gue: Call remcsum_adjust 2014-11-26 12:25:44 -05:00
geneve.c openvswitch: Fix vport_send double free 2014-12-23 23:57:31 -05:00
gre_demux.c
gre_offload.c gre: Set inner mac header in gro complete 2014-12-05 21:18:34 -08:00
icmp.c icmp: Remove some spurious dropped packet profile hits from the ICMP path 2014-11-18 15:28:28 -05:00
igmp.c ipv6: mld: fix add_grhead skb_over_panic for devs with large MTUs 2014-11-16 16:55:06 -05:00
inet_connection_sock.c
inet_diag.c
inet_fragment.c net: Convert LIMIT_NETDEBUG to net_dbg_ratelimited 2014-11-11 14:10:31 -05:00
inet_hashtables.c
inet_lro.c
inet_timewait_sock.c
inetpeer.c
ip_forward.c ipv4: try to cache dst_entries which would cause a redirect 2015-01-26 17:28:27 -08:00
ip_fragment.c net: Convert LIMIT_NETDEBUG to net_dbg_ratelimited 2014-11-11 14:10:31 -05:00
ip_gre.c gre: fix the inner mac header in nbma tunnel xmit path 2014-12-15 11:46:04 -05:00
ip_input.c
ip_options.c
ip_output.c put iov_iter into msghdr 2014-12-09 16:29:03 -05:00
ip_sockglue.c ip: zero sockaddr returned on error queue 2015-01-15 19:41:16 -05:00
ip_tunnel_core.c
ip_tunnel.c ip_tunnel: Add missing validation of encap type to ip_tunnel_encap_setup() 2014-12-16 15:20:41 -05:00
ip_vti.c ip_tunnel: the lack of vti_link_ops' dellink() cause kernel panic 2014-11-23 21:11:17 -05:00
ipcomp.c
ipconfig.c ipv4: remove 0/NULL assignment on static 2014-11-04 15:09:52 -05:00
ipip.c fou: Fix typo in returning flags in netlink 2014-11-05 22:18:20 -05:00
ipmr.c
Kconfig net: Move fou_build_header into fou.c and refactor 2014-11-05 16:30:02 -05:00
Makefile
netfilter.c
ping.c ping: Fix race in free in receive path 2015-01-27 00:04:53 -08:00
proc.c tcp_cubic: add SNMP counters to track how effective is Hystart 2014-12-09 14:58:23 -05:00
protocol.c
raw.c put iov_iter into msghdr 2014-12-09 16:29:03 -05:00
route.c ipv4: try to cache dst_entries which would cause a redirect 2015-01-26 17:28:27 -08:00
syncookies.c net: allow setting ecn via routing table 2014-11-04 16:06:09 -05:00
sysctl_net_ipv4.c
tcp_bic.c
tcp_cong.c tcp: spelling s/plugable/pluggable 2014-11-04 15:09:52 -05:00
tcp_cubic.c tcp_cubic: refine Hystart delay threshold 2014-12-09 14:58:23 -05:00
tcp_dctcp.c
tcp_diag.c
tcp_fastopen.c
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c
tcp_input.c switch tcp_sock->ucopy from iovec (ucopy.iov) to msghdr (ucopy.msg) 2014-12-09 16:28:22 -05:00
tcp_ipv4.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2014-12-10 15:48:20 -05:00
tcp_lp.c
tcp_memcontrol.c mm: memcontrol: lockless page counters 2014-12-10 17:41:04 -08:00
tcp_metrics.c
tcp_minisocks.c
tcp_offload.c net: Remove MPLS GSO feature. 2014-11-05 23:52:33 -08:00
tcp_output.c tcp: Do not apply TSO segment limit to non-TSO packets 2015-01-02 16:13:20 -05:00
tcp_probe.c
tcp_scalable.c
tcp_timer.c net: Convert LIMIT_NETDEBUG to net_dbg_ratelimited 2014-11-11 14:10:31 -05:00
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tcp.c Merge branch 'for-davem-2' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2014-12-10 13:17:23 -05:00
tunnel4.c
udp_diag.c udp_diag: Fix socket skipping within chain 2015-01-27 00:02:41 -08:00
udp_impl.h
udp_offload.c net: Remove MPLS GSO feature. 2014-11-05 23:52:33 -08:00
udp_tunnel.c
udp.c ip_generic_getfrag, udplite_getfrag: switch to passing msghdr 2014-12-09 16:28:22 -05:00
udplite.c
xfrm4_input.c
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c
xfrm4_policy.c
xfrm4_protocol.c
xfrm4_state.c
xfrm4_tunnel.c