From: Greg KH <gregkh@suse.de>
To: linux-kernel@vger.kernel.org, stable@kernel.org
Cc: Justin Forbes <jmforbes@linuxtx.org>,
Zwane Mwaikambo <zwane@arm.linux.org.uk>,
"Theodore Ts'o" <tytso@mit.edu>,
Randy Dunlap <rdunlap@xenotime.net>,
Dave Jones <davej@redhat.com>,
Chuck Wolber <chuckw@quantumlinux.com>,
Chris Wedgwood <reviews@ml.cw.f00f.org>,
Michael Krufky <mkrufky@linuxtv.org>,
Chuck Ebbert <cebbert@redhat.com>,
Domenico Andreoli <cavokz@gmail.com>,
torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, bunk@stusta.de,
Patrick McHardy <kaber@trash.net>,
"David S. Miller" <davem@davemloft.net>
Subject: [37/50] Fix inet_diag OOPS.
Date: Mon, 24 Sep 2007 09:22:06 -0700 [thread overview]
Message-ID: <20070924162206.GL13510@kroah.com> (raw)
In-Reply-To: <20070924161733.GA13510@kroah.com>
[-- Attachment #1: fix-inet_diag-oops.patch --]
[-- Type: text/plain, Size: 3321 bytes --]
From: Patrick McHardy <kaber@trash.net>
commit 0a9c73014415d2a84dac346c1e12169142a6ad37 in mainline
[INET_DIAG]: Fix oops in netlink_rcv_skb
netlink_run_queue() doesn't handle multiple processes processing the
queue concurrently. Serialize queue processing in inet_diag to fix
a oops in netlink_rcv_skb caused by netlink_run_queue passing a
NULL for the skb.
BUG: unable to handle kernel NULL pointer dereference at virtual address 00000054
[349587.500454] printing eip:
[349587.500457] c03318ae
[349587.500459] *pde = 00000000
[349587.500464] Oops: 0000 [#1]
[349587.500466] PREEMPT SMP
[349587.500474] Modules linked in: w83627hf hwmon_vid i2c_isa
[349587.500483] CPU: 0
[349587.500485] EIP: 0060:[<c03318ae>] Not tainted VLI
[349587.500487] EFLAGS: 00010246 (2.6.22.3 #1)
[349587.500499] EIP is at netlink_rcv_skb+0xa/0x7e
[349587.500506] eax: 00000000 ebx: 00000000 ecx: c148d2a0 edx: c0398819
[349587.500510] esi: 00000000 edi: c0398819 ebp: c7a21c8c esp: c7a21c80
[349587.500517] ds: 007b es: 007b fs: 00d8 gs: 0033 ss: 0068
[349587.500521] Process oidentd (pid: 17943, ti=c7a20000 task=cee231c0 task.ti=c7a20000)
[349587.500527] Stack: 00000000 c7a21cac f7c8ba78 c7a21ca4 c0331962 c0398819 f7c8ba00 0000004c
[349587.500542] f736f000 c7a21cb4 c03988e3 00000001 f7c8ba00 c7a21cc4 c03312a5 0000004c
[349587.500558] f7c8ba00 c7a21cd4 c0330681 f7c8ba00 e4695280 c7a21d00 c03307c6 7fffffff
[349587.500578] Call Trace:
[349587.500581] [<c010361a>] show_trace_log_lvl+0x1c/0x33
[349587.500591] [<c01036d4>] show_stack_log_lvl+0x8d/0xaa
[349587.500595] [<c010390e>] show_registers+0x1cb/0x321
[349587.500604] [<c0103bff>] die+0x112/0x1e1
[349587.500607] [<c01132d2>] do_page_fault+0x229/0x565
[349587.500618] [<c03c8d3a>] error_code+0x72/0x78
[349587.500625] [<c0331962>] netlink_run_queue+0x40/0x76
[349587.500632] [<c03988e3>] inet_diag_rcv+0x1f/0x2c
[349587.500639] [<c03312a5>] netlink_data_ready+0x57/0x59
[349587.500643] [<c0330681>] netlink_sendskb+0x24/0x45
[349587.500651] [<c03307c6>] netlink_unicast+0x100/0x116
[349587.500656] [<c0330f83>] netlink_sendmsg+0x1c2/0x280
[349587.500664] [<c02fcce9>] sock_sendmsg+0xba/0xd5
[349587.500671] [<c02fe4d1>] sys_sendmsg+0x17b/0x1e8
[349587.500676] [<c02fe92d>] sys_socketcall+0x230/0x24d
[349587.500684] [<c01028d2>] syscall_call+0x7/0xb
[349587.500691] =======================
[349587.500693] Code: f0 ff 4e 18 0f 94 c0 84 c0 0f 84 66 ff ff ff 89 f0 e8 86 e2 fc ff e9 5a ff ff ff f0 ff 40 10 eb be 55 89 e5 57 89 d7 56 89 c6 53 <8b> 50 54 83 fa 10 72 55 8b 9e 9c 00 00 00 31 c9 8b 03 83 f8 0f
Reported by Athanasius <link@miggy.org>
Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---
net/ipv4/inet_diag.c | 4 ++++
1 file changed, 4 insertions(+)
--- a/net/ipv4/inet_diag.c
+++ b/net/ipv4/inet_diag.c
@@ -836,12 +836,16 @@ static int inet_diag_rcv_msg(struct sk_b
return inet_diag_get_exact(skb, nlh);
}
+static DEFINE_MUTEX(inet_diag_mutex);
+
static void inet_diag_rcv(struct sock *sk, int len)
{
unsigned int qlen = 0;
do {
+ mutex_lock(&inet_diag_mutex);
netlink_run_queue(sk, &qlen, &inet_diag_rcv_msg);
+ mutex_unlock(&inet_diag_mutex);
} while (qlen);
}
--
next prev parent reply other threads:[~2007-09-24 16:38 UTC|newest]
Thread overview: 60+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20070924161246.983665021@mini.kroah.org>
2007-09-24 16:17 ` [00/50] 2.6.22-stable review Greg KH
2007-09-24 16:19 ` [01/50] V4L: ivtv: fix VIDIOC_S_FBUF: new OSD values were never set Greg KH
2007-09-24 16:19 ` [02/50] DVB: get_dvb_firmware: update script for new location of sp8870 firmware Greg KH
2007-09-24 16:19 ` [03/50] DVB: get_dvb_firmware: update script for new location of tda10046 firmware Greg KH
2007-09-24 16:19 ` [04/50] DVB: b2c2-flexcop: fix Airstar HD5000 tuning regression Greg KH
2007-09-24 16:20 ` [05/50] setpgid(child) fails if the child was forked by sub-thread Greg KH
2007-09-24 16:20 ` [06/50] sigqueue_free: fix the race with collect_signal() Greg KH
2007-09-24 16:20 ` [07/50] kconfig: oldconfig shall not set symbols if it does not need to Greg KH
2007-09-24 16:20 ` [08/50] MTD: Makefile fix for mtdsuper Greg KH
2007-09-24 16:20 ` [09/50] USB: fix linked list insertion bugfix for usb core Greg KH
2007-09-24 16:20 ` [10/50] ACPI: Validate XSDT, use RSDT if XSDT fails Greg KH
2007-09-24 16:20 ` [11/50] POWERPC: Flush registers to proper task context Greg KH
2007-09-24 16:20 ` [12/50] 3w-9xxx: Fix dma mask setting Greg KH
2007-09-24 16:20 ` [13/50] MTD: Initialise s_flags in get_sb_mtd_aux() Greg KH
2007-09-24 16:20 ` [14/50] JFFS2: fix write deadlock regression Greg KH
2007-09-24 16:20 ` [15/50] V4L: cx88: Avoid a NULL pointer dereference during mpeg_open() Greg KH
2007-09-24 16:20 ` [16/50] hwmon: End of I/O region off-by-one Greg KH
2007-09-24 16:20 ` [17/50] Fix debug regression in video/pwc Greg KH
2007-09-24 16:20 ` [18/50] splice: fix direct splice error handling Greg KH
2007-09-24 16:21 ` [19/50] rpc: fix garbage in printk in svc_tcp_accept() Greg KH
2007-09-24 16:21 ` [20/50] disable sys_timerfd() Greg KH
2007-09-24 16:21 ` [21/50] afs: mntput called before dput Greg KH
2007-09-24 16:21 ` [22/50] Fix DAC960 driver on machines which dont support 64-bit DMA Greg KH
2007-09-24 16:21 ` [23/50] Fix "Fix DAC960 driver on machines which dont support 64-bit DMA" Greg KH
2007-09-24 16:21 ` [24/50] firewire: fw-ohci: ignore failure of pci_set_power_state (fix suspend regression) Greg KH
2007-09-24 16:21 ` [25/50] futex_compat: fix list traversal bugs Greg KH
2007-09-24 16:21 ` [26/50] Leases can be hidden by flocks Greg KH
2007-09-24 16:21 ` [27/50] ext34: ensure do_split leaves enough free space in both blocks Greg KH
2007-09-24 16:21 ` [28/50] nfs: fix oops re sysctls and V4 support Greg KH
2007-09-24 16:21 ` [29/50] dir_index: error out instead of BUG on corrupt dx dirs Greg KH
2007-09-24 16:21 ` [30/50] ieee1394: ohci1394: fix initialization if built non-modular Greg KH
2007-09-24 16:21 ` [31/50] Correctly close old nfsd/lockd sockets Greg KH
2007-09-24 16:21 ` Greg KH
2007-09-24 16:21 ` [32/50] Fix race with shared tag queue maps Greg KH
2007-09-24 16:21 ` [33/50] crypto: blkcipher_get_spot() handling of buffer at end of page Greg KH
2007-09-24 16:21 ` [34/50] fix realtek phy id in forcedeth Greg KH
2007-09-24 16:21 ` [35/50] Fix decnet device address listing Greg KH
2007-09-24 16:22 ` [36/50] Fix device address listing for ipv4 Greg KH
2007-09-24 16:22 ` Greg KH [this message]
2007-09-24 22:03 ` [37/50] Fix inet_diag OOPS Dan Merillat
2007-09-25 4:03 ` Patrick McHardy
2007-09-24 16:22 ` [38/50] Fix IPV6 append OOPS Greg KH
2007-09-24 16:22 ` [39/50] Fix IPSEC AH4 options handling Greg KH
2007-09-24 16:22 ` [40/50] Fix ipv6 double-sock-release with MSG_CONFIRM Greg KH
2007-09-24 16:22 ` [41/50] : Fix IPV6 DAD handling Greg KH
2007-09-24 16:22 ` [42/50] Fix ipv6 source address handling Greg KH
2007-09-24 22:05 ` roel
2007-09-24 16:22 ` [43/50] Fix oops in vlan and bridging code Greg KH
2007-09-24 16:22 ` [44/50] Fix tc_ematch kbuild Greg KH
2007-09-24 16:22 ` [45/50] Handle snd_una in tcp_cwnd_down() Greg KH
2007-09-24 16:22 ` [46/50] Fix TCP DSACK cwnd handling Greg KH
2007-09-24 16:22 ` [47/50] Fix datagram recvmsg NULL iov handling regression Greg KH
2007-09-24 16:22 ` [48/50] Fix pktgen src_mac handling Greg KH
2007-09-24 16:22 ` [49/50] Fix sparc64 v100 platform booting Greg KH
2007-09-24 16:22 ` [50/50] bcm43xx: Fix cancellation of work queue crashes Greg KH
2007-09-24 16:31 ` [00/50] 2.6.22-stable review Greg KH
2007-09-24 16:44 ` Chris Wedgwood
2007-09-24 16:46 ` Chris Wedgwood
2007-09-24 17:14 ` Greg KH
2007-09-24 17:13 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070924162206.GL13510@kroah.com \
--to=gregkh@suse.de \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=bunk@stusta.de \
--cc=cavokz@gmail.com \
--cc=cebbert@redhat.com \
--cc=chuckw@quantumlinux.com \
--cc=davej@redhat.com \
--cc=davem@davemloft.net \
--cc=jmforbes@linuxtx.org \
--cc=kaber@trash.net \
--cc=linux-kernel@vger.kernel.org \
--cc=mkrufky@linuxtv.org \
--cc=rdunlap@xenotime.net \
--cc=reviews@ml.cw.f00f.org \
--cc=stable@kernel.org \
--cc=torvalds@linux-foundation.org \
--cc=tytso@mit.edu \
--cc=zwane@arm.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.