From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org,
Linus Torvalds <torvalds@linux-foundation.org>,
Wen Xu <hotdog3645@gmail.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 3.10 01/19] [PATCH] ipv4: Missing sk_nulls_node_init() in ping_unhash().
Date: Mon, 11 May 2015 10:55:16 -0700 [thread overview]
Message-ID: <20150511175453.058218713@linuxfoundation.org> (raw)
In-Reply-To: <20150511175453.015424013@linuxfoundation.org>
3.10-stable review patch. If anyone has any objections, please let me know.
------------------
From: "David S. Miller" <davem@davemloft.net>
[ Upstream commit a134f083e79fb4c3d0a925691e732c56911b4326 ]
If we don't do that, then the poison value is left in the ->pprev
backlink.
This can cause crashes if we do a disconnect, followed by a connect().
Tested-by: Linus Torvalds <torvalds@linux-foundation.org>
Reported-by: Wen Xu <hotdog3645@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/ping.c | 1 +
1 file changed, 1 insertion(+)
--- a/net/ipv4/ping.c
+++ b/net/ipv4/ping.c
@@ -139,6 +139,7 @@ static void ping_v4_unhash(struct sock *
if (sk_hashed(sk)) {
write_lock_bh(&ping_table.lock);
hlist_nulls_del(&sk->sk_nulls_node);
+ sk_nulls_node_init(&sk->sk_nulls_node);
sock_put(sk);
isk->inet_num = 0;
isk->inet_sport = 0;
next prev parent reply other threads:[~2015-05-11 17:57 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-05-11 17:55 [PATCH 3.10 00/19] 3.10.78-stable review Greg Kroah-Hartman
2015-05-11 17:55 ` Greg Kroah-Hartman [this message]
2015-05-11 17:55 ` [PATCH 3.10 02/19] ALSA: emux: Fix mutex deadlock at unloading Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 03/19] ALSA: emux: Fix mutex deadlock in OSS emulation Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 04/19] ALSA: emu10k1: Fix card shortname string buffer overflow Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 05/19] ALSA: emu10k1: Emu10k2 32 bit DMA mode Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 07/19] serial: of-serial: Remove device_type = "serial" registration Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 08/19] rbd: end I/O the entire obj_request on error Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 09/19] ext4: fix data corruption caused by unwritten and delayed extents Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 10/19] 3w-xxxx: fix command completion race Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 11/19] 3w-9xxx: " Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 12/19] 3w-sas: " Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 13/19] usb: host: oxu210hp: use new USB_RESUME_TIMEOUT Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 14/19] usb: gadget: printer: enqueue printers response for setup request Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 15/19] staging: panel: fix lcd type Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 16/19] ARM: dts: dove: Fix uart[23] reg property Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 17/19] Drivers: hv: vmbus: Dont wait after requesting offers Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 18/19] UBI: fix soft lockup in ubi_check_volume() Greg Kroah-Hartman
2015-05-11 17:55 ` [PATCH 3.10 19/19] ARC: signal handling robustify Greg Kroah-Hartman
2015-05-11 20:02 ` [PATCH 3.10 00/19] 3.10.78-stable review Guenter Roeck
2015-05-11 23:41 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20150511175453.058218713@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=hotdog3645@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.