From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Taras Chornyi <taras.chornyi@plvision.eu>,
Vadym Kochan <vadym.kochan@plvision.eu>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.4 056/100] net: ipv4: devinet: Fix crash when add/del multicast IP with autojoin
Date: Wed, 22 Apr 2020 11:56:26 +0200 [thread overview]
Message-ID: <20200422095033.205387451@linuxfoundation.org> (raw)
In-Reply-To: <20200422095022.476101261@linuxfoundation.org>
From: Taras Chornyi <taras.chornyi@plvision.eu>
[ Upstream commit 690cc86321eb9bcee371710252742fb16fe96824 ]
When CONFIG_IP_MULTICAST is not set and multicast ip is added to the device
with autojoin flag or when multicast ip is deleted kernel will crash.
steps to reproduce:
ip addr add 224.0.0.0/32 dev eth0
ip addr del 224.0.0.0/32 dev eth0
or
ip addr add 224.0.0.0/32 dev eth0 autojoin
Unable to handle kernel NULL pointer dereference at virtual address 0000000000000088
pc : _raw_write_lock_irqsave+0x1e0/0x2ac
lr : lock_sock_nested+0x1c/0x60
Call trace:
_raw_write_lock_irqsave+0x1e0/0x2ac
lock_sock_nested+0x1c/0x60
ip_mc_config.isra.28+0x50/0xe0
inet_rtm_deladdr+0x1a8/0x1f0
rtnetlink_rcv_msg+0x120/0x350
netlink_rcv_skb+0x58/0x120
rtnetlink_rcv+0x14/0x20
netlink_unicast+0x1b8/0x270
netlink_sendmsg+0x1a0/0x3b0
____sys_sendmsg+0x248/0x290
___sys_sendmsg+0x80/0xc0
__sys_sendmsg+0x68/0xc0
__arm64_sys_sendmsg+0x20/0x30
el0_svc_common.constprop.2+0x88/0x150
do_el0_svc+0x20/0x80
el0_sync_handler+0x118/0x190
el0_sync+0x140/0x180
Fixes: 93a714d6b53d ("multicast: Extend ip address command to enable multicast group join/leave on")
Signed-off-by: Taras Chornyi <taras.chornyi@plvision.eu>
Signed-off-by: Vadym Kochan <vadym.kochan@plvision.eu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv4/devinet.c | 13 +++++++++----
1 file changed, 9 insertions(+), 4 deletions(-)
--- a/net/ipv4/devinet.c
+++ b/net/ipv4/devinet.c
@@ -560,12 +560,15 @@ struct in_ifaddr *inet_ifa_byprefix(stru
return NULL;
}
-static int ip_mc_config(struct sock *sk, bool join, const struct in_ifaddr *ifa)
+static int ip_mc_autojoin_config(struct net *net, bool join,
+ const struct in_ifaddr *ifa)
{
+#if defined(CONFIG_IP_MULTICAST)
struct ip_mreqn mreq = {
.imr_multiaddr.s_addr = ifa->ifa_address,
.imr_ifindex = ifa->ifa_dev->dev->ifindex,
};
+ struct sock *sk = net->ipv4.mc_autojoin_sk;
int ret;
ASSERT_RTNL();
@@ -578,6 +581,9 @@ static int ip_mc_config(struct sock *sk,
release_sock(sk);
return ret;
+#else
+ return -EOPNOTSUPP;
+#endif
}
static int inet_rtm_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh)
@@ -617,7 +623,7 @@ static int inet_rtm_deladdr(struct sk_bu
continue;
if (ipv4_is_multicast(ifa->ifa_address))
- ip_mc_config(net->ipv4.mc_autojoin_sk, false, ifa);
+ ip_mc_autojoin_config(net, false, ifa);
__inet_del_ifa(in_dev, ifap, 1, nlh, NETLINK_CB(skb).portid);
return 0;
}
@@ -873,8 +879,7 @@ static int inet_rtm_newaddr(struct sk_bu
*/
set_ifa_lifetime(ifa, valid_lft, prefered_lft);
if (ifa->ifa_flags & IFA_F_MCAUTOJOIN) {
- int ret = ip_mc_config(net->ipv4.mc_autojoin_sk,
- true, ifa);
+ int ret = ip_mc_autojoin_config(net, true, ifa);
if (ret < 0) {
inet_free_ifa(ifa);
next prev parent reply other threads:[~2020-04-22 11:01 UTC|newest]
Thread overview: 107+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-04-22 9:55 [PATCH 4.4 000/100] 4.4.220-rc1 review Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 001/100] bus: sunxi-rsb: Return correct data when mixing 16-bit and 8-bit reads Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 002/100] net: vxge: fix wrong __VA_ARGS__ usage Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 003/100] qlcnic: Fix bad kzalloc null test Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 004/100] i2c: st: fix missing struct parameter description Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 005/100] irqchip/versatile-fpga: Handle chained IRQs properly Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 006/100] selftests/x86/ptrace_syscall_32: Fix no-vDSO segfault Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 007/100] libata: Remove extra scsi_host_put() in ata_scsi_add_hosts() Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 008/100] gfs2: Dont demote a glock until its revokes are written Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 009/100] x86/boot: Use unsigned comparison for addresses Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 010/100] locking/lockdep: Avoid recursion in lockdep_count_{for,back}ward_deps() Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 011/100] btrfs: remove a BUG_ON() from merge_reloc_roots() Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 012/100] btrfs: track reloc roots based on their commit root bytenr Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 013/100] misc: rtsx: set correct pcr_ops for rts522A Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 014/100] ASoC: fix regwmask Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 015/100] ASoC: dapm: connect virtual mux with default value Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 016/100] ASoC: dpcm: allow start or stop during pause for backend Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 017/100] ASoC: topology: use name_prefix for new kcontrol Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 018/100] usb: gadget: f_fs: Fix use after free issue as part of queue failure Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 019/100] usb: gadget: composite: Inform controller driver of self-powered Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 020/100] ALSA: usb-audio: Add mixer workaround for TRX40 and co Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 021/100] ALSA: hda: Add driver blacklist Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 022/100] ALSA: hda: Fix potential access overflow in beep helper Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 023/100] ALSA: ice1724: Fix invalid access for enumerated ctl items Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 024/100] ALSA: pcm: oss: Fix regression by buffer overflow fix Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 025/100] acpi/x86: ignore unspecified bit positions in the ACPI global lock field Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 026/100] thermal: devfreq_cooling: inline all stubs for CONFIG_DEVFREQ_THERMAL=n Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 027/100] KEYS: reaching the keys quotas correctly Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 028/100] irqchip/versatile-fpga: Apply clear-mask earlier Greg Kroah-Hartman
2020-04-22 9:55 ` [PATCH 4.4 029/100] MIPS: OCTEON: irq: Fix potential NULL pointer dereference Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 030/100] ath9k: Handle txpower changes even when TPC is disabled Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 031/100] signal: Extend exec_id to 64bits Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 032/100] x86/entry/32: Add missing ASM_CLAC to general_protection entry Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 033/100] KVM: x86: Allocate new rmap and large page tracking when moving memslot Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 034/100] crypto: mxs-dcp - fix scatterlist linearization for hash Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 035/100] futex: futex_wake_op, do not fail on invalid op Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 036/100] xen-netfront: Rework the fix for Rx stall during OOM and network stress Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 037/100] ALSA: hda: Initialize power_state field properly Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 038/100] Btrfs: incremental send, fix invalid memory access Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 039/100] IB/ipoib: Fix lockdep issue found on ipoib_ib_dev_heavy_flush Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 040/100] scsi: zfcp: fix missing erp_lock in port recovery trigger for point-to-point Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 041/100] arm64: armv8_deprecated: Fix undef_hook mask for thumb setend Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 042/100] ext4: fix a data race at inode->i_blocks Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 043/100] ocfs2: no need try to truncate file beyond i_size Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 044/100] s390/diag: fix display of diagnose call statistics Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 045/100] Input: i8042 - add Acer Aspire 5738z to nomux list Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 046/100] kmod: make request_module() return an error when autoloading is disabled Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 047/100] hfsplus: fix crash and filesystem corruption when deleting files Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 048/100] libata: Return correct status in sata_pmp_eh_recover_pm() when ATA_DFLAG_DETACH is set Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 049/100] powerpc/64/tm: Dont let userspace set regs->trap via sigreturn Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 050/100] Btrfs: fix crash during unmount due to race with delayed inode workers Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 051/100] drm/dp_mst: Fix clearing payload state on topology disable Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 052/100] ipmi: fix hung processes in __get_guid() Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 053/100] powerpc/fsl_booke: Avoid creating duplicate tlb1 entry Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 054/100] misc: echo: Remove unnecessary parentheses and simplify check for zero Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 055/100] mfd: dln2: Fix sanity checking for endpoints Greg Kroah-Hartman
2020-04-22 9:56 ` Greg Kroah-Hartman [this message]
2020-04-22 9:56 ` [PATCH 4.4 057/100] net: ipv6: do not consider routes via gateways for anycast address check Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 058/100] scsi: ufs: Fix ufshcd_hold() caused scheduling while atomic Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 059/100] jbd2: improve comments about freeing data buffers whose page mapping is NULL Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 060/100] ext4: fix incorrect group count in ext4_fill_super error message Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 061/100] ext4: fix incorrect inodes per group in " Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 062/100] ASoC: Intel: mrfld: fix incorrect check on p->sink Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 063/100] ASoC: Intel: mrfld: return error codes when an error occurs Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 064/100] ALSA: usb-audio: Dont override ignore_ctl_error value from the map Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 065/100] mac80211_hwsim: Use kstrndup() in place of kasprintf() Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 066/100] ext4: do not zeroout extents beyond i_disksize Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 067/100] dm flakey: check for null arg_name in parse_features() Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 068/100] kvm: x86: Host feature SSBD doesnt imply guest feature SPEC_CTRL_SSBD Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 069/100] x86/mitigations: Clear CPU buffers on the SYSCALL fast path Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 070/100] tracing: Fix the race between registering snapshot event trigger and triggering snapshot operation Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 071/100] scsi: sg: add sg_remove_request in sg_common_write Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 072/100] ALSA: hda: Dont release card at firmware loading error Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 073/100] of: unittest: kmemleak on changeset destroy Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 074/100] video: fbdev: sis: Remove unnecessary parentheses and commented code Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 075/100] drm: NULL pointer dereference [null-pointer-deref] (CWE 476) problem Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 076/100] wil6210: increase firmware ready timeout Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 077/100] wil6210: fix temperature debugfs Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 078/100] scsi: ufs: ufs-qcom: remove broken hci version quirk Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 079/100] wil6210: rate limit wil_rx_refill error Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 080/100] rtc: pm8xxx: Fix issue in RTC write path Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 081/100] soc: qcom: smem: Use le32_to_cpu for comparison Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 082/100] of: fix missing kobject init for !SYSFS && OF_DYNAMIC config Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 083/100] of: unittest: kmemleak in of_unittest_platform_populate() Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 084/100] clk: at91: usb: continue if clk_hw_round_rate() return zero Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 085/100] clk: tegra: Fix Tegra PMC clock out parents Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 086/100] NFS: direct.c: Fix memory leak of dreq when nfs_get_lock_context fails Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 087/100] ext4: do not commit super on read-only bdev Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 088/100] percpu_counter: fix a data race at vm_committed_as Greg Kroah-Hartman
2020-04-22 9:56 ` [PATCH 4.4 089/100] compiler.h: fix error in BUILD_BUG_ON() reporting Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.4 090/100] NFS: Fix memory leaks in nfs_pageio_stop_mirroring() Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.4 091/100] ext2: fix empty body warnings when -Wextra is used Greg Kroah-Hartman
2020-04-25 11:43 ` Joe Perches
2020-04-25 11:47 ` Joe Perches
2020-04-22 9:57 ` [PATCH 4.4 092/100] iommu/amd: Fix the configuration of GCR3 table root pointer Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.4 093/100] fbdev: potential information leak in do_fb_ioctl() Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.4 094/100] tty: evh_bytechan: Fix out of bounds accesses Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.4 095/100] locktorture: Print ratio of acquisitions, not failures Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.4 096/100] mtd: lpddr: Fix a double free in probe() Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.4 097/100] mtd: phram: fix a double free issue in error path Greg Kroah-Hartman
2020-04-22 9:57 ` Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.4 098/100] x86/CPU: Add native CPUID variants returning a single datum Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.4 099/100] x86/microcode/intel: replace sync_core() with native_cpuid_reg(eax) Greg Kroah-Hartman
2020-04-22 9:57 ` [PATCH 4.4 100/100] x86/vdso: Fix lsl operand order Greg Kroah-Hartman
2020-04-22 11:16 ` [PATCH 4.4 000/100] 4.4.220-rc1 review Chris Paterson
[not found] ` <20200422095022.476101261-hQyY1W1yCW8ekmWlsbkhG0B+6BGkLq7r@public.gmane.org>
2020-04-23 10:20 ` Jon Hunter
2020-04-23 10:20 ` Jon Hunter
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200422095033.205387451@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=taras.chornyi@plvision.eu \
--cc=vadym.kochan@plvision.eu \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.