From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Stefano Brivio <sbrivio@redhat.com>,
Sabrina Dubroca <sd@queasysnail.net>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.19 02/24] ipv6/ndisc: Preserve IPv6 control buffer if protocol error handlers are called
Date: Fri, 2 Nov 2018 19:34:35 +0100 [thread overview]
Message-ID: <20181102182840.089362316@linuxfoundation.org> (raw)
In-Reply-To: <20181102182839.725385066@linuxfoundation.org>
4.19-stable review patch. If anyone has any objections, please let me know.
------------------
From: Stefano Brivio <sbrivio@redhat.com>
[ Upstream commit ee1abcf689353f36d9322231b4320926096bdee0 ]
Commit a61bbcf28a8c ("[NET]: Store skb->timestamp as offset to a base
timestamp") introduces a neighbour control buffer and zeroes it out in
ndisc_rcv(), as ndisc_recv_ns() uses it.
Commit f2776ff04722 ("[IPV6]: Fix address/interface handling in UDP and
DCCP, according to the scoping architecture.") introduces the usage of the
IPv6 control buffer in protocol error handlers (e.g. inet6_iif() in
present-day __udp6_lib_err()).
Now, with commit b94f1c0904da ("ipv6: Use icmpv6_notify() to propagate
redirect, instead of rt6_redirect()."), we call protocol error handlers
from ndisc_redirect_rcv(), after the control buffer is already stolen and
some parts are already zeroed out. This implies that inet6_iif() on this
path will always return zero.
This gives unexpected results on UDP socket lookup in __udp6_lib_err(), as
we might actually need to match sockets for a given interface.
Instead of always claiming the control buffer in ndisc_rcv(), do that only
when needed.
Fixes: b94f1c0904da ("ipv6: Use icmpv6_notify() to propagate redirect, instead of rt6_redirect().")
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/ndisc.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/net/ipv6/ndisc.c
+++ b/net/ipv6/ndisc.c
@@ -1732,10 +1732,9 @@ int ndisc_rcv(struct sk_buff *skb)
return 0;
}
- memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
-
switch (msg->icmph.icmp6_type) {
case NDISC_NEIGHBOUR_SOLICITATION:
+ memset(NEIGH_CB(skb), 0, sizeof(struct neighbour_cb));
ndisc_recv_ns(skb);
break;
next prev parent reply other threads:[~2018-11-02 18:37 UTC|newest]
Thread overview: 37+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-02 18:34 [PATCH 4.19 00/24] 4.19.1-stable review Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 01/24] bridge: do not add port to router list when receives query with source 0.0.0.0 Greg Kroah-Hartman
2019-02-17 14:29 ` Sebastian Gottschall
2019-02-17 16:48 ` Greg Kroah-Hartman
2019-02-18 10:18 ` Sebastian Gottschall
2019-02-20 12:48 ` Sebastian Gottschall
2019-02-20 13:09 ` Nikolay Aleksandrov
2019-02-20 13:11 ` Nikolay Aleksandrov
2019-02-20 14:46 ` Hangbin Liu
2019-02-21 12:50 ` Sebastian Gottschall
2019-02-21 11:41 ` Greg Kroah-Hartman
2018-11-02 18:34 ` Greg Kroah-Hartman [this message]
2018-11-02 18:34 ` [PATCH 4.19 03/24] net/mlx5e: fix csum adjustments caused by RXFCS Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 04/24] net: sched: gred: pass the right attribute to gred_change_table_def() Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 05/24] net: stmmac: Fix stmmac_mdio_reset() when building stmmac as modules Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 06/24] net: udp: fix handling of CHECKSUM_COMPLETE packets Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 07/24] Revert "net: simplify sock_poll_wait" Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 08/24] rtnetlink: Disallow FDB configuration for non-Ethernet device Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 09/24] vhost: Fix Spectre V1 vulnerability Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 10/24] bonding: fix length of actor system Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 11/24] openvswitch: Fix push/pop ethernet validation Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 12/24] net/ipv6: Allow onlink routes to have a device mismatch if it is the default route Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 13/24] net/smc: fix smc_buf_unuse to use the lgr pointer Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 14/24] mlxsw: spectrum_switchdev: Dont ignore deletions of learned MACs Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 15/24] mlxsw: core: Fix devlink unregister flow Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 16/24] net: drop skb on failure in ip_check_defrag() Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 17/24] net: Properly unlink GRO packets on overflow Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 18/24] r8169: fix broken Wake-on-LAN from S5 (poweroff) Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 19/24] Revert "be2net: remove desc field from be_eq_obj" Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 20/24] sctp: check policy more carefully when getting pr status Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 21/24] sparc64: Export __node_distance Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 22/24] sparc64: Make corrupted user stacks more debuggable Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 23/24] sparc64: Wire up compat getpeername and getsockname Greg Kroah-Hartman
2018-11-02 18:34 ` [PATCH 4.19 24/24] net: bridge: remove ipv6 zero address check in mcast queries Greg Kroah-Hartman
2018-11-03 14:33 ` [PATCH 4.19 00/24] 4.19.1-stable review Guenter Roeck
2018-11-04 4:24 ` Naresh Kamboju
2018-11-04 7:10 ` Greg Kroah-Hartman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181102182840.089362316@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=sbrivio@redhat.com \
--cc=sd@queasysnail.net \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox