linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Hristo Venev <hristo@venev.name>,
	"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.9 20/37] net: sit: Unregister catch-all devices
Date: Mon, 26 Apr 2021 09:29:21 +0200	[thread overview]
Message-ID: <20210426072817.942653452@linuxfoundation.org> (raw)
In-Reply-To: <20210426072817.245304364@linuxfoundation.org>

From: Hristo Venev <hristo@venev.name>

commit 610f8c0fc8d46e0933955ce13af3d64484a4630a upstream.

A sit interface created without a local or a remote address is linked
into the `sit_net::tunnels_wc` list of its original namespace. When
deleting a network namespace, delete the devices that have been moved.

The following script triggers a null pointer dereference if devices
linked in a deleted `sit_net` remain:

    for i in `seq 1 30`; do
        ip netns add ns-test
        ip netns exec ns-test ip link add dev veth0 type veth peer veth1
        ip netns exec ns-test ip link add dev sit$i type sit dev veth0
        ip netns exec ns-test ip link set dev sit$i netns $$
        ip netns del ns-test
    done
    for i in `seq 1 30`; do
        ip link del dev sit$i
    done

Fixes: 5e6700b3bf98f ("sit: add support of x-netns")
Signed-off-by: Hristo Venev <hristo@venev.name>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv6/sit.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -1799,9 +1799,9 @@ static void __net_exit sit_destroy_tunne
 		if (dev->rtnl_link_ops == &sit_link_ops)
 			unregister_netdevice_queue(dev, head);
 
-	for (prio = 1; prio < 4; prio++) {
+	for (prio = 0; prio < 4; prio++) {
 		int h;
-		for (h = 0; h < IP6_SIT_HASH_SIZE; h++) {
+		for (h = 0; h < (prio ? IP6_SIT_HASH_SIZE : 1); h++) {
 			struct ip_tunnel *t;
 
 			t = rtnl_dereference(sitn->tunnels[prio][h]);



  parent reply	other threads:[~2021-04-26  7:36 UTC|newest]

Thread overview: 42+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2021-04-26  7:29 [PATCH 4.9 00/37] 4.9.268-rc1 review Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 01/37] net/sctp: fix race condition in sctp_destroy_sock Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 02/37] Input: nspire-keypad - enable interrupts only when opened Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 03/37] dmaengine: dw: Make it dependent to HAS_IOMEM Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 04/37] ARM: dts: Fix moving mmc devices with aliases for omap4 & 5 Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 05/37] arc: kernel: Return -EFAULT if copy_to_user() fails Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 06/37] neighbour: Disregard DEAD dst in neigh_update Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 07/37] ARM: keystone: fix integer overflow warning Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 08/37] ASoC: fsl_esai: Fix TDM slot setup for I2S mode Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 09/37] net: ieee802154: stop dump llsec keys for monitors Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 10/37] net: ieee802154: stop dump llsec devs " Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 11/37] net: ieee802154: forbid monitor for add llsec dev Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 12/37] net: ieee802154: stop dump llsec devkeys for monitors Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 13/37] net: ieee802154: forbid monitor for add llsec devkey Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 14/37] net: ieee802154: stop dump llsec seclevels for monitors Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 15/37] net: ieee802154: forbid monitor for add llsec seclevel Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 16/37] pcnet32: Use pci_resource_len to validate PCI resource Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 17/37] Input: i8042 - fix Pegatron C15B ID entry Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 18/37] scsi: libsas: Reset num_scatter if libata marks qc as NODATA Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 19/37] net: davicom: Fix regulator not turned off on failed probe Greg Kroah-Hartman
2021-04-26  7:29 ` Greg Kroah-Hartman [this message]
2021-04-26  7:29 ` [PATCH 4.9 21/37] i40e: fix the panic when running bpf in xdpdrv mode Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 22/37] ARM: 9071/1: uprobes: Dont hook on thumb instructions Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 23/37] usbip: Fix incorrect double assignment to udc->ud.tcp_rx Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 24/37] usbip: add sysfs_lock to synchronize sysfs code paths Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 25/37] usbip: stub-dev " Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 26/37] usbip: vudc " Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 27/37] usbip: synchronize event handler with " Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 28/37] net: hso: fix null-ptr-deref during tty device unregistration Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 29/37] ext4: correct error label in ext4_rename() Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 30/37] HID: alps: fix error return code in alps_input_configured() Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 31/37] ARM: dts: Fix swapped mmc order for omap3 Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 32/37] s390/entry: save the caller of psw_idle Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 33/37] xen-netback: Check for hotplug-status existence before watching Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 34/37] cavium/liquidio: Fix duplicate argument Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 35/37] ia64: fix discontig.c section mismatches Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 36/37] ia64: tools: remove duplicate definition of ia64_mf() on ia64 Greg Kroah-Hartman
2021-04-26  7:29 ` [PATCH 4.9 37/37] x86/crash: Fix crash_setup_memmap_entries() out-of-bounds access Greg Kroah-Hartman
2021-04-26 17:26 ` [PATCH 4.9 00/37] 4.9.268-rc1 review Florian Fainelli
2021-04-26 18:32 ` Guenter Roeck
2021-04-26 23:47 ` Shuah Khan
2021-04-27  7:36 ` Naresh Kamboju

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20210426072817.942653452@linuxfoundation.org \
    --to=gregkh@linuxfoundation.org \
    --cc=davem@davemloft.net \
    --cc=hristo@venev.name \
    --cc=linux-kernel@vger.kernel.org \
    --cc=stable@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).