linux/net/ipv6
Nicolas Dichtel 1e9f3d6f1c ip6tnl: fix use after free of fb_tnl_dev
Bug has been introduced by commit bb8140947a ("ip6tnl: allow to use rtnl ops
on fb tunnel").

When ip6_tunnel.ko is unloaded, FB device is delete by rtnl_link_unregister()
and then we try to use the pointer in ip6_tnl_destroy_tunnels().

Let's add an handler for dellink, which will never remove the FB tunnel. With
this patch it will no more be possible to remove it via 'ip link del ip6tnl0',
but it's safer.

The same fix was already proposed by Willem de Bruijn <willemb@google.com> for
sit interfaces.

CC: Willem de Bruijn <willemb@google.com>
Reported-by: Steven Rostedt <rostedt@goodmis.org>
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-11-14 17:04:38 -05:00
..
netfilter netfilter: push reasm skb through instead of original frag skbs 2013-11-11 00:19:35 -05:00
addrconf_core.c ipv6: move in6_dev_finish_destroy() into core kernel 2013-08-31 22:30:00 -04:00
addrconf.c sit/gre6: don't try to add the same route two times 2013-11-14 16:59:16 -05:00
addrlabel.c ipv6: fix null pointer dereference in __ip6addrlbl_add 2013-09-04 14:14:53 -04:00
af_inet6.c tcp_memcontrol: Remove the per netns control. 2013-10-21 18:43:02 -04:00
ah6.c ipsec: Don't update the pmtu on ICMPV6_DEST_UNREACH 2013-09-16 09:45:32 +02:00
anycast.c net: proc: change proc_net_remove to remove_proc_entry 2013-02-18 14:53:08 -05:00
datagram.c ipv6: make lookups simpler and faster 2013-10-09 00:01:25 -04:00
esp6.c Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec-next 2013-11-02 02:13:48 -04:00
exthdrs_core.c ipv6: Correct comparisons and calculations using skb->tail and skb-transport_header 2013-05-28 23:49:07 -07:00
exthdrs_offload.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
exthdrs.c ipv6/exthdrs: accept tlv which includes only padding 2013-09-11 15:52:27 -04:00
fib6_rules.c fib6_rules: fix indentation 2013-09-11 16:16:29 -04:00
icmp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-09-05 14:58:52 -04:00
inet6_connection_sock.c inet: rename ir_loc_port to ir_num 2013-10-10 14:37:35 -04:00
inet6_hashtables.c inet: convert inet_ehash_secret and ipv6_hash_secret to net_get_random_once 2013-10-19 19:45:35 -04:00
ip6_checksum.c ipv6: move csum_ipv6_magic() and udp6_csum_init() into static library 2013-01-08 17:56:10 -08:00
ip6_fib.c ipv6: compare sernum when walking fib for /proc/net/ipv6_route as safety net 2013-09-27 17:32:17 -04:00
ip6_flowlabel.c ipv6: protect for_each_sk_fl_rcu in mem_check with rcu_read_lock_bh 2013-11-11 01:25:28 -05:00
ip6_gre.c ipv6: Initialize ip6_tnl.hlen in gre tunnel even if no route is found 2013-10-11 17:50:59 -04:00
ip6_icmp.c ipv6: Kill ipv6 dependency of icmpv6_send(). 2013-04-29 13:54:36 -04:00
ip6_input.c net: add SNMP counters tracking incoming ECN bits 2013-08-08 22:24:59 -07:00
ip6_offload.c ipv6: sit: add GSO/TSO support 2013-10-21 18:49:39 -04:00
ip6_offload.h ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
ip6_output.c ip6_output: fragment outgoing reassembled skb properly 2013-11-11 00:19:35 -05:00
ip6_tunnel.c ip6tnl: fix use after free of fb_tnl_dev 2013-11-14 17:04:38 -05:00
ip6_vti.c ipv6: Add support for IPsec virtual tunnel interfaces 2013-10-10 12:00:01 +02:00
ip6mr.c tunnels: harmonize cleanup done on skb on rx path 2013-09-04 00:27:26 -04:00
ipcomp6.c ipsec: Don't update the pmtu on ICMPV6_DEST_UNREACH 2013-09-16 09:45:32 +02:00
ipv6_sockglue.c ipv6: enable IPV6_FLOWLABEL_MGR for getsockopt 2013-11-08 13:42:57 -05:00
Kconfig ipv6: Remove privacy config option. 2013-10-28 20:07:50 -04:00
Makefile ipv6: Add support for IPsec virtual tunnel interfaces 2013-10-10 12:00:01 +02:00
mcast.c ipv6 mcast: use in6_dev_put in timer handlers instead of __in6_dev_put 2013-09-30 22:28:58 -07:00
mip6.c ipv6: Correct comparisons and calculations using skb->tail and skb-transport_header 2013-05-28 23:49:07 -07:00
ndisc.c ipv6: don't call fib6_run_gc() until routing is ready 2013-09-11 17:04:09 -04:00
netfilter.c netfilter: add nf_ipv6_ops hook to fix xt_addrtype with IPv6 2013-05-23 11:58:55 +02:00
output_core.c ipv6: move ip6_local_out into core kernel 2013-08-31 22:30:00 -04:00
ping.c ipv6: make lookups simpler and faster 2013-10-09 00:01:25 -04:00
proc.c net: add SNMP counters tracking incoming ECN bits 2013-08-08 22:24:59 -07:00
protocol.c ipv6: Pull IPv6 GSO registration out of the module 2012-11-15 17:39:24 -05:00
raw.c ipv6: make lookups simpler and faster 2013-10-09 00:01:25 -04:00
reassembly.c ipv6: split inet6_hash_frag for netfilter and initialize secrets with net_get_random_once 2013-10-23 17:01:40 -04:00
route.c ipv6: use rt6_get_dflt_router to get default router in rt6_route_rcv 2013-11-08 15:16:04 -05:00
sit.c sit: fix use after free of fb_tunnel_dev 2013-11-14 16:42:17 -05:00
syncookies.c inet: split syncookie keys for ipv4 and ipv6 and initialize with net_get_random_once 2013-10-19 19:45:35 -04:00
sysctl_net_ipv6.c net: Convert uses of typedef ctl_table to struct ctl_table 2013-06-13 02:36:09 -07:00
tcp_ipv6.c tcp_memcontrol: Remove the per netns control. 2013-10-21 18:43:02 -04:00
tcpv6_offload.c tcp: rename tcp_tso_segment() 2013-10-18 13:38:39 -04:00
tunnel6.c net: ipv6: Standardize prefixes for message logging 2012-05-16 01:01:03 -04:00
udp_impl.h net: ipv4/ipv6: Remove extern from function prototypes 2013-10-19 19:12:11 -04:00
udp_offload.c ipv6: fix headroom calculation in udp6_ufo_fragment 2013-11-05 22:09:53 -05:00
udp.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2013-10-23 16:49:34 -04:00
udplite.c ipv6: do not clear pinet6 field 2013-05-11 16:26:38 -07:00
xfrm6_input.c
xfrm6_mode_beet.c ipsec: be careful of non existing mac headers 2012-02-23 16:50:45 -05:00
xfrm6_mode_ro.c
xfrm6_mode_transport.c
xfrm6_mode_tunnel.c ipv6: Add a receive path hook for vti6 in xfrm6_mode_tunnel. 2013-10-09 13:16:36 +02:00
xfrm6_output.c xfrm: revert ipv4 mtu determination to dst_mtu 2013-08-26 12:40:53 +02:00
xfrm6_policy.c xfrm: Fix null pointer dereference when decoding sessions 2013-11-01 07:08:46 +01:00
xfrm6_state.c xfrm: make local error reporting more robust 2013-08-14 13:07:12 +02:00
xfrm6_tunnel.c hlist: drop the node parameter from iterators 2013-02-27 19:10:24 -08:00