linux/net/ipv6
Eric Dumazet 61fb0d0168 ipv6: prevent possible fib6 leaks
At ipv6 route dismantle, fib6_drop_pcpu_from() is responsible
for finding all percpu routes and set their ->from pointer
to NULL, so that fib6_ref can reach its expected value (1).

The problem right now is that other cpus can still catch the
route being deleted, since there is no rcu grace period
between the route deletion and call to fib6_drop_pcpu_from()

This can leak the fib6 and associated resources, since no
notifier will take care of removing the last reference(s).

I decided to add another boolean (fib6_destroying) instead
of reusing/renaming exception_bucket_flushed to ease stable backports,
and properly document the memory barriers used to implement this fix.

This patch has been co-developped with Wei Wang.

Fixes: 93531c6743 ("net/ipv6: separate handling of FIB entries from dst based routes")
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: syzbot <syzkaller@googlegroups.com>
Cc: Wei Wang <weiwan@google.com>
Cc: David Ahern <dsahern@gmail.com>
Cc: Martin Lau <kafai@fb.com>
Acked-by: Wei Wang <weiwan@google.com>
Acked-by: Martin KaFai Lau <kafai@fb.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2019-05-16 12:21:00 -07:00
..
ila genetlink: optionally validate strictly/dumps 2019-04-27 17:07:22 -04:00
netfilter netfilter: x_tables: merge ip and ipv6 masquerade modules 2019-04-11 20:59:29 +02:00
addrconf_core.c ipv6: Pass fib6_result to fib lookups 2019-04-17 23:10:47 -07:00
addrconf.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
addrlabel.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
af_inet6.c net: rework SIOCGSTAMP ioctl handling 2019-04-19 14:07:40 -07:00
ah6.c
anycast.c net/ipv6: compute anycast address hash only if dev is null 2018-11-08 17:04:43 -08:00
calipso.c ipv6: make ipv6_renew_options() interrupt/kernel safe 2018-07-05 20:15:26 +09:00
datagram.c ipv6: fix kernel-infoleak in ipv6_local_error() 2019-01-10 09:36:41 -05:00
esp6_offload.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-05-02 22:14:21 -04:00
esp6.c esp: Skip TX bytes accounting when sending from a request socket 2019-01-28 11:20:58 +01:00
exthdrs_core.c net: ipv6: Fix typo in ipv6_find_hdr() documentation 2018-05-07 23:50:27 -04:00
exthdrs_offload.c
exthdrs.c ipv6: make ipv6_renew_options() interrupt/kernel safe 2018-07-05 20:15:26 +09:00
fib6_notifier.c
fib6_rules.c ipv6: Use result arg in fib_lookup_arg consistently 2019-04-23 21:53:11 -07:00
fou6.c fou, fou6: avoid uninit-value in gue_err() and gue6_err() 2019-03-08 15:19:53 -08:00
icmp.c ipv6: Add rate limit mask for ICMPv6 messages 2019-04-18 16:58:37 -07:00
inet6_connection_sock.c
inet6_hashtables.c net: tcp6: prefer listeners bound to an address 2018-12-14 15:55:20 -08:00
ip6_checksum.c net: udp: fix handling of CHECKSUM_COMPLETE packets 2018-10-24 14:18:16 -07:00
ip6_fib.c ipv6: prevent possible fib6 leaks 2019-05-16 12:21:00 -07:00
ip6_flowlabel.c ipv6/flowlabel: wait rcu grace period before put_pid() 2019-04-29 23:30:13 -04:00
ip6_gre.c net: ip6_gre: fix possible use-after-free in ip6erspan_rcv 2019-04-08 16:16:47 -07:00
ip6_icmp.c
ip6_input.c net: use indirect calls helpers at early demux stage 2019-05-05 10:38:04 -07:00
ip6_offload.c gso: validate gso_type on ipip style tunnels 2019-02-20 11:24:27 -08:00
ip6_offload.h
ip6_output.c neighbor: Add skip_cache argument to neigh_output 2019-04-08 15:22:41 -07:00
ip6_tunnel.c ip6_tunnel: Match to ARPHRD_TUNNEL6 for dev type 2019-04-02 13:19:34 -07:00
ip6_udp_tunnel.c net/ipv6/udp_tunnel: prefer SO_BINDTOIFINDEX over SO_BINDTODEVICE 2019-01-17 14:55:52 -08:00
ip6_vti.c xfrm: store xfrm_mode directly, not its address 2019-04-08 09:15:28 +02:00
ip6mr.c rhashtable: use bit_spin_locks to protect hash bucket. 2019-04-07 19:12:12 -07:00
ipcomp6.c
ipv6_sockglue.c net: ipv6: add socket option IPV6_ROUTER_ALERT_ISOLATE 2019-03-03 21:05:10 -08:00
Kconfig xfrm: make xfrm modes builtin 2019-04-08 09:15:17 +02:00
Makefile xfrm: make xfrm modes builtin 2019-04-08 09:15:17 +02:00
mcast_snoop.c net: remove unneeded switch fall-through 2019-02-21 13:48:00 -08:00
mcast.c bridge: join all-snoopers multicast address 2019-01-22 17:18:08 -08:00
mip6.c
ndisc.c net ipv6: Prevent neighbor add if protocol is disabled on device 2019-04-17 23:19:07 -07:00
netfilter.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/pablo/nf-next 2019-02-18 11:38:30 -08:00
output_core.c inet: switch IP ID generator to siphash 2019-03-27 14:29:26 -07:00
ping.c ipv6: fold sockcm_cookie into ipcm6_cookie 2018-07-07 10:58:49 +09:00
proc.c proc: introduce proc_create_net_single 2018-05-16 07:24:30 +02:00
protocol.c
raw.c net: rework SIOCGSTAMP ioctl handling 2019-04-19 14:07:40 -07:00
reassembly.c net: remove unused struct inet_frag_queue.fragments field 2019-02-26 08:27:05 -08:00
route.c ipv6: prevent possible fib6 leaks 2019-05-16 12:21:00 -07:00
seg6_hmac.c Merge ra.kernel.org:/pub/scm/linux/kernel/git/davem/net 2018-07-03 10:29:26 +09:00
seg6_iptunnel.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
seg6_local.c netlink: make validation more configurable for future strictness 2019-04-27 17:07:21 -04:00
seg6.c genetlink: optionally validate strictly/dumps 2019-04-27 17:07:22 -04:00
sit.c vrf: sit mtu should not be updated when vrf netdev is the link 2019-05-07 12:19:19 -07:00
syncookies.c net/ipv4: disable SMC TCP option with SYN Cookies 2018-03-25 20:53:54 -04:00
sysctl_net_ipv6.c ipv6: sr: Compute flowlabel for outer IPv6 header of seg6 encap mode 2018-04-25 13:02:15 -04:00
tcp_ipv6.c net: use indirect calls helpers at early demux stage 2019-05-05 10:38:04 -07:00
tcpv6_offload.c net: use indirect call wrappers at GRO transport layer 2018-12-15 13:23:02 -08:00
tunnel6.c net: Convert protocol error handlers from void to int 2018-11-08 17:13:08 -08:00
udp_impl.h udp6: add missing rehash callback to udplite 2019-01-17 15:01:08 -08:00
udp_offload.c net: use indirect call wrappers at GRO transport layer 2018-12-15 13:23:02 -08:00
udp.c net: use indirect calls helpers at early demux stage 2019-05-05 10:38:04 -07:00
udplite.c udp6: add missing rehash callback to udplite 2019-01-17 15:01:08 -08:00
xfrm6_input.c net: use skb_sec_path helper in more places 2018-12-19 11:21:37 -08:00
xfrm6_output.c xfrm: store xfrm_mode directly, not its address 2019-04-08 09:15:28 +02:00
xfrm6_policy.c xfrm: remove decode_session indirection from afinfo_policy 2019-04-23 07:42:20 +02:00
xfrm6_protocol.c xfrm: remove unneeded export_symbols 2019-04-23 07:42:20 +02:00
xfrm6_state.c xfrm: remove VLA usage in __xfrm6_sort() 2018-04-26 07:51:48 +02:00
xfrm6_tunnel.c xfrm: clean up xfrm protocol checks 2019-03-26 08:35:36 +01:00