[PATCH 3.10 091/139] net: ping: do not abuse udp_poll()

From: Willy Tarreau
Date: Wed Nov 01 2017 - 17:49:47 EST

Next message: Willy Tarreau: "[PATCH 3.10 095/139] serial: efm32: Fix parity management in 'efm32_uart_console_get_options()'"
Previous message: Willy Tarreau: "[PATCH 3.10 117/139] net/mlx4: Remove BUG_ON from ICM allocation routine"
In reply to: Willy Tarreau: "[PATCH 3.10 090/139] kvm: async_pf: fix rcu_irq_enter() with irqs enabled"
Next in thread: Willy Tarreau: "[PATCH 3.10 095/139] serial: efm32: Fix parity management in 'efm32_uart_console_get_options()'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Eric Dumazet <edumazet@xxxxxxxxxx>

commit 77d4b1d36926a9b8387c6b53eeba42bcaaffcea3 upstream.

Alexander reported various KASAN messages triggered in recent kernels

The problem is that ping sockets should not use udp_poll() in the first
place, and recent changes in UDP stack finally exposed this old bug.

Fixes: c319b4d76b9e ("net: ipv4: add IPPROTO_ICMP socket kind")
Fixes: 6d0bfe226116 ("net: ipv6: Add IPv6 support to the ping socket.")
Signed-off-by: Eric Dumazet <edumazet@xxxxxxxxxx>
Reported-by: Sasha Levin <alexander.levin@xxxxxxxxxxx>
Cc: Solar Designer <solar@xxxxxxxxxxxx>
Cc: Vasiliy Kulikov <segoon@xxxxxxxxxxxx>
Cc: Lorenzo Colitti <lorenzo@xxxxxxxxxx>
Acked-By: Lorenzo Colitti <lorenzo@xxxxxxxxxx>
Tested-By: Lorenzo Colitti <lorenzo@xxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
[wt: removed the parts related to ping6 as 6d0bfe226116 is not in 3.10]

Signed-off-by: Willy Tarreau <w@xxxxxx>
---
include/net/ipv6.h | 1 +
net/ipv4/af_inet.c | 2 +-
net/ipv6/raw.c | 2 +-
3 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/include/net/ipv6.h b/include/net/ipv6.h
index 413e23b..1c96547c 100644
--- a/include/net/ipv6.h
+++ b/include/net/ipv6.h
@@ -822,6 +822,7 @@ extern int inet6_hash_connect(struct inet_timewait_death_row *death_row,
*/
extern const struct proto_ops inet6_stream_ops;
extern const struct proto_ops inet6_dgram_ops;
+extern const struct proto_ops inet6_sockraw_ops;

struct group_source_req;
struct group_filter;
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 975c369..03610eb 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1053,7 +1053,7 @@ static struct inet_protosw inetsw_array[] =
.type = SOCK_DGRAM,
.protocol = IPPROTO_ICMP,
.prot = &ping_prot,
- .ops = &inet_dgram_ops,
+ .ops = &inet_sockraw_ops,
.no_check = UDP_CSUM_DEFAULT,
.flags = INET_PROTOSW_REUSE,
},
diff --git a/net/ipv6/raw.c b/net/ipv6/raw.c
index c7ce2be..a05e1f1 100644
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -1319,7 +1319,7 @@ void raw6_proc_exit(void)
#endif /* CONFIG_PROC_FS */

/* Same as inet6_dgram_ops, sans udp_poll. */
-static const struct proto_ops inet6_sockraw_ops = {
+const struct proto_ops inet6_sockraw_ops = {
.family = PF_INET6,
.owner = THIS_MODULE,
.release = inet6_release,
--
2.8.0.rc2.1.gbe9624a

Next message: Willy Tarreau: "[PATCH 3.10 095/139] serial: efm32: Fix parity management in 'efm32_uart_console_get_options()'"
Previous message: Willy Tarreau: "[PATCH 3.10 117/139] net/mlx4: Remove BUG_ON from ICM allocation routine"
In reply to: Willy Tarreau: "[PATCH 3.10 090/139] kvm: async_pf: fix rcu_irq_enter() with irqs enabled"
Next in thread: Willy Tarreau: "[PATCH 3.10 095/139] serial: efm32: Fix parity management in 'efm32_uart_console_get_options()'"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]