Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/net
History
Sebastian Andrzej Siewior 448aa088dd hsr: Avoid double remove of a node. 
[ Upstream commit 0c74d9f79ec4299365bbe803baa736ae0068179e ]

Due to the hashed-MAC optimisation one problem become visible:
hsr_handle_sup_frame() walks over the list of available nodes and merges
two node entries into one if based on the information in the supervision
both MAC addresses belong to one node. The list-walk happens on a RCU
protected list and delete operation happens under a lock.

If the supervision arrives on both slave interfaces at the same time
then this delete operation can occur simultaneously on two CPUs. The
result is the first-CPU deletes the from the list and the second CPUs
BUGs while attempting to dereference a poisoned list-entry. This happens
more likely with the optimisation because a new node for the mac_B entry
is created once a packet has been received and removed (merged) once the
supervision frame has been received.

Avoid removing/ cleaning up a hsr_node twice by adding a `removed' field
which is set to true after the removal and checked before the removal.

Fixes: f266a683a4804 ("net/hsr: Better frame dispatch")
Signed-off-by: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2024-11-18 22:25:35 +01:00
..
6lowpan Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
9p 9p/net: fix possible memory leak in p9_check_errors() 2024-11-18 12:12:01 +01:00
802 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
8021q vlan: skip nested type that is not IFLA_VLAN_QOS_MAPPING 2024-11-18 12:13:00 +01:00
appletalk appletalk: Fix Use-After-Free in atalk_ioctl 2024-11-18 12:11:49 +01:00
atm atm: Fix Use-After-Free in do_vcc_ioctl 2024-11-18 12:11:49 +01:00
ax25 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
batman-adv net: vlan: introduce skb_vlan_eth_hdr() 2024-11-18 12:11:48 +01:00
bluetooth Bluetooth: L2CAP: Fix possible multiple reject send 2024-11-18 12:13:17 +01:00
bpf Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
bpfilter Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
bridge netfilter: nf_conntrack_bridge: initialize err to 0 2024-11-18 11:43:20 +01:00
caif Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
can can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) 2024-11-18 12:13:33 +01:00
ceph libceph: use kernel_connect() 2024-11-08 11:25:50 +01:00
core net: prevent mss overflow in skb_segment() 2024-11-18 12:13:39 +01:00
dcb Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dccp dccp/tcp: Call security_inet_conn_request() after setting IPv6 addresses. 2024-11-18 11:43:07 +01:00
decnet Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
dns_resolver keys, dns: Fix size check of V1 server-list header 2024-11-18 12:12:43 +01:00
dsa Backport mac80211 patches from linux-6.1.y 2024-06-15 16:29:20 -03:00
ethernet Backport mac80211 patches from linux-6.1.y 2024-06-15 16:29:20 -03:00
ethtool ethtool: netlink: Add missing ethnl_ops_begin/complete 2024-11-18 12:12:51 +01:00
hsr hsr: Avoid double remove of a node. 2024-11-18 22:25:35 +01:00
ieee802154 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ife net: sched: ife: fix potential use-after-free 2024-11-18 12:11:59 +01:00
ipv4 inet: read sk->sk_family once in inet_recv_error() 2024-11-18 12:13:25 +01:00
ipv6 Revert "ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim()" 2024-11-18 20:12:45 +01:00
iucv net/af_iucv: clean up a try_then_request_module() 2024-11-18 12:13:26 +01:00
kcm Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
key Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
l2tp Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
l3mdev Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
lapb Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
llc llc: call sock_orphan() at release time 2024-11-18 12:13:22 +01:00
mac80211 wifi: mac80211: fix race condition on enabling fast-xmit 2024-11-18 22:25:32 +01:00
mac802154 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mpls Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
mptcp mptcp: fix uninit-value in mptcp_incoming_options 2024-11-18 12:12:12 +01:00
ncm Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
ncsi net/ncsi: Fix netlink major/minor version numbers 2024-11-18 12:12:28 +01:00
netfilter netfilter: conntrack: check SCTP_CID_SHUTDOWN_ACK for vtag setting in sctp_new 2024-11-18 22:25:33 +01:00
netlabel calipso: fix memory leak in netlbl_calipso_add_pass() 2024-11-18 12:12:25 +01:00
netlink netlink: fix potential sleeping issue in mqueue_flush_file 2024-11-18 12:13:00 +01:00
netrom Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
nfc nfc: nci: free rx_data_reassembly skb on NCI device cleanup 2024-11-18 12:13:30 +01:00
nsh Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
openvswitch net: openvswitch: limit the number of recursions from action sets 2024-11-18 12:13:28 +01:00
packet packet: Move reference count in packet_sock to atomic_long_t 2024-11-18 12:11:42 +01:00
phonet Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
psample psample: Require 'CAP_NET_ADMIN' when joining "packets" group 2024-11-18 12:11:46 +01:00
qrtr Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
rds net/rds: Fix UBSAN: array-index-out-of-bounds in rds_cmsg_recv 2024-11-18 12:13:00 +01:00
rfkill net: rfkill: gpio: set GPIO direction 2024-11-18 12:12:01 +01:00
rose net/rose: fix races in rose_kill_by_device() 2024-11-18 12:11:59 +01:00
rxrpc rxrpc: Fix response to PING RESPONSE ACKs to a dead call 2024-11-18 12:13:25 +01:00
sched net: sched: em_text: fix possible memory leak in em_text_destroy() 2024-11-18 12:12:06 +01:00
sctp Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
skb_tracer Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
smc net/smc: fix illegal rmb_desc access in SMC-D connection dump 2024-11-18 12:12:59 +01:00
strparser Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
sunrpc SUNRPC: Fix a suspicious RCU usage warning 2024-11-18 12:13:10 +01:00
switchdev Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
tipc tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() 2024-11-18 12:13:25 +01:00
tls net: tls, update curr on splice as well 2024-11-18 12:12:08 +01:00
unix af_unix: fix lockdep positive in sk_diag_dump_icons() 2024-11-18 12:13:23 +01:00
vmw_vsock virtio/vsock: fix logic which reduces credit update messages 2024-11-18 12:12:37 +01:00
wimax Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
wireless wifi: cfg80211: fix missing interfaces when dumping 2024-11-18 22:25:32 +01:00
x25 Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xdp Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
xfrm Revert "xfrm: fix a data-race in xfrm_gen_index()" 2024-11-17 19:38:56 +01:00
compat.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
devres.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Kconfig Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
Makefile Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
socket.c net: Save and restore msg_namelen in sock_sendmsg 2024-11-18 12:12:07 +01:00
sysctl_net.c Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00
TEST_MAPPING Import A536BXXU9EXDC 2024-06-15 16:02:09 -03:00