diff options
| author | Ben Hutchings <ben@decadent.org.uk> | 2019-08-01 18:46:40 +0100 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2019-08-01 18:46:40 +0100 |
| commit | f372ef8ab96a0b3c32d445ec7e4c3fdd9b5dca79 (patch) | |
| tree | ed4b8e4b14ac6f1eec8aa05e8acc1a734ba78781 | |
| parent | 52c5c6a27046163299a7595a19a9bedb1d0ba112 (diff) | |
| download | linux-stable-queue-f372ef8ab96a0b3c32d445ec7e4c3fdd9b5dca79.tar.gz | |
Add ipv6 fix requested for stable
| -rw-r--r-- | queue-3.16/ipv6-check-sk-sk_type-and-protocol-early-in-ip_mroute_set-getsockopt.patch | 60 | ||||
| -rw-r--r-- | queue-3.16/series | 1 |
2 files changed, 61 insertions, 0 deletions
diff --git a/queue-3.16/ipv6-check-sk-sk_type-and-protocol-early-in-ip_mroute_set-getsockopt.patch b/queue-3.16/ipv6-check-sk-sk_type-and-protocol-early-in-ip_mroute_set-getsockopt.patch new file mode 100644 index 00000000..857e7287 --- /dev/null +++ b/queue-3.16/ipv6-check-sk-sk_type-and-protocol-early-in-ip_mroute_set-getsockopt.patch @@ -0,0 +1,60 @@ +From: Xin Long <lucien.xin@gmail.com> +Date: Fri, 24 Feb 2017 16:29:06 +0800 +Subject: ipv6: check sk sk_type and protocol early in ip_mroute_set/getsockopt + +commit 99253eb750fda6a644d5188fb26c43bad8d5a745 upstream. + +Commit 5e1859fbcc3c ("ipv4: ipmr: various fixes and cleanups") fixed +the issue for ipv4 ipmr: + + ip_mroute_setsockopt() & ip_mroute_getsockopt() should not + access/set raw_sk(sk)->ipmr_table before making sure the socket + is a raw socket, and protocol is IGMP + +The same fix should be done for ipv6 ipmr as well. + +This patch can fix the panic caused by overwriting the same offset +as ipmr_table as in raw_sk(sk) when accessing other type's socket +by ip_mroute_setsockopt(). + +Signed-off-by: Xin Long <lucien.xin@gmail.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Ben Hutchings <ben@decadent.org.uk> +--- + net/ipv6/ip6mr.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +--- a/net/ipv6/ip6mr.c ++++ b/net/ipv6/ip6mr.c +@@ -1662,6 +1662,10 @@ int ip6_mroute_setsockopt(struct sock *s + struct net *net = sock_net(sk); + struct mr6_table *mrt; + ++ if (sk->sk_type != SOCK_RAW || ++ inet_sk(sk)->inet_num != IPPROTO_ICMPV6) ++ return -EOPNOTSUPP; ++ + mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT); + if (mrt == NULL) + return -ENOENT; +@@ -1673,9 +1677,6 @@ int ip6_mroute_setsockopt(struct sock *s + + switch (optname) { + case MRT6_INIT: +- if (sk->sk_type != SOCK_RAW || +- inet_sk(sk)->inet_num != IPPROTO_ICMPV6) +- return -EOPNOTSUPP; + if (optlen < sizeof(int)) + return -EINVAL; + +@@ -1812,6 +1813,10 @@ int ip6_mroute_getsockopt(struct sock *s + struct net *net = sock_net(sk); + struct mr6_table *mrt; + ++ if (sk->sk_type != SOCK_RAW || ++ inet_sk(sk)->inet_num != IPPROTO_ICMPV6) ++ return -EOPNOTSUPP; ++ + mrt = ip6mr_get_table(net, raw6_sk(sk)->ip6mr_table ? : RT6_TABLE_DFLT); + if (mrt == NULL) + return -ENOENT; diff --git a/queue-3.16/series b/queue-3.16/series new file mode 100644 index 00000000..4b843b8a --- /dev/null +++ b/queue-3.16/series @@ -0,0 +1 @@ +ipv6-check-sk-sk_type-and-protocol-early-in-ip_mroute_set-getsockopt.patch |