[linux] 02/02: Fix bugs in ipv6 peer address cleanup (Closes: #854348)

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Wed Apr 19 22:18:53 UTC 2017 

This is an automated email from the git hooks/post-receive script.

benh pushed a commit to branch jessie
in repository linux.

commit 54da251f8a5db9b4094297bc20b74cce8be72f89
Author: Ben Hutchings <ben at decadent.org.uk>
Date:   Wed Apr 19 23:17:20 2017 +0100

    Fix bugs in ipv6 peer address cleanup (Closes: #854348)
    
    - ipv6: fix a refcnt leak with peer addr
    - ipv6: use addrconf_get_prefix_route() to remove peer addr
---
 debian/changelog                                   |  3 ++
 .../ipv6-fix-a-refcnt-leak-with-peer-addr.patch    | 37 ++++++++++++++++++++++
 ...drconf_get_prefix_route-to-remove-peer-ad.patch | 30 ++++++++++++++++++
 debian/patches/series                              |  2 ++
 4 files changed, 72 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 1f0bd47..0d08980 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -609,6 +609,9 @@ linux (3.16.43-1) UNRELEASED; urgency=medium
   * USB: iowarrior: fix NULL-deref at probe (CVE-2016-2188)
   * ixgbe: do not call check_link for ethtool in ixgbe_get_settings()
     (Closes: #851952)
+  * Fix bugs in ipv6 peer address cleanup (Closes: #854348):
+    - ipv6: fix a refcnt leak with peer addr
+    - ipv6: use addrconf_get_prefix_route() to remove peer addr
 
   [ Salvatore Bonaccorso ]
   * sunrpc: fix refcounting problems with auth_gss messages.
diff --git a/debian/patches/bugfix/all/ipv6-fix-a-refcnt-leak-with-peer-addr.patch b/debian/patches/bugfix/all/ipv6-fix-a-refcnt-leak-with-peer-addr.patch
new file mode 100644
index 0000000..6f42fe1
--- /dev/null
+++ b/debian/patches/bugfix/all/ipv6-fix-a-refcnt-leak-with-peer-addr.patch
@@ -0,0 +1,37 @@
+From: Nicolas Dichtel <nicolas.dichtel at 6wind.com>
+Date: Wed, 3 Sep 2014 23:59:21 +0200
+Subject: ipv6: fix a refcnt leak with peer addr
+Origin: https://git.kernel.org/linus/f24062b07dda89b0e24fa48e7bc3865a725f5ee6
+Bug-Debian: https://bugs.debian.org/854348
+
+There is no reason to take a refcnt before deleting the peer address route.
+It's done some lines below for the local prefix route because
+inet6_ifa_finish_destroy() will release it at the end.
+For the peer address route, we want to free it right now.
+
+This bug has been introduced by commit
+caeaba79009c ("ipv6: add support of peer address").
+
+Signed-off-by: Nicolas Dichtel <nicolas.dichtel at 6wind.com>
+Acked-by: Hannes Frederic Sowa <hannes at stressinduktion.org>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ net/ipv6/addrconf.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+--- a/net/ipv6/addrconf.c
++++ b/net/ipv6/addrconf.c
+@@ -4750,11 +4750,8 @@ static void __ipv6_ifa_notify(int event,
+ 
+ 			rt = rt6_lookup(dev_net(dev), &ifp->peer_addr, NULL,
+ 					dev->ifindex, 1);
+-			if (rt) {
+-				dst_hold(&rt->dst);
+-				if (ip6_del_rt(rt))
+-					dst_free(&rt->dst);
+-			}
++			if (rt && ip6_del_rt(rt))
++				dst_free(&rt->dst);
+ 		}
+ 		dst_hold(&ifp->rt->dst);
+ 
diff --git a/debian/patches/bugfix/all/ipv6-use-addrconf_get_prefix_route-to-remove-peer-ad.patch b/debian/patches/bugfix/all/ipv6-use-addrconf_get_prefix_route-to-remove-peer-ad.patch
new file mode 100644
index 0000000..6c3cdd9
--- /dev/null
+++ b/debian/patches/bugfix/all/ipv6-use-addrconf_get_prefix_route-to-remove-peer-ad.patch
@@ -0,0 +1,30 @@
+From: Nicolas Dichtel <nicolas.dichtel at 6wind.com>
+Date: Wed, 3 Sep 2014 23:59:22 +0200
+Subject: ipv6: use addrconf_get_prefix_route() to remove peer addr
+Origin: https://git.kernel.org/linus/e7478dfc4656f4a739ed1b07cfd59c12f8eb112e
+Bug-Debian: https://bugs.debian.org/854348
+
+addrconf_get_prefix_route() ensures to get the right route in the right table.
+
+Signed-off-by: Nicolas Dichtel <nicolas.dichtel at 6wind.com>
+Acked-by: Hannes Frederic Sowa <hannes at stressinduktion.org>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ net/ipv6/addrconf.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/net/ipv6/addrconf.c
++++ b/net/ipv6/addrconf.c
+@@ -4746,10 +4746,9 @@ static void __ipv6_ifa_notify(int event,
+ 		addrconf_leave_solict(ifp->idev, &ifp->addr);
+ 		if (!ipv6_addr_any(&ifp->peer_addr)) {
+ 			struct rt6_info *rt;
+-			struct net_device *dev = ifp->idev->dev;
+ 
+-			rt = rt6_lookup(dev_net(dev), &ifp->peer_addr, NULL,
+-					dev->ifindex, 1);
++			rt = addrconf_get_prefix_route(&ifp->peer_addr, 128,
++						       ifp->idev->dev, 0, 0);
+ 			if (rt && ip6_del_rt(rt))
+ 				dst_free(&rt->dst);
+ 		}
diff --git a/debian/patches/series b/debian/patches/series
index c72f796..be1eee5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -246,6 +246,8 @@ bugfix/all/locking-mutex-don-t-assume-task_running.patch
 bugfix/all/SUNRPC-fix-refcounting-problems-with-auth_gss-messag.patch
 bugfix/all/ext4-fix-fencepost-in-s_first_meta_bg-validation.patch
 bugfix/all/ixgbe-do-not-call-check_link-for-ethtool-in-ixgbe_ge.patch
+bugfix/all/ipv6-fix-a-refcnt-leak-with-peer-addr.patch
+bugfix/all/ipv6-use-addrconf_get_prefix_route-to-remove-peer-ad.patch
 
 # memfd_create() & kdbus backport
 features/all/kdbus/mm-allow-drivers-to-prevent-new-writable-mappings.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list