[linux] 02/02: Fix bugs in ipv6 peer address cleanup (Closes: #854348)
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Wed Apr 19 22:18:53 UTC 2017
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch jessie
in repository linux.
commit 54da251f8a5db9b4094297bc20b74cce8be72f89
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Wed Apr 19 23:17:20 2017 +0100
Fix bugs in ipv6 peer address cleanup (Closes: #854348)
- ipv6: fix a refcnt leak with peer addr
- ipv6: use addrconf_get_prefix_route() to remove peer addr
---
debian/changelog | 3 ++
.../ipv6-fix-a-refcnt-leak-with-peer-addr.patch | 37 ++++++++++++++++++++++
...drconf_get_prefix_route-to-remove-peer-ad.patch | 30 ++++++++++++++++++
debian/patches/series | 2 ++
4 files changed, 72 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 1f0bd47..0d08980 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -609,6 +609,9 @@ linux (3.16.43-1) UNRELEASED; urgency=medium
* USB: iowarrior: fix NULL-deref at probe (CVE-2016-2188)
* ixgbe: do not call check_link for ethtool in ixgbe_get_settings()
(Closes: #851952)
+ * Fix bugs in ipv6 peer address cleanup (Closes: #854348):
+ - ipv6: fix a refcnt leak with peer addr
+ - ipv6: use addrconf_get_prefix_route() to remove peer addr
[ Salvatore Bonaccorso ]
* sunrpc: fix refcounting problems with auth_gss messages.
diff --git a/debian/patches/bugfix/all/ipv6-fix-a-refcnt-leak-with-peer-addr.patch b/debian/patches/bugfix/all/ipv6-fix-a-refcnt-leak-with-peer-addr.patch
new file mode 100644
index 0000000..6f42fe1
--- /dev/null
+++ b/debian/patches/bugfix/all/ipv6-fix-a-refcnt-leak-with-peer-addr.patch
@@ -0,0 +1,37 @@
+From: Nicolas Dichtel <nicolas.dichtel at 6wind.com>
+Date: Wed, 3 Sep 2014 23:59:21 +0200
+Subject: ipv6: fix a refcnt leak with peer addr
+Origin: https://git.kernel.org/linus/f24062b07dda89b0e24fa48e7bc3865a725f5ee6
+Bug-Debian: https://bugs.debian.org/854348
+
+There is no reason to take a refcnt before deleting the peer address route.
+It's done some lines below for the local prefix route because
+inet6_ifa_finish_destroy() will release it at the end.
+For the peer address route, we want to free it right now.
+
+This bug has been introduced by commit
+caeaba79009c ("ipv6: add support of peer address").
+
+Signed-off-by: Nicolas Dichtel <nicolas.dichtel at 6wind.com>
+Acked-by: Hannes Frederic Sowa <hannes at stressinduktion.org>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ net/ipv6/addrconf.c | 7 ++-----
+ 1 file changed, 2 insertions(+), 5 deletions(-)
+
+--- a/net/ipv6/addrconf.c
++++ b/net/ipv6/addrconf.c
+@@ -4750,11 +4750,8 @@ static void __ipv6_ifa_notify(int event,
+
+ rt = rt6_lookup(dev_net(dev), &ifp->peer_addr, NULL,
+ dev->ifindex, 1);
+- if (rt) {
+- dst_hold(&rt->dst);
+- if (ip6_del_rt(rt))
+- dst_free(&rt->dst);
+- }
++ if (rt && ip6_del_rt(rt))
++ dst_free(&rt->dst);
+ }
+ dst_hold(&ifp->rt->dst);
+
diff --git a/debian/patches/bugfix/all/ipv6-use-addrconf_get_prefix_route-to-remove-peer-ad.patch b/debian/patches/bugfix/all/ipv6-use-addrconf_get_prefix_route-to-remove-peer-ad.patch
new file mode 100644
index 0000000..6c3cdd9
--- /dev/null
+++ b/debian/patches/bugfix/all/ipv6-use-addrconf_get_prefix_route-to-remove-peer-ad.patch
@@ -0,0 +1,30 @@
+From: Nicolas Dichtel <nicolas.dichtel at 6wind.com>
+Date: Wed, 3 Sep 2014 23:59:22 +0200
+Subject: ipv6: use addrconf_get_prefix_route() to remove peer addr
+Origin: https://git.kernel.org/linus/e7478dfc4656f4a739ed1b07cfd59c12f8eb112e
+Bug-Debian: https://bugs.debian.org/854348
+
+addrconf_get_prefix_route() ensures to get the right route in the right table.
+
+Signed-off-by: Nicolas Dichtel <nicolas.dichtel at 6wind.com>
+Acked-by: Hannes Frederic Sowa <hannes at stressinduktion.org>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ net/ipv6/addrconf.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+--- a/net/ipv6/addrconf.c
++++ b/net/ipv6/addrconf.c
+@@ -4746,10 +4746,9 @@ static void __ipv6_ifa_notify(int event,
+ addrconf_leave_solict(ifp->idev, &ifp->addr);
+ if (!ipv6_addr_any(&ifp->peer_addr)) {
+ struct rt6_info *rt;
+- struct net_device *dev = ifp->idev->dev;
+
+- rt = rt6_lookup(dev_net(dev), &ifp->peer_addr, NULL,
+- dev->ifindex, 1);
++ rt = addrconf_get_prefix_route(&ifp->peer_addr, 128,
++ ifp->idev->dev, 0, 0);
+ if (rt && ip6_del_rt(rt))
+ dst_free(&rt->dst);
+ }
diff --git a/debian/patches/series b/debian/patches/series
index c72f796..be1eee5 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -246,6 +246,8 @@ bugfix/all/locking-mutex-don-t-assume-task_running.patch
bugfix/all/SUNRPC-fix-refcounting-problems-with-auth_gss-messag.patch
bugfix/all/ext4-fix-fencepost-in-s_first_meta_bg-validation.patch
bugfix/all/ixgbe-do-not-call-check_link-for-ethtool-in-ixgbe_ge.patch
+bugfix/all/ipv6-fix-a-refcnt-leak-with-peer-addr.patch
+bugfix/all/ipv6-use-addrconf_get_prefix_route-to-remove-peer-ad.patch
# memfd_create() & kdbus backport
features/all/kdbus/mm-allow-drivers-to-prevent-new-writable-mappings.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list