[PATCH 0/1][SRU][B/C] ip6_gre: fix tunnel list corruption for x-netns

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[PATCH 0/1][SRU][B/C] ip6_gre: fix tunnel list corruption for x-netns

Seth Forshee
BugLink: https://bugs.launchpad.net/bugs/1812875

SRU Justification

Impact: A kernel panic is seen when using some third-party software.

Fix: Upstream commit ab5098fa25b9 ("ip6_gre: fix tunnel list corruption
for x-netns").

Test Case: Confirm that the panic no longer happens with the patch.

Regression Potential: This is a simple fix and suitable for upstream
stable, regressions are unlikely.

---

Olivier Matz (1):
  ip6_gre: fix tunnel list corruption for x-netns

 net/ipv6/ip6_gre.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

[PATCH 1/1][SRU][B/C] ip6_gre: fix tunnel list corruption for x-netns

Seth Forshee
From: Olivier Matz <[hidden email]>

BugLink: https://bugs.launchpad.net/bugs/1812875

In changelink ops, the ip6gre_net pointer is retrieved from
dev_net(dev), which is wrong in case of x-netns. Thus, the tunnel is not
unlinked from its current list and is relinked into another net
namespace. This corrupts the tunnel lists and can later trigger a kernel
oops.

Fix this by retrieving the netns from device private area.

Fixes: c8632fc30bb0 ("net: ip6_gre: Split up ip6gre_changelink()")
Cc: Petr Machata <[hidden email]>
Signed-off-by: Olivier Matz <[hidden email]>
Acked-by: Nicolas Dichtel <[hidden email]>
Signed-off-by: David S. Miller <[hidden email]>
(cherry picked from commit ab5098fa25b91cb6fe0a0676f17abb64f2bbf024)
Signed-off-by: Seth Forshee <[hidden email]>
---
 net/ipv6/ip6_gre.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/net/ipv6/ip6_gre.c b/net/ipv6/ip6_gre.c
index 14f66046bd72..17192f9443d5 100644
--- a/net/ipv6/ip6_gre.c
+++ b/net/ipv6/ip6_gre.c
@@ -1495,9 +1495,9 @@ static int ip6gre_changelink(struct net_device *dev, struct nlattr *tb[],
      struct nlattr *data[],
      struct netlink_ext_ack *extack)
 {
- struct ip6gre_net *ign = net_generic(dev_net(dev), ip6gre_net_id);
+ struct ip6_tnl *t = netdev_priv(dev);
+ struct ip6gre_net *ign = net_generic(t->net, ip6gre_net_id);
  struct __ip6_tnl_parm p;
- struct ip6_tnl *t;
 
  t = ip6gre_changelink_common(dev, tb, data, &p, extack);
  if (IS_ERR(t))
--
2.19.1


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [PATCH 0/1][SRU][B/C] ip6_gre: fix tunnel list corruption for x-netns

Colin Ian King-2
In reply to this post by Seth Forshee
On 30/01/2019 14:12, Seth Forshee wrote:

> BugLink: https://bugs.launchpad.net/bugs/1812875
>
> SRU Justification
>
> Impact: A kernel panic is seen when using some third-party software.
>
> Fix: Upstream commit ab5098fa25b9 ("ip6_gre: fix tunnel list corruption
> for x-netns").
>
> Test Case: Confirm that the panic no longer happens with the patch.
>
> Regression Potential: This is a simple fix and suitable for upstream
> stable, regressions are unlikely.
>
> ---
>
> Olivier Matz (1):
>   ip6_gre: fix tunnel list corruption for x-netns
>
>  net/ipv6/ip6_gre.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
>
clean cherry pick.

Acked-by: Colin Ian King <[hidden email]>


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

ACK: [PATCH 0/1][SRU][B/C] ip6_gre: fix tunnel list corruption for x-netns

Khaled Elmously
In reply to this post by Seth Forshee
On 2019-01-30 08:12:02 , Seth Forshee wrote:

> BugLink: https://bugs.launchpad.net/bugs/1812875
>
> SRU Justification
>
> Impact: A kernel panic is seen when using some third-party software.
>
> Fix: Upstream commit ab5098fa25b9 ("ip6_gre: fix tunnel list corruption
> for x-netns").
>
> Test Case: Confirm that the panic no longer happens with the patch.
>
> Regression Potential: This is a simple fix and suitable for upstream
> stable, regressions are unlikely.
>
> ---
>
> Olivier Matz (1):
>   ip6_gre: fix tunnel list corruption for x-netns
>
>  net/ipv6/ip6_gre.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
>

Acked-by: Khalid Elmously <[hidden email]>


--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team
Reply | Threaded
Open this post in threaded view
|

APPLIED: [PATCH 0/1][SRU][B/C] ip6_gre: fix tunnel list corruption for x-netns

Khaled Elmously
In reply to this post by Seth Forshee
On 2019-01-30 08:12:02 , Seth Forshee wrote:

> BugLink: https://bugs.launchpad.net/bugs/1812875
>
> SRU Justification
>
> Impact: A kernel panic is seen when using some third-party software.
>
> Fix: Upstream commit ab5098fa25b9 ("ip6_gre: fix tunnel list corruption
> for x-netns").
>
> Test Case: Confirm that the panic no longer happens with the patch.
>
> Regression Potential: This is a simple fix and suitable for upstream
> stable, regressions are unlikely.
>
> ---
>
> Olivier Matz (1):
>   ip6_gre: fix tunnel list corruption for x-netns
>
>  net/ipv6/ip6_gre.c | 4 ++--
>  1 file changed, 2 insertions(+), 2 deletions(-)
>
>
> --
> kernel-team mailing list
> [hidden email]
> https://lists.ubuntu.com/mailman/listinfo/kernel-team

--
kernel-team mailing list
[hidden email]
https://lists.ubuntu.com/mailman/listinfo/kernel-team