| Message ID | 20210412174117.299570-1-hristo@venev.name |
|---|---|
| State | New |
| Headers | show |
| Series | [1/2] net: sit: Unregister catch-all devices | expand |
Hello: This series was applied to netdev/net.git (refs/heads/master): On Mon, 12 Apr 2021 20:41:16 +0300 you wrote: > A sit interface created without a local or a remote address is linked > into the `sit_net::tunnels_wc` list of its original namespace. When > deleting a network namespace, delete the devices that have been moved. > > The following script triggers a null pointer dereference if devices > linked in a deleted `sit_net` remain: > > [...] Here is the summary with links: - [1/2] net: sit: Unregister catch-all devices https://git.kernel.org/netdev/net/c/610f8c0fc8d4 - [2/2] net: ip6_tunnel: Unregister catch-all devices https://git.kernel.org/netdev/net/c/941ea91e87a6 You are awesome, thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/patchwork/pwbot.html
Le 12/04/2021 à 19:41, Hristo Venev a écrit : > A sit interface created without a local or a remote address is linked > into the `sit_net::tunnels_wc` list of its original namespace. When > deleting a network namespace, delete the devices that have been moved. > > The following script triggers a null pointer dereference if devices > linked in a deleted `sit_net` remain: > > for i in `seq 1 30`; do > ip netns add ns-test > ip netns exec ns-test ip link add dev veth0 type veth peer veth1 > ip netns exec ns-test ip link add dev sit$i type sit dev veth0 > ip netns exec ns-test ip link set dev sit$i netns $$ > ip netns del ns-test > done > for i in `seq 1 30`; do > ip link del dev sit$i > done > > Fixes: 5e6700b3bf98f ("sit: add support of x-netns") > Signed-off-by: Hristo Venev <hristo@venev.name> Thank you for your patches. Please, think of putting original author in CC when you send a fix ;-) Regards, Nicolas
diff --git a/net/ipv6/sit.c b/net/ipv6/sit.c index 63ccd9f2dccc..9fdccf0718b5 100644 --- a/net/ipv6/sit.c +++ b/net/ipv6/sit.c @@ -1867,9 +1867,9 @@ static void __net_exit sit_destroy_tunnels(struct net *net, if (dev->rtnl_link_ops == &sit_link_ops) unregister_netdevice_queue(dev, head); - for (prio = 1; prio < 4; prio++) { + for (prio = 0; prio < 4; prio++) { int h; - for (h = 0; h < IP6_SIT_HASH_SIZE; h++) { + for (h = 0; h < (prio ? IP6_SIT_HASH_SIZE : 1); h++) { struct ip_tunnel *t; t = rtnl_dereference(sitn->tunnels[prio][h]);
A sit interface created without a local or a remote address is linked into the `sit_net::tunnels_wc` list of its original namespace. When deleting a network namespace, delete the devices that have been moved. The following script triggers a null pointer dereference if devices linked in a deleted `sit_net` remain: for i in `seq 1 30`; do ip netns add ns-test ip netns exec ns-test ip link add dev veth0 type veth peer veth1 ip netns exec ns-test ip link add dev sit$i type sit dev veth0 ip netns exec ns-test ip link set dev sit$i netns $$ ip netns del ns-test done for i in `seq 1 30`; do ip link del dev sit$i done Fixes: 5e6700b3bf98f ("sit: add support of x-netns") Signed-off-by: Hristo Venev <hristo@venev.name> --- net/ipv6/sit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)