[4.9,20/37] net: sit: Unregister catch-all devices

Message ID	20210426072817.942653452@linuxfoundation.org
State	New
Headers	show Return-Path: <stable-owner@kernel.org> From: Greg Kroah-Hartman <gregkh@linuxfoundation.org> To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>, stable@vger.kernel.org, Hristo Venev <hristo@venev.name>, "David S. Miller" <davem@davemloft.net> Subject: [PATCH 4.9 20/37] net: sit: Unregister catch-all devices Date: Mon, 26 Apr 2021 09:29:21 +0200 Message-Id: <20210426072817.942653452@linuxfoundation.org> In-Reply-To: <20210426072817.245304364@linuxfoundation.org> References: <20210426072817.245304364@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk
Series	None \| expand [4.9,03/37] dmaengine: dw: Make it dependent to HAS_IOMEM [4.9,06/37] neighbour: Disregard DEAD dst in neigh_update [4.9,07/37] ARM: keystone: fix integer overflow warning [4.9,08/37] ASoC: fsl_esai: Fix TDM slot setup for I2S mode [4.9,10/37] net: ieee802154: stop dump llsec devs for monitors [4.9,12/37] net: ieee802154: stop dump llsec devkeys for monitors [4.9,14/37] net: ieee802154: stop dump llsec seclevels for monitors [4.9,17/37] Input: i8042 - fix Pegatron C15B ID entry [4.9,18/37] scsi: libsas: Reset num_scatter if libata marks qc as NODATA [4.9,19/37] net: davicom: Fix regulator not turned off on failed probe [4.9,20/37] net: sit: Unregister catch-all devices [4.9,23/37] usbip: Fix incorrect double assignment to udc->ud.tcp_rx [4.9,26/37] usbip: vudc synchronize sysfs code paths [4.9,28/37] net: hso: fix null-ptr-deref during tty device unregistration [4.9,30/37] HID: alps: fix error return code in alps_input_configured() [4.9,34/37] cavium/liquidio: Fix duplicate argument [4.9,35/37] ia64: fix discontig.c section mismatches

Message ID

20210426072817.942653452@linuxfoundation.org

State

New

Headers

From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	stable@vger.kernel.org, Hristo Venev <hristo@venev.name>,
	"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.9 20/37] net: sit: Unregister catch-all devices
Date: Mon, 26 Apr 2021 09:29:21 +0200
Message-Id: <20210426072817.942653452@linuxfoundation.org>
In-Reply-To: <20210426072817.245304364@linuxfoundation.org>
References: <20210426072817.245304364@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Precedence: bulk

Series

None | expand

Commit Message

Greg KH April 26, 2021, 7:29 a.m. UTC

From: Hristo Venev <hristo@venev.name>

commit 610f8c0fc8d46e0933955ce13af3d64484a4630a upstream.

A sit interface created without a local or a remote address is linked
into the `sit_net::tunnels_wc` list of its original namespace. When
deleting a network namespace, delete the devices that have been moved.

The following script triggers a null pointer dereference if devices
linked in a deleted `sit_net` remain:

    for i in `seq 1 30`; do
        ip netns add ns-test
        ip netns exec ns-test ip link add dev veth0 type veth peer veth1
        ip netns exec ns-test ip link add dev sit$i type sit dev veth0
        ip netns exec ns-test ip link set dev sit$i netns $$
        ip netns del ns-test
    done
    for i in `seq 1 30`; do
        ip link del dev sit$i
    done

Fixes: 5e6700b3bf98f ("sit: add support of x-netns")
Signed-off-by: Hristo Venev <hristo@venev.name>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/ipv6/sit.c |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

--- a/net/ipv6/sit.c
+++ b/net/ipv6/sit.c
@@ -1799,9 +1799,9 @@  static void __net_exit sit_destroy_tunne
 		if (dev->rtnl_link_ops == &sit_link_ops)
 			unregister_netdevice_queue(dev, head);
 
-	for (prio = 1; prio < 4; prio++) {
+	for (prio = 0; prio < 4; prio++) {
 		int h;
-		for (h = 0; h < IP6_SIT_HASH_SIZE; h++) {
+		for (h = 0; h < (prio ? IP6_SIT_HASH_SIZE : 1); h++) {
 			struct ip_tunnel *t;
 
 			t = rtnl_dereference(sitn->tunnels[prio][h]);

[4.9,20/37] net: sit: Unregister catch-all devices

Commit Message

Patch