On Wed, 2015-12-02 at 23:38 -0500, David Miller wrote:
> From: Eric Dumazet
> Date: Sun, 29 Nov 2015 19:37:57 -0800
>
> > From: Eric Dumazet
> >
> > This patch addresses multiple problems :
> >
> > UDP/RAW sendmsg() need to get a stable struct ipv6_txoptions
> > while socket is not locked : Ot
From: Eric Dumazet
Date: Sun, 29 Nov 2015 19:37:57 -0800
> From: Eric Dumazet
>
> This patch addresses multiple problems :
>
> UDP/RAW sendmsg() need to get a stable struct ipv6_txoptions
> while socket is not locked : Other threads can change np->opt
> concurrently. Dmitry posted a syzkaller
On Tue, 2015-12-01 at 12:11 +0100, Hannes Frederic Sowa wrote:
> Hi Eric,
>
> On Mon, Nov 30, 2015, at 04:37, Eric Dumazet wrote:
> > - opt = xchg(&np->opt, NULL);
> > - if (opt)
> > - sock_kfree_s(sk, opt, opt->tot_len);
>
On Tue, Dec 1, 2015, at 14:05, Eric Dumazet wrote:
> On Tue, 2015-12-01 at 12:11 +0100, Hannes Frederic Sowa wrote:
> > Hi Eric,
> >
> > On Mon, Nov 30, 2015, at 04:37, Eric Dumazet wrote:
> > > - opt = xchg(&np->opt, NULL);
> > > - if (opt)
> > > -
Hi Eric,
On Mon, Nov 30, 2015, at 04:37, Eric Dumazet wrote:
> - opt = xchg(&np->opt, NULL);
> - if (opt)
> - sock_kfree_s(sk, opt, opt->tot_len);
> + opt = xchg((__force struct ipv6_txoptions
> **)&np-
From: Eric Dumazet
This patch addresses multiple problems :
UDP/RAW sendmsg() need to get a stable struct ipv6_txoptions
while socket is not locked : Other threads can change np->opt
concurrently. Dmitry posted a syzkaller
(http://github.com/google/syzkaller) program desmonstrating
use-after-fre
