Skip to content
Snippets Groups Projects
Commit 4ddc7142 authored by josh_hsu's avatar josh_hsu Committed by Carol_Jiang
Browse files

anthias: security: net patch for CVE-2016-3841

pv6: add complete rcu protection around np->opt
This patch addresses multiple problems :

UDP/RAW sendmsg() need to get a stable struct ipv6_txoptions
while socket is not locked : Other threads can change np->opt
concurrently. Dmitry posted a syzkaller
(http://github.com/google/syzkaller) program desmonstrating
use-after-free.

Starting with TCP/DCCP lockless listeners, tcp_v6_syn_recv_sock()
and dccp_v6_request_recv_sock() also need to use RCU protection
to dereference np->opt once (before calling ipv6_dup_options())

This patch adds full RCU protection to np->opt

Change-Id: I93a999026e0f95d2ae0cc03948d2cfff6e62a2d5
Reviewed-on: http://mcrd1-22-pc.corpnet.asus/code-review/master/249052


Tested-by: default avatarCarol_Jiang <carol_jiang@asus.com>
Reviewed-by: default avatarCarol_Jiang <carol_jiang@asus.com>
parent 79821687
No related merge requests found
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment