1
linux/net
Patrick McHardy 0a9c730144 [INET_DIAG]: Fix oops in netlink_rcv_skb
netlink_run_queue() doesn't handle multiple processes processing the
queue concurrently. Serialize queue processing in inet_diag to fix
a oops in netlink_rcv_skb caused by netlink_run_queue passing a
NULL for the skb.

BUG: unable to handle kernel NULL pointer dereference at virtual address 00000054
[349587.500454]  printing eip:
[349587.500457] c03318ae
[349587.500459] *pde = 00000000
[349587.500464] Oops: 0000 [#1]
[349587.500466] PREEMPT SMP
[349587.500474] Modules linked in: w83627hf hwmon_vid i2c_isa
[349587.500483] CPU:    0
[349587.500485] EIP:    0060:[<c03318ae>]    Not tainted VLI
[349587.500487] EFLAGS: 00010246   (2.6.22.3 #1)
[349587.500499] EIP is at netlink_rcv_skb+0xa/0x7e
[349587.500506] eax: 00000000   ebx: 00000000   ecx: c148d2a0   edx: c0398819
[349587.500510] esi: 00000000   edi: c0398819   ebp: c7a21c8c   esp: c7a21c80
[349587.500517] ds: 007b   es: 007b   fs: 00d8  gs: 0033  ss: 0068
[349587.500521] Process oidentd (pid: 17943, ti=c7a20000 task=cee231c0 task.ti=c7a20000)
[349587.500527] Stack: 00000000 c7a21cac f7c8ba78 c7a21ca4 c0331962 c0398819 f7c8ba00 0000004c
[349587.500542]        f736f000 c7a21cb4 c03988e3 00000001 f7c8ba00 c7a21cc4 c03312a5 0000004c
[349587.500558]        f7c8ba00 c7a21cd4 c0330681 f7c8ba00 e4695280 c7a21d00 c03307c6 7fffffff
[349587.500578] Call Trace:
[349587.500581]  [<c010361a>] show_trace_log_lvl+0x1c/0x33
[349587.500591]  [<c01036d4>] show_stack_log_lvl+0x8d/0xaa
[349587.500595]  [<c010390e>] show_registers+0x1cb/0x321
[349587.500604]  [<c0103bff>] die+0x112/0x1e1
[349587.500607]  [<c01132d2>] do_page_fault+0x229/0x565
[349587.500618]  [<c03c8d3a>] error_code+0x72/0x78
[349587.500625]  [<c0331962>] netlink_run_queue+0x40/0x76
[349587.500632]  [<c03988e3>] inet_diag_rcv+0x1f/0x2c
[349587.500639]  [<c03312a5>] netlink_data_ready+0x57/0x59
[349587.500643]  [<c0330681>] netlink_sendskb+0x24/0x45
[349587.500651]  [<c03307c6>] netlink_unicast+0x100/0x116
[349587.500656]  [<c0330f83>] netlink_sendmsg+0x1c2/0x280
[349587.500664]  [<c02fcce9>] sock_sendmsg+0xba/0xd5
[349587.500671]  [<c02fe4d1>] sys_sendmsg+0x17b/0x1e8
[349587.500676]  [<c02fe92d>] sys_socketcall+0x230/0x24d
[349587.500684]  [<c01028d2>] syscall_call+0x7/0xb
[349587.500691]  =======================
[349587.500693] Code: f0 ff 4e 18 0f 94 c0 84 c0 0f 84 66 ff ff ff 89 f0 e8 86 e2 fc ff e9 5a ff ff ff f0 ff 40 10 eb be 55 89 e5 57 89 d7 56 89 c6 53 <8b> 50 54 83 fa 10 72 55 8b 9e 9c 00 00 00 31 c9 8b 03 83 f8 0f

Reported by Athanasius <link@miggy.org>

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
2007-09-11 11:33:28 +02:00
..
9p 9p: fix bad error path in conversion routines 2007-08-23 10:25:05 -05:00
802 [SNAP]: Check packet length before reading 2007-08-21 20:58:13 -07:00
8021q [VLAN/BRIDGE]: Fix "skb_pull_rcsum - Fatal exception in interrupt" 2007-08-26 18:35:47 -07:00
appletalk [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
atm [ATM]: Clean up duplicate includes in net/atm/ 2007-08-13 22:52:01 -07:00
ax25 [AX25]: don't free pointers to statically allocated data 2007-08-14 17:24:05 -07:00
bluetooth [Bluetooth] Fix parameter list for event filter command 2007-09-09 08:39:49 +02:00
bridge [NETFILTER]: Fix/improve deadlock condition on module removal netfilter 2007-09-11 11:28:26 +02:00
core [NET]: Do not dereference iov if length is zero 2007-09-11 10:29:07 +02:00
dccp [DCCP]: Allocation in atomic context 2007-08-21 20:58:06 -07:00
decnet [DECNET]: Fix interface address listing regression. 2007-09-11 10:45:15 +02:00
econet [ECONET]: remove econet_packet_type on unload 2007-08-14 17:25:20 -07:00
ethernet [ETH]: Validate address in eth_mac_addr 2007-07-11 19:41:18 -07:00
ieee80211 [PATCH] softmac: Fix deadlock of wx_set_essid with assoc work 2007-08-06 15:06:03 -04:00
ipv4 [INET_DIAG]: Fix oops in netlink_rcv_skb 2007-09-11 11:33:28 +02:00
ipv6 [IPv6]: Fix NULL pointer dereference in ip6_flush_pending_frames 2007-09-11 11:31:43 +02:00
ipx [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
irda [IRDA] irda_nl_get_mode: always results in failure 2007-08-21 21:23:39 -07:00
iucv [S390] Convert to smp_call_function_single. 2007-07-27 12:29:17 +02:00
key [PF_KEY]: Fix ipsec not working in 2.6.23-rc1-git10 2007-08-02 19:42:29 -07:00
lapb [PATCH] remove many unneeded #includes of sched.h 2007-02-14 08:09:54 -08:00
llc [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
mac80211 [PATCH] mac80211: probe for hidden SSIDs in pre-auth scan 2007-08-14 16:48:23 -04:00
netfilter [NETFILTER]: Fix/improve deadlock condition on module removal netfilter 2007-09-11 11:28:26 +02:00
netlabel [NetLabel]: add missing rcu_dereference() calls in the LSM domain mapping hash table 2007-08-07 17:53:10 -07:00
netlink [GENETLINK]: Correctly report errors while registering a multicast group 2007-07-24 15:34:53 -07:00
netrom [NET] NETROM: Fix whitespace errors. 2007-07-19 10:44:32 +09:00
packet [NET] PACKET: Fix whitespace errors. 2007-07-19 10:44:35 +09:00
rfkill [NET] RFKILL: Fix whitespace errors. 2007-07-19 10:44:38 +09:00
rose [NET] ROSE: Fix whitespace errors. 2007-07-19 10:44:40 +09:00
rxrpc net/* misc endianness annotations 2007-07-26 11:11:56 -07:00
sched [NET_SCHED] sch_prio.c: remove duplicate call of tc_classify() 2007-08-30 22:35:46 -07:00
sctp SCTP: Fix to handle invalid parameter length correctly 2007-08-30 16:44:27 -04:00
sunrpc [SUNRPC]: Clean up duplicate includes in net/sunrpc/ 2007-08-13 22:52:05 -07:00
tipc [TIPC]: Clean up duplicate includes in net/tipc/ 2007-08-13 22:52:07 -07:00
unix [AF_UNIX]: Make code static. 2007-07-31 02:28:27 -07:00
wanrouter [NET]: Removal of duplicated include net/wanrouter/wanmain.c 2007-08-02 19:42:22 -07:00
wireless [PATCH] cfg80211: Radiotap parser 2007-07-12 16:07:24 -04:00
x25 [NET]: Make all initialized struct seq_operations const. 2007-07-10 23:07:31 -07:00
xfrm [XFRM]: Clean up duplicate includes in net/xfrm/ 2007-08-13 22:52:08 -07:00
compat.c O_CLOEXEC for SCM_RIGHTS 2007-07-16 09:05:45 -07:00
Kconfig 9p: Reorganization of 9p file system code 2007-07-14 15:13:40 -05:00
Makefile 9p: Reorganization of 9p file system code 2007-07-14 15:13:40 -05:00
nonet.c
socket.c [NET]: Fix unbalanced rcu_read_unlock in __sock_create 2007-08-15 14:46:02 -07:00
sysctl_net.c
TUNABLE