| From 610f8c0fc8d46e0933955ce13af3d64484a4630a Mon Sep 17 00:00:00 2001 |
| From: Hristo Venev <hristo@venev.name> |
| Date: Mon, 12 Apr 2021 20:41:16 +0300 |
| Subject: net: sit: Unregister catch-all devices |
| |
| From: Hristo Venev <hristo@venev.name> |
| |
| commit 610f8c0fc8d46e0933955ce13af3d64484a4630a upstream. |
| |
| A sit interface created without a local or a remote address is linked |
| into the `sit_net::tunnels_wc` list of its original namespace. When |
| deleting a network namespace, delete the devices that have been moved. |
| |
| The following script triggers a null pointer dereference if devices |
| linked in a deleted `sit_net` remain: |
| |
| for i in `seq 1 30`; do |
| ip netns add ns-test |
| ip netns exec ns-test ip link add dev veth0 type veth peer veth1 |
| ip netns exec ns-test ip link add dev sit$i type sit dev veth0 |
| ip netns exec ns-test ip link set dev sit$i netns $$ |
| ip netns del ns-test |
| done |
| for i in `seq 1 30`; do |
| ip link del dev sit$i |
| done |
| |
| Fixes: 5e6700b3bf98f ("sit: add support of x-netns") |
| Signed-off-by: Hristo Venev <hristo@venev.name> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/ipv6/sit.c | 4 ++-- |
| 1 file changed, 2 insertions(+), 2 deletions(-) |
| |
| --- a/net/ipv6/sit.c |
| +++ b/net/ipv6/sit.c |
| @@ -1867,9 +1867,9 @@ static void __net_exit sit_destroy_tunne |
| if (dev->rtnl_link_ops == &sit_link_ops) |
| unregister_netdevice_queue(dev, head); |
| |
| - for (prio = 1; prio < 4; prio++) { |
| + for (prio = 0; prio < 4; prio++) { |
| int h; |
| - for (h = 0; h < IP6_SIT_HASH_SIZE; h++) { |
| + for (h = 0; h < (prio ? IP6_SIT_HASH_SIZE : 1); h++) { |
| struct ip_tunnel *t; |
| |
| t = rtnl_dereference(sitn->tunnels[prio][h]); |