From patchwork Tue Oct 25 15:54:01 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: [hardy,CVE,1/1] gre: fix netns vs proto registration ordering Date: Tue, 25 Oct 2011 05:54:01 -0000 From: Andy Whitcroft X-Patchwork-Id: 121725 Message-Id: <1319558042-29483-2-git-send-email-apw@canonical.com> To: kernel-team@lists.ubuntu.com Cc: Andy Whitcroft From: Alexey Dobriyan GRE protocol receive hook can be called right after protocol addition is done. If netns stuff is not yet initialized, we're going to oops in net_generic(). This is remotely oopsable if ip_gre is compiled as module and packet comes at unfortunate moment of module loading. Signed-off-by: Alexey Dobriyan Signed-off-by: David S. Miller (backport from commit c2892f02712e9516d72841d5c019ed6916329794) CVE-2011-1767 BugLink: http://bugs.launchpad.net/bugs/869213 Signed-off-by: Andy Whitcroft --- net/ipv4/ip_gre.c | 18 ++++++++++-------- 1 files changed, 10 insertions(+), 8 deletions(-) diff --git a/net/ipv4/ip_gre.c b/net/ipv4/ip_gre.c index 4b93f32..73da30a 100644 --- a/net/ipv4/ip_gre.c +++ b/net/ipv4/ip_gre.c @@ -1268,28 +1268,30 @@ static int __init ipgre_init(void) printk(KERN_INFO "GRE over IPv4 tunneling driver\n"); - if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) { - printk(KERN_INFO "ipgre init: can't add protocol\n"); - return -EAGAIN; - } - ipgre_fb_tunnel_dev = alloc_netdev(sizeof(struct ip_tunnel), "gre0", ipgre_tunnel_setup); if (!ipgre_fb_tunnel_dev) { err = -ENOMEM; - goto err1; + goto out;; } ipgre_fb_tunnel_dev->init = ipgre_fb_tunnel_init; if ((err = register_netdev(ipgre_fb_tunnel_dev))) + goto err1; + + if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) { + printk(KERN_INFO "ipgre init: can't add protocol\n"); + err = -EAGAIN; goto err2; + } + out: return err; err2: - free_netdev(ipgre_fb_tunnel_dev); + unregister_netdev(ipgre_fb_tunnel_dev); err1: - inet_del_protocol(&ipgre_protocol, IPPROTO_GRE); + free_netdev(ipgre_fb_tunnel_dev); goto out; }