diff options
author | Jeremy Cline <jcline@redhat.com> | 2019-06-06 19:28:32 +0000 |
---|---|---|
committer | Jeremy Cline <jcline@redhat.com> | 2019-06-06 19:28:32 +0000 |
commit | 3a1608e7da51502735ea72165edfb1ace1b16d10 (patch) | |
tree | 3aeb028f19922b61ac28074221f12e8635cd17b7 | |
parent | b25e1037bf38886f5569497df579da634e3f072d (diff) | |
download | kernel-3a1608e7da51502735ea72165edfb1ace1b16d10.tar.gz kernel-3a1608e7da51502735ea72165edfb1ace1b16d10.tar.xz kernel-3a1608e7da51502735ea72165edfb1ace1b16d10.zip |
Fix an issue with the IPv6 neighbor table (rhbz 1708717)
-rw-r--r-- | kernel.spec | 4 | ||||
-rw-r--r-- | neighbor-Reset-gc_entries-counter-if-new-entry-is-re.patch | 41 |
2 files changed, 45 insertions, 0 deletions
diff --git a/kernel.spec b/kernel.spec index 7f01feea8..1cab087da 100644 --- a/kernel.spec +++ b/kernel.spec @@ -616,6 +616,9 @@ Patch535: wcd9335-fix-a-incorrect-use-of-kstrndup.patch # CVE-2019-12456 rhbz 1717182 1717183 Patch536: scsi-mpt3sas_ctl-fix-double-fetch-bug-in_ctl_ioctl_main.patch +# rhbz 1708717 +Patch537: neighbor-Reset-gc_entries-counter-if-new-entry-is-re.patch + # END OF PATCH DEFINITIONS %endif @@ -1856,6 +1859,7 @@ fi %changelog * Thu Jun 06 2019 Jeremy Cline <jcline@redhat.com> - Fix incorrect permission denied with lock down off (rhbz 1658675) +- Fix an issue with the IPv6 neighbor table (rhbz 1708717) * Wed Jun 05 2019 Justin M. Forbes <jforbes@fedoraproject.org> - Fix CVE-2019-12456 (rhbz 1717182 1717183) diff --git a/neighbor-Reset-gc_entries-counter-if-new-entry-is-re.patch b/neighbor-Reset-gc_entries-counter-if-new-entry-is-re.patch new file mode 100644 index 000000000..6c4b078b5 --- /dev/null +++ b/neighbor-Reset-gc_entries-counter-if-new-entry-is-re.patch @@ -0,0 +1,41 @@ +From 51b840ae99c70e03ff463e3d98d4fcac2e31344c Mon Sep 17 00:00:00 2001 +From: David Ahern <dsahern@gmail.com> +Date: Wed, 1 May 2019 18:08:34 -0700 +Subject: [PATCH] neighbor: Reset gc_entries counter if new entry is released + before insert + +Ian and Alan both reported seeing overflows after upgrades to 5.x kernels: + neighbour: arp_cache: neighbor table overflow! + +Alan's mpls script helped get to the bottom of this bug. When a new entry +is created the gc_entries counter is bumped in neigh_alloc to check if a +new one is allowed to be created. ___neigh_create then searches for an +existing entry before inserting the just allocated one. If an entry +already exists, the new one is dropped in favor of the existing one. In +this case the cleanup path needs to drop the gc_entries counter. There +is no memory leak, only a counter leak. + +Fixes: 58956317c8d ("neighbor: Improve garbage collection") +Reported-by: Ian Kumlien <ian.kumlien@gmail.com> +Reported-by: Alan Maguire <alan.maguire@oracle.com> +Signed-off-by: David Ahern <dsahern@gmail.com> +--- + net/core/neighbour.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/net/core/neighbour.c b/net/core/neighbour.c +index 30f6fd8f68e0..aff051e5521d 100644 +--- a/net/core/neighbour.c ++++ b/net/core/neighbour.c +@@ -663,6 +663,8 @@ static struct neighbour *___neigh_create(struct neigh_table *tbl, + out_tbl_unlock: + write_unlock_bh(&tbl->lock); + out_neigh_release: ++ if (!exempt_from_gc) ++ atomic_dec(&tbl->gc_entries); + neigh_release(n); + goto out; + } +-- +2.21.0 + |