!15114 v3 net: Fix CVE-2024-56658 (3d318b1e) · Commits · EulixOS / Software / Kernel

include/net/net_namespace.h

+3 −0

Original line number	Diff line number	Diff line
		@@ -106,6 +106,9 @@ struct net {
		struct netns_mib mib;
		struct netns_packet packet;
		struct netns_unix unx;
		#ifndef __GENKSYMS__
		struct llist_node defer_free_list;
		#endif
		struct netns_ipv4 ipv4;
		#if IS_ENABLED(CONFIG_IPV6)
		struct netns_ipv6 ipv6;

+19 −1

Original line number	Diff line number	Diff line
		@@ -407,10 +407,26 @@ static struct net *net_alloc(void)
		goto out;
		}

		static LLIST_HEAD(defer_free_list);

		static void net_complete_free(void)
		{
		struct llist_node *kill_list;
		struct net net, next;

		/* Get the list of namespaces to free from last round. */
		kill_list = llist_del_all(&defer_free_list);

		llist_for_each_entry_safe(net, next, kill_list, defer_free_list)
		kmem_cache_free(net_cachep, net);

		}

		static void net_free(struct net *net)
		{
		kfree(rcu_access_pointer(net->gen));
		kmem_cache_free(net_cachep, net);
		/* Wait for an extra rcu_barrier() before final free. */
		llist_add(&net->defer_free_list, &defer_free_list);
		}

		void net_drop_ns(void *p)
		@@ -575,6 +591,8 @@ static void cleanup_net(struct work_struct *work)
		*/
		rcu_barrier();

		net_complete_free();

		/* Finally it is safe to free my network namespace structure */
		list_for_each_entry_safe(net, tmp, &net_exit_list, exit_list) {
		list_del_init(&net->exit_list);