Bug #347
Fwd: [PATCH] net: fix a potential rcu_read_lock() imbalance in rt6_fill_node()
| Status: | Closed | Start date: | ||
|---|---|---|---|---|
| Priority: | High | Due date: | ||
| Assignee: |  Dave Täht |
% Done: | 0% |
|
| Category: | Linux Kernel | Spent time: | 0.50 hour | |
| Target version: | 1st Public Cerowrt release |
Description
---------- Forwarded message ----------
From: Eric Dumazet <eric.dumazet@gmail.com>
Date: Tue, Mar 27, 2012 at 12:53 PM
Subject: [PATCH] net: fix a potential rcu_read_lock() imbalance in
rt6_fill_node()
To: Ben Greear <greearb@candelatech.com>
Cc: David Miller <davem@davemloft.net>, netdev@vger.kernel.org,
gregkh@linuxfoundation.org, "Paul E. McKenney" <paulmck@linux.vnet.ibm.com>,
Dave Jones <davej@redhat.com>
Commit f2c31e32b378 (net: fix NULL dereferences in check_peer_redir() )
added a regression in rt6_fill_node(), leading to rcu_read_lock()
imbalance.
Thats because NLA_PUT() can make a jump to nla_put_failure label.
Fix this by using nla_put()
Many thanks to Ben Greear for his help
Reported-by: Ben Greear <greearb@candelatech.com>
Reported-by: Dave Jones <davej@redhat.com>
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
---
net/ipv6/route.c | 8 ++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 24c456e..496b627 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c@ -2474,8 +2474,12 @ static int rt6_fill_node(struct net *net,
rcu_read_lock();
n = dst_get_neighbour_noref(&rt->dst);
- if (n)
- NLA_PUT(skb, RTA_GATEWAY, 16, &n->primary_key);
+ if (n) {
+ if (nla_put(skb, RTA_GATEWAY, 16, &n->primary_key) < 0) {
+ rcu_read_unlock();
+ goto nla_put_failure;
+ }
+ }
rcu_read_unlock();if (rt->dst.dev)History
Updated by Dave Täht about 1 year ago
- Target version set to 1st Public Cerowrt release
- Priority changed from Normal to High
- Assignee set to Dave Täht
- Status changed from New to Closed
- Category set to Linux Kernel
fixed by 3.3.2