From: Xin Long Date: Thu, 15 Dec 2016 15:00:55 +0000 (+0800) Subject: sctp: sctp_epaddr_lookup_transport should be protected by rcu_read_lock X-Git-Tag: v5.15~12212^2~25 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=5cb2cd68ddf9a13af36cec633006c0f2bdfb300a;p=platform%2Fkernel%2Flinux-starfive.git sctp: sctp_epaddr_lookup_transport should be protected by rcu_read_lock Since commit 7fda702f9315 ("sctp: use new rhlist interface on sctp transport rhashtable"), sctp has changed to use rhlist_lookup to look up transport, but rhlist_lookup doesn't call rcu_read_lock inside, unlike rhashtable_lookup_fast. It is called in sctp_epaddr_lookup_transport and sctp_addrs_lookup_transport. sctp_addrs_lookup_transport is always in the protection of rcu_read_lock(), as __sctp_lookup_association is called in rx path or sctp_lookup_association which are in the protection of rcu_read_lock() already. But sctp_epaddr_lookup_transport is called by sctp_endpoint_lookup_assoc, it doesn't call rcu_read_lock, which may cause "suspicious rcu_dereference_check usage' in __rhashtable_lookup. This patch is to fix it by adding rcu_read_lock in sctp_endpoint_lookup_assoc before calling sctp_epaddr_lookup_transport. Fixes: 7fda702f9315 ("sctp: use new rhlist interface on sctp transport rhashtable") Reported-by: Dmitry Vyukov Signed-off-by: Xin Long Acked-by: Marcelo Ricardo Leitner Signed-off-by: David S. Miller --- diff --git a/net/sctp/endpointola.c b/net/sctp/endpointola.c index 1f03065686fe..410ddc1e3443 100644 --- a/net/sctp/endpointola.c +++ b/net/sctp/endpointola.c @@ -331,7 +331,9 @@ struct sctp_association *sctp_endpoint_lookup_assoc( * on this endpoint. */ if (!ep->base.bind_addr.port) - goto out; + return NULL; + + rcu_read_lock(); t = sctp_epaddr_lookup_transport(ep, paddr); if (!t) goto out; @@ -339,6 +341,7 @@ struct sctp_association *sctp_endpoint_lookup_assoc( *transport = t; asoc = t->asoc; out: + rcu_read_unlock(); return asoc; }