From: Paolo Abeni <pabeni@redhat.com>
Date: Thu, 21 Feb 2019 10:19:41 +0000 (+0100)
Subject: ipv6: route: enforce RCU protection in rt6_update_exception_stamp_rt()
X-Git-Tag: v4.19.30~22
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=96dd4ef3c0ced87ba48c0047be46a2dac9025456;p=platform%2Fkernel%2Flinux-rpi3.git

ipv6: route: enforce RCU protection in rt6_update_exception_stamp_rt()

[ Upstream commit 193f3685d0546b0cea20c99894aadb70098e47bf ]

We must access rt6_info->from under RCU read lock: move the
dereference under such lock, with proper annotation.

v1 -> v2:
 - avoid using multiple, racy, fetch operations for rt->from

Fixes: a68886a69180 ("net/ipv6: Make from in rt6_info rcu protected")
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Reviewed-by: David Ahern <dsahern@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 5fc2dfc..e9f37999 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1623,15 +1623,15 @@ static int rt6_remove_exception_rt(struct rt6_info *rt)
 static void rt6_update_exception_stamp_rt(struct rt6_info *rt)
 {
 	struct rt6_exception_bucket *bucket;
-	struct fib6_info *from = rt->from;
 	struct in6_addr *src_key = NULL;
 	struct rt6_exception *rt6_ex;
-
-	if (!from ||
-	    !(rt->rt6i_flags & RTF_CACHE))
-		return;
+	struct fib6_info *from;
 
 	rcu_read_lock();
+	from = rcu_dereference(rt->from);
+	if (!from || !(rt->rt6i_flags & RTF_CACHE))
+		goto unlock;
+
 	bucket = rcu_dereference(from->rt6i_exception_bucket);
 
 #ifdef CONFIG_IPV6_SUBTREES
@@ -1650,6 +1650,7 @@ static void rt6_update_exception_stamp_rt(struct rt6_info *rt)
 	if (rt6_ex)
 		rt6_ex->stamp = jiffies;
 
+unlock:
 	rcu_read_unlock();
 }