ipv6: route: enforce RCU protection in ip6_route_check_nh_onlink() (bf1dc8ba) · Commits · 戴 / test

We need a RCU critical section around rt6_info->from deference, and proper annotation. Fixes: ("net/ipv6: Allow onlink routes to have a device mismatch if it is the default route") Signed-off-by:

Paolo Abeni <pabeni@redhat.com> Reviewed-by:

David Ahern <dsahern@gmail.com> Signed-off-by:

David S. Miller <davem@davemloft.net>

net/ipv6/route.c

+5 −1

Original line number	Diff line number	Diff line
		@@ -2743,20 +2743,24 @@ static int ip6_route_check_nh_onlink(struct net *net,
		u32 tbid = l3mdev_fib_table(dev) ? : RT_TABLE_MAIN;
		const struct in6_addr *gw_addr = &cfg->fc_gateway;
		u32 flags = RTF_LOCAL \| RTF_ANYCAST \| RTF_REJECT;
		struct fib6_info *from;
		struct rt6_info *grt;
		int err;

		err = 0;
		grt = ip6_nh_lookup_table(net, cfg, gw_addr, tbid, 0);
		if (grt) {
		rcu_read_lock();
		from = rcu_dereference(grt->from);
		if (!grt->dst.error &&
		/* ignore match if it is the default route */
		grt->from && !ipv6_addr_any(&grt->from->fib6_dst.addr) &&
		from && !ipv6_addr_any(&from->fib6_dst.addr) &&
		(grt->rt6i_flags & flags \|\| dev != grt->dst.dev)) {
		NL_SET_ERR_MSG(extack,
		"Nexthop has invalid gateway or device mismatch");
		err = -EINVAL;
		}
		rcu_read_unlock();

		ip6_rt_put(grt);
		}

Admin message