diff options
| author | Florian Westphal <fw@strlen.de> | 2017-11-02 16:02:20 +0100 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2017-11-03 14:27:46 +0900 |
| commit | 25dd169aea6553aea548197a5d4580bbdeda1c85 (patch) | |
| tree | 1bf8972a58f3f907274744cf80dd97dec554d4fe /drivers/net/ethernet/broadcom | |
| parent | e73b49ebd9deeb0ff2cd9ac6fd9c72a433d1e062 (diff) | |
| download | linux-25dd169aea6553aea548197a5d4580bbdeda1c85.tar.bz2 | |
fib: fib_dump_info can no longer use __in_dev_get_rtnl
syzbot reported yet another regression added with DOIT_UNLOCKED.
When nexthop is marked as dead, fib_dump_info uses __in_dev_get_rtnl():
./include/linux/inetdevice.h:230 suspicious rcu_dereference_protected() usage!
rcu_scheduler_active = 2, debug_locks = 1
1 lock held by syz-executor2/23859:
#0: (rcu_read_lock){....}, at: [<ffffffff840283f0>]
inet_rtm_getroute+0xaa0/0x2d70 net/ipv4/route.c:2738
[..]
lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4665
__in_dev_get_rtnl include/linux/inetdevice.h:230 [inline]
fib_dump_info+0x1136/0x13d0 net/ipv4/fib_semantics.c:1377
inet_rtm_getroute+0xf97/0x2d70 net/ipv4/route.c:2785
..
This isn't safe anymore, callers either hold RTNL mutex or rcu read lock,
so these spots must use rcu_dereference_rtnl() or plain rcu_derefence()
(plus unconditional rcu read lock).
This does the latter.
Fixes: 394f51abb3d04f ("ipv4: route: set ipv4 RTM_GETROUTE to not use rtnl")
Reported-by: syzbot <syzkaller@googlegroups.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'drivers/net/ethernet/broadcom')
0 files changed, 0 insertions, 0 deletions