releases/4.20.17/ipv6-route-enforce-rcu-protection-in-ip6_route_check_nh_onlink.patch

   1 From foo@baz Thu Mar 14 23:20:15 PDT 2019
   2 From: Paolo Abeni <pabeni@redhat.com>
   3 Date: Thu, 21 Feb 2019 11:19:42 +0100
   4 Subject: ipv6: route: enforce RCU protection in ip6_route_check_nh_onlink()
   5
   6 From: Paolo Abeni <pabeni@redhat.com>
   7
   8 [ Upstream commit bf1dc8bad1d42287164d216d8efb51c5cd381b18 ]
   9
  10 We need a RCU critical section around rt6_info->from deference, and
  11 proper annotation.
  12
  13 Fixes: 4ed591c8ab44 ("net/ipv6: Allow onlink routes to have a device mismatch if it is the default route")
  14 Signed-off-by: Paolo Abeni <pabeni@redhat.com>
  15 Reviewed-by: David Ahern <dsahern@gmail.com>
  16 Signed-off-by: David S. Miller <davem@davemloft.net>
  17 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  18 ---
  19  net/ipv6/route.c |    6 +++++-
  20  1 file changed, 5 insertions(+), 1 deletion(-)
  21
  22 --- a/net/ipv6/route.c
  23 +++ b/net/ipv6/route.c
  24 @@ -2752,20 +2752,24 @@ static int ip6_route_check_nh_onlink(str
  25         u32 tbid = l3mdev_fib_table(dev) ? : RT_TABLE_MAIN;
  26         const struct in6_addr *gw_addr = &cfg->fc_gateway;
  27         u32 flags = RTF_LOCAL | RTF_ANYCAST | RTF_REJECT;
  28 +       struct fib6_info *from;
  29         struct rt6_info *grt;
  30         int err;
  31
  32         err = 0;
  33         grt = ip6_nh_lookup_table(net, cfg, gw_addr, tbid, 0);
  34         if (grt) {
  35 +               rcu_read_lock();
  36 +               from = rcu_dereference(grt->from);
  37                 if (!grt->dst.error &&
  38                     /* ignore match if it is the default route */
  39 -                   grt->from && !ipv6_addr_any(&grt->from->fib6_dst.addr) &&
  40 +                   from && !ipv6_addr_any(&from->fib6_dst.addr) &&
  41                     (grt->rt6i_flags & flags || dev != grt->dst.dev)) {
  42                         NL_SET_ERR_MSG(extack,
  43                                        "Nexthop has invalid gateway or device mismatch");
  44                         err = -EINVAL;
  45                 }
  46 +               rcu_read_unlock();
  47
  48                 ip6_rt_put(grt);
  49         }