1 From 1355406b8d840e932fae71e38323c9a6566e67ad Mon Sep 17 00:00:00 2001
2 From: Eric Dumazet <edumazet@google.com>
3 Date: Thu, 6 Jun 2019 14:32:34 -0700
4 Subject: ipv6: flowlabel: fl6_sock_lookup() must use atomic_inc_not_zero
6 [ Upstream commit 65a3c497c0e965a552008db8bc2653f62bc925a1 ]
8 Before taking a refcount, make sure the object is not already
9 scheduled for deletion.
11 Same fix is needed in ipv6_flowlabel_opt()
13 Fixes: 18367681a10b ("ipv6 flowlabel: Convert np->ipv6_fl_list to RCU.")
14 Signed-off-by: Eric Dumazet <edumazet@google.com>
15 Cc: Willem de Bruijn <willemb@google.com>
16 Signed-off-by: David S. Miller <davem@davemloft.net>
17 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
19 net/ipv6/ip6_flowlabel.c | 7 ++++---
20 1 file changed, 4 insertions(+), 3 deletions(-)
22 diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c
23 index be5f3d7ceb96..f994f50e1516 100644
24 --- a/net/ipv6/ip6_flowlabel.c
25 +++ b/net/ipv6/ip6_flowlabel.c
26 @@ -254,9 +254,9 @@ struct ip6_flowlabel *fl6_sock_lookup(struct sock *sk, __be32 label)
28 for_each_sk_fl_rcu(np, sfl) {
29 struct ip6_flowlabel *fl = sfl->fl;
30 - if (fl->label == label) {
32 + if (fl->label == label && atomic_inc_not_zero(&fl->users)) {
33 fl->lastuse = jiffies;
34 - atomic_inc(&fl->users);
38 @@ -622,7 +622,8 @@ int ipv6_flowlabel_opt(struct sock *sk, char __user *optval, int optlen)
42 - atomic_inc(&fl1->users);
43 + if (!atomic_inc_not_zero(&fl1->users))
projects / thirdparty / kernel / stable-queue.git / blob