| From ad454b8a4852f7bbb8d86ae07dbc13cc7479ad01 Mon Sep 17 00:00:00 2001 |
| From: Eric Dumazet <eric.dumazet@gmail.com> |
| Date: Tue, 27 Mar 2012 09:53:52 +0000 |
| Subject: net: fix a potential rcu_read_lock() imbalance in rt6_fill_node() |
| |
| |
| From: Eric Dumazet <eric.dumazet@gmail.com> |
| |
| [ Upstream commit 94f826b8076e2cb92242061e92f21b5baa3eccc2 ] |
| |
| Commit f2c31e32b378 (net: fix NULL dereferences in check_peer_redir() ) |
| added a regression in rt6_fill_node(), leading to rcu_read_lock() |
| imbalance. |
| |
| Thats because NLA_PUT() can make a jump to nla_put_failure label. |
| |
| Fix this by using nla_put() |
| |
| Many thanks to Ben Greear for his help |
| |
| Reported-by: Ben Greear <greearb@candelatech.com> |
| Reported-by: Dave Jones <davej@redhat.com> |
| Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> |
| Tested-by: Ben Greear <greearb@candelatech.com> |
| Signed-off-by: David S. Miller <davem@davemloft.net> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/ipv6/route.c | 8 ++++++-- |
| 1 file changed, 6 insertions(+), 2 deletions(-) |
| |
| --- a/net/ipv6/route.c |
| +++ b/net/ipv6/route.c |
| @@ -2446,8 +2446,12 @@ static int rt6_fill_node(struct net *net |
| |
| rcu_read_lock(); |
| n = dst_get_neighbour(&rt->dst); |
| - if (n) |
| - NLA_PUT(skb, RTA_GATEWAY, 16, &n->primary_key); |
| + if (n) { |
| + if (nla_put(skb, RTA_GATEWAY, 16, &n->primary_key) < 0) { |
| + rcu_read_unlock(); |
| + goto nla_put_failure; |
| + } |
| + } |
| rcu_read_unlock(); |
| |
| if (rt->dst.dev) |
