From: David Ahern <dsahern@kernel.org>
To: thinker.li@gmail.com, netdev@vger.kernel.org,
martin.lau@linux.dev, kernel-team@meta.com, davem@davemloft.net,
kuba@kernel.org, pabeni@redhat.com, edumazet@google.com
Cc: sinquersw@gmail.com, kuifeng@meta.com,
syzbot+c15aa445274af8674f41@syzkaller.appspotmail.com
Subject: Re: [PATCH net-next v3 1/2] net/ipv6: insert a f6i to a GC list only if the f6i is in a fib6_table tree.
Date: Wed, 13 Dec 2023 22:11:24 -0800 [thread overview]
Message-ID: <28f016bc-3514-444f-82df-719aeb2d013a@kernel.org> (raw)
In-Reply-To: <20231213213735.434249-2-thinker.li@gmail.com>
On 12/13/23 2:37 PM, thinker.li@gmail.com wrote:
> diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> index b132feae3393..dcaeb88d73aa 100644
> --- a/net/ipv6/route.c
> +++ b/net/ipv6/route.c
> @@ -3763,10 +3763,10 @@ static struct fib6_info *ip6_route_info_create(struct fib6_config *cfg,
> rt->dst_nocount = true;
>
> if (cfg->fc_flags & RTF_EXPIRES)
> - fib6_set_expires_locked(rt, jiffies +
> - clock_t_to_jiffies(cfg->fc_expires));
> + __fib6_set_expires(rt, jiffies +
> + clock_t_to_jiffies(cfg->fc_expires));
> else
> - fib6_clean_expires_locked(rt);
> + __fib6_clean_expires(rt);
as Eric noted in a past comment, the clean is not needed in this
function since memory is initialized to 0 (expires is never set).
Also, this patch set does not fundamentally change the logic, so it
cannot fix the bug reported in
https://lore.kernel.org/all/20231205173250.2982846-1-edumazet@google.com/
please hold off future versions of this set until the problem in that
stack traced is fixed. I have tried a few things using RA's, but have
not been able to recreate UAF.
next prev parent reply other threads:[~2023-12-14 6:11 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-13 21:37 [PATCH net-next v3 0/2] Fix dangling pointer at f6i->gc_link thinker.li
2023-12-13 21:37 ` [PATCH net-next v3 1/2] net/ipv6: insert a f6i to a GC list only if the f6i is in a fib6_table tree thinker.li
2023-12-14 6:11 ` David Ahern [this message]
2023-12-14 23:43 ` Kui-Feng Lee
2023-12-15 19:12 ` Kui-Feng Lee
2023-12-16 18:36 ` David Ahern
2023-12-18 1:05 ` Kui-Feng Lee
2023-12-18 1:16 ` Kui-Feng Lee
2023-12-13 21:37 ` [PATCH net-next v3 2/2] selftests: fib_tests: Add tests for toggling between w/ and w/o expires thinker.li
2023-12-14 3:32 ` Hangbin Liu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=28f016bc-3514-444f-82df-719aeb2d013a@kernel.org \
--to=dsahern@kernel.org \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kernel-team@meta.com \
--cc=kuba@kernel.org \
--cc=kuifeng@meta.com \
--cc=martin.lau@linux.dev \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=sinquersw@gmail.com \
--cc=syzbot+c15aa445274af8674f41@syzkaller.appspotmail.com \
--cc=thinker.li@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.