From: Guillaume Nault <gnault@redhat.com>
To: Mirsad Todorovac <mirsad.todorovac@alu.unizg.hr>
Cc: netdev@vger.kernel.org, "David S. Miller" <davem@davemloft.net>,
Eric Dumazet <edumazet@google.com>,
Jakub Kicinski <kuba@kernel.org>, Paolo Abeni <pabeni@redhat.com>,
Shuah Khan <shuah@kernel.org>,
linux-kernel@vger.kernel.org, linux-kselftest@vger.kernel.org
Subject: Re: POSSIBLE BUG: selftests/net/fcnal-test.sh: [FAIL] in vrf "bind - ns-B IPv6 LLA" test
Date: Tue, 6 Jun 2023 16:11:24 +0200 [thread overview]
Message-ID: <ZH8+jLjottBw2zuD@debian> (raw)
In-Reply-To: <60f78eaa-ace7-c27d-8e45-4777ecf3faa2@alu.unizg.hr>
On Tue, Jun 06, 2023 at 03:57:35PM +0200, Mirsad Todorovac wrote:
> diff --git a/net/ipv6/ping.c b/net/ipv6/ping.c
> index c4835dbdfcff..c1d81c49b775 100644
> --- a/net/ipv6/ping.c
> +++ b/net/ipv6/ping.c
> @@ -73,6 +73,10 @@ static int ping_v6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
> struct rt6_info *rt;
> struct pingfakehdr pfh;
> struct ipcm6_cookie ipc6;
> + struct net *net = sock_net(sk);
> + struct net_device *dev = NULL;
> + struct net_device *mdev = NULL;
> + struct net_device *bdev = NULL;
>
> err = ping_common_sendmsg(AF_INET6, msg, len, &user_icmph,
> sizeof(user_icmph));
> @@ -111,10 +115,26 @@ static int ping_v6_sendmsg(struct sock *sk, struct msghdr *msg, size_t len)
> else if (!oif)
> oif = np->ucast_oif;
>
> + if (oif) {
> + rcu_read_lock();
> + dev = dev_get_by_index_rcu(net, oif);
> + rcu_read_unlock();
You can't assume '*dev' is still valid after rcu_read_unlock() unless
you hold a reference on it.
> + rtnl_lock();
> + mdev = netdev_master_upper_dev_get(dev);
> + rtnl_unlock();
Because of that, 'dev' might have already disappeared at the time
netdev_master_upper_dev_get() is called. So it may dereference an
invalid pointer here.
> + }
> +
> + if (sk->sk_bound_dev_if) {
> + rcu_read_lock();
> + bdev = dev_get_by_index_rcu(net, sk->sk_bound_dev_if);
> + rcu_read_unlock();
> + }
> +
> addr_type = ipv6_addr_type(daddr);
> if ((__ipv6_addr_needs_scope_id(addr_type) && !oif) ||
> (addr_type & IPV6_ADDR_MAPPED) ||
> - (oif && sk->sk_bound_dev_if && oif != sk->sk_bound_dev_if))
> + (oif && sk->sk_bound_dev_if && oif != sk->sk_bound_dev_if &&
> + !(mdev && sk->sk_bound_dev_if && bdev && mdev == bdev)))
> return -EINVAL;
>
> ipcm6_init_sk(&ipc6, np);
>
> However, this works by the test (888 passed) but your two liner is obviously
> better :-)
:)
> Best regards,
> Mirsad
>
> --
> Mirsad Goran Todorovac
> Sistem inženjer
> Grafički fakultet | Akademija likovnih umjetnosti
> Sveučilište u Zagrebu
>
> System engineer
> Faculty of Graphic Arts | Academy of Fine Arts
> University of Zagreb, Republic of Croatia
>
next prev parent reply other threads:[~2023-06-06 14:12 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-24 12:17 POSSIBLE BUG: selftests/net/fcnal-test.sh: [FAIL] in vrf "bind - ns-B IPv6 LLA" test Mirsad Todorovac
2023-05-31 18:11 ` Guillaume Nault
2023-06-02 12:35 ` Mirsad Goran Todorovac
2023-06-06 6:24 ` Mirsad Goran Todorovac
2023-06-06 13:46 ` Guillaume Nault
2023-06-06 13:57 ` Mirsad Todorovac
2023-06-06 14:11 ` Guillaume Nault [this message]
2023-06-06 14:28 ` Mirsad Todorovac
2023-06-06 18:50 ` Guillaume Nault
2023-06-06 19:17 ` Mirsad Goran Todorovac
2023-06-06 19:27 ` Guillaume Nault
2023-06-06 18:07 ` POSSIBLE BUG: selftests/net/fcnal-test.sh: [FAIL][FIX TESTED] " Mirsad Goran Todorovac
2023-06-06 18:57 ` Guillaume Nault
2023-06-06 22:04 ` Mirsad Goran Todorovac
2023-06-07 16:51 ` Guillaume Nault
2023-06-08 5:37 ` Mirsad Goran Todorovac
2023-06-09 16:13 ` Guillaume Nault
2023-06-10 18:04 ` Mirsad Goran Todorovac
2023-06-14 8:47 ` Guillaume Nault
2023-06-15 20:10 ` Mirsad Goran Todorovac
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZH8+jLjottBw2zuD@debian \
--to=gnault@redhat.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=mirsad.todorovac@alu.unizg.hr \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=shuah@kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.