From mboxrd@z Thu Jan  1 00:00:00 1970
From: David Miller <davem@davemloft.net>
Subject: Re: KASAN: use-after-free Read in rtnetlink_put_metrics
Date: Wed, 01 Aug 2018 11:46:36 -0700 (PDT)
Message-ID: <20180801.114636.279269263935333136.davem@davemloft.net>
References: <c8ffd001-8c67-19b9-7223-34ca8d436db2@gmail.com>
        <20180731134014.GA32114@bistromath.localdomain>
        <CAM_iQpURKOMAaPfs9v7FzhqqQPzj71sQD2LS0eU8cuqTML-YoA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: sd@queasysnail.net, eric.dumazet@gmail.com,
        syzbot+41f9c04b50ef70c66947@syzkaller.appspotmail.com,
        christian.brauner@ubuntu.com, dsahern@gmail.com, fw@strlen.de,
        jbenc@redhat.com, ktkhai@virtuozzo.com,
        linux-kernel@vger.kernel.org, lucien.xin@gmail.com,
        netdev@vger.kernel.org, syzkaller-bugs@googlegroups.com
To: xiyou.wangcong@gmail.com
Return-path: <linux-kernel-owner@vger.kernel.org>
In-Reply-To: <CAM_iQpURKOMAaPfs9v7FzhqqQPzj71sQD2LS0eU8cuqTML-YoA@mail.gmail.com>
Sender: linux-kernel-owner@vger.kernel.org
List-Id: netdev.vger.kernel.org

From: Cong Wang <xiyou.wangcong@gmail.com>
Date: Tue, 31 Jul 2018 16:03:13 -0700

> Looks like this commit is completely unnecessary,
> fib6_drop_pcpu_from() calls fib6_info_release()
> which calls fib6_info_destroy_rcu(), so this metrics
> will be released twice...

And even if there was a leak here, it's illegal to free this
metrics memory synchronously since it is RCU protected.

That's why it normally goes through fib6_info_destroy_rcu().

Sabrina, I'm going to revert your changes unless I see some
progress here by the end of today.