From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Ahern Subject: [PATCH net] ipv6: Take rcu_read_lock in __inet6_bind for mapped addresses Date: Sat, 5 Jan 2019 07:35:04 -0800 Message-ID: <20190105153504.2201-1-dsahern@kernel.org> Cc: netdev@vger.kernel.org, David Ahern To: davem@davemloft.net Return-path: Received: from mail.kernel.org ([198.145.29.99]:44328 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726200AbfAEPfF (ORCPT ); Sat, 5 Jan 2019 10:35:05 -0500 Sender: netdev-owner@vger.kernel.org List-ID: From: David Ahern I realized the last patch calls dev_get_by_index_rcu in a branch not holding the rcu lock. Add the calls to rcu_read_lock and rcu_read_unlock. Fixes: ec90ad334986 ("ipv6: Consider sk_bound_dev_if when binding a socket to a v4 mapped address") Signed-off-by: David Ahern --- net/ipv6/af_inet6.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c index 93288b9f1697..d99753b5e39b 100644 --- a/net/ipv6/af_inet6.c +++ b/net/ipv6/af_inet6.c @@ -321,17 +321,20 @@ static int __inet6_bind(struct sock *sk, struct sockaddr *uaddr, int addr_len, goto out; } + rcu_read_lock(); if (sk->sk_bound_dev_if) { dev = dev_get_by_index_rcu(net, sk->sk_bound_dev_if); if (!dev) { err = -ENODEV; - goto out; + goto out_unlock; } } /* Reproduce AF_INET checks to make the bindings consistent */ v4addr = addr->sin6_addr.s6_addr32[3]; chk_addr_ret = inet_addr_type_dev_table(net, dev, v4addr); + rcu_read_unlock(); + if (!inet_can_nonlocal_bind(net, inet) && v4addr != htonl(INADDR_ANY) && chk_addr_ret != RTN_LOCAL && -- 2.11.0