From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Ahern Subject: Re: [PATCH net] ipv6: fix a dst leak when removing its exception Date: Wed, 14 Nov 2018 11:03:12 -0800 Message-ID: <8e49ab9d-e65f-510e-a330-2ba364a4d2c5@cumulusnetworks.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Cc: davem@davemloft.net To: Xin Long , network dev Return-path: Received: from mail-pg1-f193.google.com ([209.85.215.193]:37663 "EHLO mail-pg1-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725757AbeKOFHl (ORCPT ); Thu, 15 Nov 2018 00:07:41 -0500 Received: by mail-pg1-f193.google.com with SMTP id 80so7783496pge.4 for ; Wed, 14 Nov 2018 11:03:16 -0800 (PST) In-Reply-To: Content-Language: en-US Sender: netdev-owner@vger.kernel.org List-ID: On 11/13/18 8:48 AM, Xin Long wrote: > These is no need to hold dst before calling rt6_remove_exception_rt(). > The call to dst_hold_safe() in ip6_link_failure() was for ip6_del_rt(), > which has been removed in Commit 93531c674315 ("net/ipv6: separate > handling of FIB entries from dst based routes"). Otherwise, it will > cause a dst leak. > > This patch is to simply remove the dst_hold_safe() call before calling > rt6_remove_exception_rt() and also do the same in ip6_del_cached_rt(). > It's safe, because the removal of the exception that holds its dst's > refcnt is protected by rt6_exception_lock. > > Fixes: 93531c674315 ("net/ipv6: separate handling of FIB entries from dst based routes") > Fixes: 23fb93a4d3f1 ("net/ipv6: Cleanup exception and cache route handling") > Reported-by: Li Shuang > Signed-off-by: Xin Long > --- > net/ipv6/route.c | 7 +++---- > 1 file changed, 3 insertions(+), 4 deletions(-) was this problem actually hit or is this patch based on a code analysis?