From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Olivier Matz <olivier.matz@6wind.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 4.4 17/18] ipv6: use READ_ONCE() for inet->hdrincl as in ipv4
Date: Mon, 4 May 2020 19:57:15 +0200 [thread overview]
Message-ID: <20200504165445.162621760@linuxfoundation.org> (raw)
In-Reply-To: <20200504165441.533160703@linuxfoundation.org>
From: Olivier Matz <olivier.matz@6wind.com>
commit 59e3e4b52663a9d97efbce7307f62e4bc5c9ce91 upstream.
As it was done in commit 8f659a03a0ba ("net: ipv4: fix for a race
condition in raw_sendmsg") and commit 20b50d79974e ("net: ipv4: emulate
READ_ONCE() on ->hdrincl bit-field in raw_sendmsg()") for ipv4, copy the
value of inet->hdrincl in a local variable, to avoid introducing a race
condition in the next commit.
Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/ipv6/raw.c | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
--- a/net/ipv6/raw.c
+++ b/net/ipv6/raw.c
@@ -757,6 +757,7 @@ static int rawv6_sendmsg(struct sock *sk
int hlimit = -1;
int tclass = -1;
int dontfrag = -1;
+ int hdrincl;
u16 proto;
int err;
@@ -770,6 +771,13 @@ static int rawv6_sendmsg(struct sock *sk
if (msg->msg_flags & MSG_OOB)
return -EOPNOTSUPP;
+ /* hdrincl should be READ_ONCE(inet->hdrincl)
+ * but READ_ONCE() doesn't work with bit fields.
+ * Doing this indirectly yields the same result.
+ */
+ hdrincl = inet->hdrincl;
+ hdrincl = READ_ONCE(hdrincl);
+
/*
* Get and verify the address.
*/
@@ -878,7 +886,7 @@ static int rawv6_sendmsg(struct sock *sk
fl6.flowi6_oif = np->ucast_oif;
security_sk_classify_flow(sk, flowi6_to_flowi(&fl6));
- if (inet->hdrincl)
+ if (hdrincl)
fl6.flowi6_flags |= FLOWI_FLAG_KNOWN_NH;
dst = ip6_dst_lookup_flow(sk, &fl6, final_p);
@@ -899,7 +907,7 @@ static int rawv6_sendmsg(struct sock *sk
goto do_confirm;
back_from_confirm:
- if (inet->hdrincl)
+ if (hdrincl)
err = rawv6_send_hdrinc(sk, msg, len, &fl6, &dst, msg->msg_flags);
else {
lock_sock(sk);
next prev parent reply other threads:[~2020-05-04 18:15 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-04 17:56 [PATCH 4.4 00/18] 4.4.222-rc1 review Greg Kroah-Hartman
2020-05-04 17:56 ` [PATCH 4.4 01/18] ext4: fix special inode number checks in __ext4_iget() Greg Kroah-Hartman
2020-05-04 17:57 ` [PATCH 4.4 02/18] drm/qxl: qxl_release leak in qxl_hw_surface_alloc() Greg Kroah-Hartman
2020-05-04 17:57 ` [PATCH 4.4 03/18] ALSA: pcm: oss: Place the plugin buffer overflow checks correctly Greg Kroah-Hartman
2020-05-04 17:57 ` [PATCH 4.4 04/18] PM: ACPI: Output correct message on target power state Greg Kroah-Hartman
2020-05-04 17:57 ` [PATCH 4.4 05/18] RDMA/mlx4: Initialize ib_spec on the stack Greg Kroah-Hartman
2020-05-04 17:57 ` [PATCH 4.4 06/18] vfio/type1: Fix VA->PA translation for PFNMAP VMAs in vaddr_get_pfn() Greg Kroah-Hartman
2020-05-04 17:57 ` [PATCH 4.4 07/18] ALSA: opti9xx: shut up gcc-10 range warning Greg Kroah-Hartman
2020-05-04 17:57 ` [PATCH 4.4 08/18] nfs: Fix potential posix_acl refcnt leak in nfs3_set_acl Greg Kroah-Hartman
2020-05-04 17:57 ` [PATCH 4.4 09/18] dmaengine: dmatest: Fix iteration non-stop logic Greg Kroah-Hartman
2020-05-04 17:57 ` [PATCH 4.4 10/18] i2c: designware-pci: use IRQF_COND_SUSPEND flag Greg Kroah-Hartman
2020-05-04 17:57 ` [PATCH 4.4 11/18] perf hists: Fix HISTC_MEM_DCACHELINE width setting Greg Kroah-Hartman
2020-05-04 17:57 ` [PATCH 4.4 12/18] powerpc/perf: Remove PPMU_HAS_SSLOT flag for Power8 Greg Kroah-Hartman
2020-05-04 17:57 ` [PATCH 4.4 13/18] perf/x86: Fix uninitialized value usage Greg Kroah-Hartman
2020-05-04 17:57 ` [PATCH 4.4 14/18] [media] exynos4-is: fix a format string bug Greg Kroah-Hartman
2020-05-04 17:57 ` [PATCH 4.4 15/18] ASoC: wm8960: Fix WM8960_SYSCLK_PLL mode Greg Kroah-Hartman
2020-05-04 17:57 ` [PATCH 4.4 16/18] ASoC: imx-spdif: Fix crash on suspend Greg Kroah-Hartman
2020-05-04 17:57 ` Greg Kroah-Hartman [this message]
2020-05-04 17:57 ` [PATCH 4.4 18/18] selinux: properly handle multiple messages in selinux_netlink_send() Greg Kroah-Hartman
2020-05-05 7:43 ` [PATCH 4.4 00/18] 4.4.222-rc1 review Chris Paterson
2020-05-05 8:36 ` Jon Hunter
2020-05-05 15:41 ` Guenter Roeck
2020-05-05 15:50 ` Naresh Kamboju
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200504165445.162621760@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=linux-kernel@vger.kernel.org \
--cc=olivier.matz@6wind.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).