2015-12-21 09:55:03

by Andrey Ryabinin

Subject: [PATCH] ipv6/addrlabel: fix ip6addrlbl_get()

ip6addrlbl_get() has never worked. If ip6addrlbl_hold() succeeded,
ip6addrlbl_get() will exit with '-ESRCH'. If ip6addrlbl_hold() failed,
ip6addrlbl_get() will use about to be free ip6addrlbl_entry pointer.

Fix this by inverting ip6addrlbl_hold() check.

Fixes: 2a8cc6c89039 ("[IPV6] ADDRCONF: Support RFC3484 configurable address selection policy table.")
Signed-off-by: Andrey Ryabinin <[email protected]>
---
net/ipv6/addrlabel.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/ipv6/addrlabel.c b/net/ipv6/addrlabel.c
index 882124e..a8f6986 100644
--- a/net/ipv6/addrlabel.c
+++ b/net/ipv6/addrlabel.c
@@ -552,7 +552,7 @@ static int ip6addrlbl_get(struct sk_buff *in_skb, struct nlmsghdr *nlh)

rcu_read_lock();
p = __ipv6_addr_label(net, addr, ipv6_addr_type(addr), ifal->ifal_index);
- if (p && ip6addrlbl_hold(p))
+ if (p && !ip6addrlbl_hold(p))
p = NULL;
lseq = ip6addrlbl_table.seq;
rcu_read_unlock();
--
2.4.10

2015-12-21 19:37:40

by Cong Wang

Subject: Re: [PATCH] ipv6/addrlabel: fix ip6addrlbl_get()

On Mon, Dec 21, 2015 at 1:54 AM, Andrey Ryabinin
<[email protected]> wrote:
> ip6addrlbl_get() has never worked. If ip6addrlbl_hold() succeeded,
> ip6addrlbl_get() will exit with '-ESRCH'. If ip6addrlbl_hold() failed,
> ip6addrlbl_get() will use about to be free ip6addrlbl_entry pointer.
>
> Fix this by inverting ip6addrlbl_hold() check.
>
> Fixes: 2a8cc6c89039 ("[IPV6] ADDRCONF: Support RFC3484 configurable address selection policy table.")
> Signed-off-by: Andrey Ryabinin <[email protected]>

Good catch!

Reviewed-by: Cong Wang <[email protected]>

2015-12-22 20:58:43

by David Miller

Subject: Re: [PATCH] ipv6/addrlabel: fix ip6addrlbl_get()

From: Andrey Ryabinin <[email protected]>
Date: Mon, 21 Dec 2015 12:54:45 +0300

> ip6addrlbl_get() has never worked. If ip6addrlbl_hold() succeeded,
> ip6addrlbl_get() will exit with '-ESRCH'. If ip6addrlbl_hold() failed,
> ip6addrlbl_get() will use about to be free ip6addrlbl_entry pointer.
>
> Fix this by inverting ip6addrlbl_hold() check.
>
> Fixes: 2a8cc6c89039 ("[IPV6] ADDRCONF: Support RFC3484 configurable address selection policy table.")
> Signed-off-by: Andrey Ryabinin <[email protected]>

Applied and queued up for -stable, thanks.

2015-12-22 08:04:34

by Hideaki Yoshifuji

Subject: Re: [PATCH] ipv6/addrlabel: fix ip6addrlbl_get()

Cong Wang wrote:
> On Mon, Dec 21, 2015 at 1:54 AM, Andrey Ryabinin
> <[email protected]> wrote:
>> ip6addrlbl_get() has never worked. If ip6addrlbl_hold() succeeded,
>> ip6addrlbl_get() will exit with '-ESRCH'. If ip6addrlbl_hold() failed,
>> ip6addrlbl_get() will use about to be free ip6addrlbl_entry pointer.
>>
>> Fix this by inverting ip6addrlbl_hold() check.
>>
>> Fixes: 2a8cc6c89039 ("[IPV6] ADDRCONF: Support RFC3484 configurable address selection policy table.")
>> Signed-off-by: Andrey Ryabinin <[email protected]>
>
> Good catch!
>
> Reviewed-by: Cong Wang <[email protected]>
Acked-by: YOSHIFUJI Hideaki <[email protected]>

--
Hideaki Yoshifuji <[email protected]>
Technical Division, MIRACLE LINUX CORPORATION