Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp3327397imu; Sun, 11 Nov 2018 12:27:40 -0800 (PST) X-Google-Smtp-Source: AJdET5fZ5zxeGmxSKxIADCIX0GZW0fl5rJ+a5Mkb3nnkePPvioOpfWcEff0vZq0aPxO58A0SPrat X-Received: by 2002:a63:a401:: with SMTP id c1mr15125211pgf.403.1541968060010; Sun, 11 Nov 2018 12:27:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1541968059; cv=none; d=google.com; s=arc-20160816; b=1AMPcoJ0bpzUDDmdbDoGAputUc1xWdRk/jqiW+JTeZmJftBfxPWbQEF+e4qqloiArU 7J5tBkbHi+XIx8rmmT03JJZNStincRhyzvASdJnxiyo/Xf/8psnJV7AfQp5EjCWj251h rs197HxDU++Z2TPgiZpYOLaTcc2eUMCyjqirbd/d9dJ+gNYbkfk789TCUzoT825I9bzs ajO8LqTB9sjwnMAdIZo9cl3f4I8afcMmAYsItnp9M7Nz5YJCxLBsfZ4KUvIzHM+Vc5pK a+N+rthQqjesC3EEbG1YsSbtGQPNaRbs7ysiTwShQ7EpBSAIMmd0TGa1PQoaKexLsVMB Iv4g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:subject:message-id:date:cc:to :from:mime-version:content-transfer-encoding:content-disposition; bh=Cxqsj3BleYpWuoFVaZIwCGUjvHhRbIcKi0T2rkjZ1QQ=; b=H75desQHTVj5NEk4qz5X9B/+v3Ebom6/lUwnMsIohNGf3TwGOVJi/sbaT1PLyBtumT Nazk62On0HBW8Hdjg5fYKOSfRPhIq7Rf7QFEXsHYCWzRa6EO4e5ADD3NpeMFSHL45dUi nmm3jiv3Eh3cfEGsjtIpaQKfxaEY9bT+xdd+gKc7lM/IAfram1yc0Tbk8JWjyy7gHcC5 OqHIsbrvyHFGU9vHX6r0Yvl+S6Mfurqlh0hXrD3C0dJ074XAu+tOwV1/UjiHs+ELi8zb IGdzsaTOIAhfMSGfbLv3jL8d9/YZf7Wla8TZ5RHDFx6otcxlyS+Y10v+Sc4aWrH7w2mh Xasg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d70-v6si15413658pfg.49.2018.11.11.12.27.25; Sun, 11 Nov 2018 12:27:39 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731150AbeKLGQ3 (ORCPT + 99 others); Mon, 12 Nov 2018 01:16:29 -0500 Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:50830 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730599AbeKLFs1 (ORCPT ); Mon, 12 Nov 2018 00:48:27 -0500 Received: from [192.168.4.242] (helo=deadeye) by shadbolt.decadent.org.uk with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.89) (envelope-from ) id 1gLvsl-0000lJ-GP; Sun, 11 Nov 2018 19:58:55 +0000 Received: from ben by deadeye with local (Exim 4.91) (envelope-from ) id 1gLvsY-0001nB-JP; Sun, 11 Nov 2018 19:58:42 +0000 Content-Type: text/plain; charset="UTF-8" Content-Disposition: inline Content-Transfer-Encoding: 8bit MIME-Version: 1.0 From: Ben Hutchings To: linux-kernel@vger.kernel.org, stable@vger.kernel.org CC: akpm@linux-foundation.org, "Lorenzo Bianconi" , "David S. Miller" Date: Sun, 11 Nov 2018 19:49:05 +0000 Message-ID: X-Mailer: LinuxStableQueue (scripts by bwh) Subject: [PATCH 3.16 299/366] ipv4: remove BUG_ON() from fib_compute_spec_dst In-Reply-To: X-SA-Exim-Connect-IP: 192.168.4.242 X-SA-Exim-Mail-From: ben@decadent.org.uk X-SA-Exim-Scanned: No (on shadbolt.decadent.org.uk); SAEximRunCond expanded to false Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 3.16.61-rc1 review patch. If anyone has any objections, please let me know. ------------------ From: Lorenzo Bianconi commit 9fc12023d6f51551d6ca9ed7e02ecc19d79caf17 upstream. Remove BUG_ON() from fib_compute_spec_dst routine and check in_dev pointer during flowi4 data structure initialization. fib_compute_spec_dst routine can be run concurrently with device removal where ip_ptr net_device pointer is set to NULL. This can happen if userspace enables pkt info on UDP rx socket and the device is removed while traffic is flowing Fixes: 35ebf65e851c ("ipv4: Create and use fib_compute_spec_dst() helper") Signed-off-by: Lorenzo Bianconi Signed-off-by: David S. Miller [bwh: Backported to 3.16: adjust context] Signed-off-by: Ben Hutchings --- --- a/net/ipv4/fib_frontend.c +++ b/net/ipv4/fib_frontend.c @@ -209,19 +209,20 @@ __be32 fib_compute_spec_dst(struct sk_bu return ip_hdr(skb)->daddr; in_dev = __in_dev_get_rcu(dev); - BUG_ON(!in_dev); net = dev_net(dev); scope = RT_SCOPE_UNIVERSE; if (!ipv4_is_zeronet(ip_hdr(skb)->saddr)) { + bool vmark = in_dev && IN_DEV_SRC_VMARK(in_dev); + fl4.flowi4_oif = 0; fl4.flowi4_iif = LOOPBACK_IFINDEX; fl4.daddr = ip_hdr(skb)->saddr; fl4.saddr = 0; fl4.flowi4_tos = RT_TOS(ip_hdr(skb)->tos); fl4.flowi4_scope = scope; - fl4.flowi4_mark = IN_DEV_SRC_VMARK(in_dev) ? skb->mark : 0; + fl4.flowi4_mark = vmark ? skb->mark : 0; if (!fib_lookup(net, &fl4, &res)) return FIB_RES_PREFSRC(net, res); } else {