Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp3563684pxp;
        Tue, 15 Mar 2022 00:57:06 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJwkSZlu5lInC8HIba0kFA/ZsgDlnhqWkwysmUlyHCPN+pvUPkRk586B2eYWK30jiSig+0o4
X-Received: by 2002:a65:4c0f:0:b0:373:f389:b7e0 with SMTP id u15-20020a654c0f000000b00373f389b7e0mr22732465pgq.411.1647331025699;
        Tue, 15 Mar 2022 00:57:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1647331025; cv=none;
        d=google.com; s=arc-20160816;
        b=uf4ZIPLBy+Ns9EaA7EAd5GRPT3VksNvKZroD7E0UflcGwfGtpIkKgdIrHHj+u9mgRN
         D6uOREi0F9ggdM660QcH0p+RFEyYferjcuIZzj7e1LSa29FSN/LnC7mUHdRjetRRQO8L
         VKR5zeCi/SXrz129ksEHFR2wlZCjSu276XBD36W9vxdwOH+uPSayCt2AISDzOgjpsxKg
         eKa2h2F1blB6+7vvpuwO8ohgdVQdGURU54OHd2jNYjvtvKhWEulUOk7vpkDgsS3Sa6uy
         W8qLBlkZol8j2WFu77kO4a9ZCOFqijLKJivM3uDdg+CEK8g18p+pbN9aFtfxZeGTuxN9
         GmtQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=MCEfJWNZFtF/l1QrCAM6suf9lfNrOsGcsf29KOBuCo8=;
        b=rfEEskWKugIFOZGN4yFbcHHg4QET9kFSJD7bCj+KIBHuztiyGN0Vmoo2b0XdFBIdqe
         TzlBXgQCHQyPS31poJL6d5dZ9vSDB8JCmocMiq9ZA7sFj2hS4kwplK9kL1yrRKyPEES6
         KHo5XPx+qtQLZf99UoEYSTWgdN2zOG7Z+YGobLVy5YRqpU8TjZme3okp+xR8j8vFdj86
         E98Z1rx+qbvYvgaGfCxegyIQ7O7j5Wv0ySuwtzPUUelI8ztQbOqvyLbyVogdllefqKhx
         fZ8xzrB50/d/V4IOlqiziGvIC/p0UL4w+BpD9qlqQv9SsOL0iiCZi22kI/9/usfZNPHX
         fg1Q==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=AhqBxFq1;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id t7-20020a6549c7000000b00372f2b9f50dsi17039224pgs.223.2022.03.15.00.56.53;
        Tue, 15 Mar 2022 00:57:05 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=AhqBxFq1;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S240043AbiCNL77 (ORCPT <rfc822;shakeebbk@gmail.com> + 99 others);
        Mon, 14 Mar 2022 07:59:59 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:36088 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S240038AbiCNL55 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 14 Mar 2022 07:57:57 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [IPv6:2604:1380:4641:c500::1])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 58937FD28;
        Mon, 14 Mar 2022 04:56:48 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id EC60861240;
        Mon, 14 Mar 2022 11:56:47 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id EA817C340E9;
        Mon, 14 Mar 2022 11:56:45 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1647259007;
        bh=ST0JNt4SsCbzhlPzhi5BjKDyoAMsqZ4S4Oxtdvq81zk=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=AhqBxFq1jBLbO6Woz85gQS9gd7011wqx+geFen6JnOxmZ2beG5BJkoncetSSd2q0v
         gqd18YqB1Iu0eS3u5ByKEBgUyRYNyIUB8K5ttz+UHHwauDj2CjzJGcZbaRrmOvURbX
         HlfnfOUQRxkhuTu18AZcXuHlqhg9qLAtdudmfe+A=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Niels Dossche <dossche.niels@gmail.com>,
        David Ahern <dsahern@kernel.org>,
        Niels Dossche <niels.dossche@ugent.be>,
        Jakub Kicinski <kuba@kernel.org>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.4 25/43] ipv6: prevent a possible race condition with lifetimes
Date:   Mon, 14 Mar 2022 12:53:36 +0100
Message-Id: <20220314112735.125130610@linuxfoundation.org>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220314112734.415677317@linuxfoundation.org>
References: <20220314112734.415677317@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-8.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Niels Dossche <dossche.niels@gmail.com>

[ Upstream commit 6c0d8833a605e195ae219b5042577ce52bf71fff ]

valid_lft, prefered_lft and tstamp are always accessed under the lock
"lock" in other places. Reading these without taking the lock may result
in inconsistencies regarding the calculation of the valid and preferred
variables since decisions are taken on these fields for those variables.

Signed-off-by: Niels Dossche <dossche.niels@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Niels Dossche <niels.dossche@ugent.be>
Link: https://lore.kernel.org/r/20220223131954.6570-1-niels.dossche@ugent.be
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ipv6/addrconf.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index d1f29a3eb70b..60d070b25484 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -4924,6 +4924,7 @@ static int inet6_fill_ifaddr(struct sk_buff *skb, struct inet6_ifaddr *ifa,
 	    nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid))
 		goto error;
 
+	spin_lock_bh(&ifa->lock);
 	if (!((ifa->flags&IFA_F_PERMANENT) &&
 	      (ifa->prefered_lft == INFINITY_LIFE_TIME))) {
 		preferred = ifa->prefered_lft;
@@ -4945,6 +4946,7 @@ static int inet6_fill_ifaddr(struct sk_buff *skb, struct inet6_ifaddr *ifa,
 		preferred = INFINITY_LIFE_TIME;
 		valid = INFINITY_LIFE_TIME;
 	}
+	spin_unlock_bh(&ifa->lock);
 
 	if (!ipv6_addr_any(&ifa->peer_addr)) {
 		if (nla_put_in6_addr(skb, IFA_LOCAL, &ifa->addr) < 0 ||
-- 
2.34.1