Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp4246651pxp;
        Tue, 15 Mar 2022 16:19:52 -0700 (PDT)
X-Google-Smtp-Source: ABdhPJzxQVhh2td+IEuvP8ep1aVut+BVAChKRX2oKoheeNyiNW7CR1pgmFQg6t/0em0+EuCdy9lY
X-Received: by 2002:a05:6a00:2296:b0:4f7:9e15:57e0 with SMTP id f22-20020a056a00229600b004f79e1557e0mr21556545pfe.17.1647386391940;
        Tue, 15 Mar 2022 16:19:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1647386391; cv=none;
        d=google.com; s=arc-20160816;
        b=CUQAx9AeBsYeSwFVatvQuGjxajhlkHaqEWbresrszFEM+DyuKjwDYV1KSGHseBxpKR
         xgVf4OAalYUKPNSA4RT6BBjAeJgr85tnqJshOiR+9uE9XBkzpg7FKEENJQaMZd3nFR9R
         1KURE4Ut2QYYHvUvzpTNom5YMIlVN4aPfK4ARjMSnFqb8SmeF0b3d/Yf1rcSNRRZ3azq
         OKeO0usqmOtUk96qu1S9+o/bOg7vgMs/xB+2sRVMcIuJfoJIX/cN47mlD4jvxaSlCMrh
         Uxzoe/o4WQsVl/0m+ABdukRQSpk/BY8TkWaTycqplpf99cZllzxfU8pQMRexK1t1GrU4
         QDvQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=5bIWrkyzNoiPLAXLU6dQQWvbaTAoKWOt9344g+Ki0t0=;
        b=O0j9yJg7pOJOZMdeEs0PNSoK5ZNFeUUrSVGNp8wl7rXuqI5sG5AfvPWl+U0KbRGo7v
         Rz56gK8im+49T6oETnU8d4m6rfe395zdpn/oI4aLfIGvTmGCOWp4ot/Pm9Iv3pUGLtU+
         6KIiW0csSup6UmtZiiyZjk9cIpGIDwCyyLdxigt0XTGpII6eD1takt0yMjgj1eFl9jo4
         OCPNdMhMwWPMkjwOSQJyNfhRJEiisebZdiRUsQc2bpmJQaTVnev/d9ZvqolkSSCx1eeh
         52LJKkaLEDPrwvUSKoGhr261l+9ewe32JLnOuHD47tuIzRJSQVXaxy4Y9mTZGNmN9u2H
         TD6A==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=r45OMfHw;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id x63-20020a638642000000b0037ff638efdfsi452550pgd.58.2022.03.15.16.19.35;
        Tue, 15 Mar 2022 16:19:51 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=r45OMfHw;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S240841AbiCNMMY (ORCPT <rfc822;shakeebbk@gmail.com> + 99 others);
        Mon, 14 Mar 2022 08:12:24 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59818 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S240608AbiCNMHo (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 14 Mar 2022 08:07:44 -0400
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5997525E89;
        Mon, 14 Mar 2022 05:03:48 -0700 (PDT)
Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by dfw.source.kernel.org (Postfix) with ESMTPS id 895A4612FC;
        Mon, 14 Mar 2022 12:03:48 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 59FAEC340E9;
        Mon, 14 Mar 2022 12:03:47 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
        s=korg; t=1647259428;
        bh=NuDrYjk6KqOnjT4mFjDBvDlCwZpllFFhwKqWbiYw1/U=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=r45OMfHwNBeBK1G83k+G7xAHn3+whPOEPqw0py0mZS83gbeKamiZR51G3lBYbSP4o
         9XVuWm4Qavk9JCMuwrM7726yUv8XGSUvxhItqate8NUlfKKbMxrvsmkSSz1wg2fYzR
         Cf31zU52JF9pT1FEYrBzxQOyyNGjOAnesPMPh2QY=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Niels Dossche <dossche.niels@gmail.com>,
        David Ahern <dsahern@kernel.org>,
        Niels Dossche <niels.dossche@ugent.be>,
        Jakub Kicinski <kuba@kernel.org>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 5.10 45/71] ipv6: prevent a possible race condition with lifetimes
Date:   Mon, 14 Mar 2022 12:53:38 +0100
Message-Id: <20220314112739.192035540@linuxfoundation.org>
X-Mailer: git-send-email 2.35.1
In-Reply-To: <20220314112737.929694832@linuxfoundation.org>
References: <20220314112737.929694832@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-8.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,
        DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_HI,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Niels Dossche <dossche.niels@gmail.com>

[ Upstream commit 6c0d8833a605e195ae219b5042577ce52bf71fff ]

valid_lft, prefered_lft and tstamp are always accessed under the lock
"lock" in other places. Reading these without taking the lock may result
in inconsistencies regarding the calculation of the valid and preferred
variables since decisions are taken on these fields for those variables.

Signed-off-by: Niels Dossche <dossche.niels@gmail.com>
Reviewed-by: David Ahern <dsahern@kernel.org>
Signed-off-by: Niels Dossche <niels.dossche@ugent.be>
Link: https://lore.kernel.org/r/20220223131954.6570-1-niels.dossche@ugent.be
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 net/ipv6/addrconf.c | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c
index 072c34823753..7c5bf39dca5d 100644
--- a/net/ipv6/addrconf.c
+++ b/net/ipv6/addrconf.c
@@ -4979,6 +4979,7 @@ static int inet6_fill_ifaddr(struct sk_buff *skb, struct inet6_ifaddr *ifa,
 	    nla_put_s32(skb, IFA_TARGET_NETNSID, args->netnsid))
 		goto error;
 
+	spin_lock_bh(&ifa->lock);
 	if (!((ifa->flags&IFA_F_PERMANENT) &&
 	      (ifa->prefered_lft == INFINITY_LIFE_TIME))) {
 		preferred = ifa->prefered_lft;
@@ -5000,6 +5001,7 @@ static int inet6_fill_ifaddr(struct sk_buff *skb, struct inet6_ifaddr *ifa,
 		preferred = INFINITY_LIFE_TIME;
 		valid = INFINITY_LIFE_TIME;
 	}
+	spin_unlock_bh(&ifa->lock);
 
 	if (!ipv6_addr_any(&ifa->peer_addr)) {
 		if (nla_put_in6_addr(skb, IFA_LOCAL, &ifa->addr) < 0 ||
-- 
2.34.1