| Message ID | 20171206181933.1054789-1-tehnerd@fb.com |
|---|---|
| State | Changes Requested, archived |
| Delegated to: | David Miller |
| Headers | show |
| Series | [net] adding missing rcu_read_unlock in ipxip6_rcv | expand |
From: "Nikita V. Shirokov" <tehnerd@fb.com> Date: Wed, 6 Dec 2017 10:19:33 -0800 > commit 8d79266bc48c ("ip6_tunnel: add collect_md mode to IPv6 tunnels") > introduced new exit point in ipxip6_rcv. however rcu_read_unlock is > missing there. this diff is fixing this > > Signed-off-by: Nikita V. Shirokov <tehnerd@fb.com> ... > @@ -903,8 +903,10 @@ static int ipxip6_rcv(struct sk_buff *skb, u8 ipproto, > goto drop; > if (t->parms.collect_md) { > tun_dst = ipv6_tun_rx_dst(skb, 0, 0, 0); > - if (!tun_dst) > + if (!tun_dst) { > + rcu_read_unlock(); > return 0; > + } > } > ret = __ip6_tnl_rcv(t, skb, tpi, tun_dst, dscp_ecn_decapsulate, > log_ecn_error); Shouldn't it branch to 'drop' otherwise we leak the skb?
On 12/6/17, 12:50 PM, "David Miller" <davem@davemloft.net> wrote: From: "Nikita V. Shirokov" <tehnerd@fb.com> Date: Wed, 6 Dec 2017 10:19:33 -0800 > commit 8d79266bc48c ("ip6_tunnel: add collect_md mode to IPv6 tunnels") > introduced new exit point in ipxip6_rcv. however rcu_read_unlock is > missing there. this diff is fixing this > > Signed-off-by: Nikita V. Shirokov <tehnerd@fb.com> ... > @@ -903,8 +903,10 @@ static int ipxip6_rcv(struct sk_buff *skb, u8 ipproto, > goto drop; > if (t->parms.collect_md) { > tun_dst = ipv6_tun_rx_dst(skb, 0, 0, 0); > - if (!tun_dst) > + if (!tun_dst) { > + rcu_read_unlock(); > return 0; > + } > } > ret = __ip6_tnl_rcv(t, skb, tpi, tun_dst, dscp_ecn_decapsulate, > log_ecn_error); Shouldn't it branch to 'drop' otherwise we leak the skb? Fair point, will rework. -- Nikita
diff --git a/net/ipv6/ip6_tunnel.c b/net/ipv6/ip6_tunnel.c index 3d3092a..00f2c79 100644 --- a/net/ipv6/ip6_tunnel.c +++ b/net/ipv6/ip6_tunnel.c @@ -903,8 +903,10 @@ static int ipxip6_rcv(struct sk_buff *skb, u8 ipproto, goto drop; if (t->parms.collect_md) { tun_dst = ipv6_tun_rx_dst(skb, 0, 0, 0); - if (!tun_dst) + if (!tun_dst) { + rcu_read_unlock(); return 0; + } } ret = __ip6_tnl_rcv(t, skb, tpi, tun_dst, dscp_ecn_decapsulate, log_ecn_error);
commit 8d79266bc48c ("ip6_tunnel: add collect_md mode to IPv6 tunnels") introduced new exit point in ipxip6_rcv. however rcu_read_unlock is missing there. this diff is fixing this Signed-off-by: Nikita V. Shirokov <tehnerd@fb.com> --- net/ipv6/ip6_tunnel.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)