From: Nicolas Dichtel <nicolas.dichtel@6wind.com>
To: steffen.klassert@secunet.com,
syzbot+3d9866419b4aa8f985d6@syzkaller.appspotmail.com
Cc: davem@davemloft.net, herbert@gondor.apana.org.au,
kuba@kernel.org, linux-kernel@vger.kernel.org,
syzkaller-bugs@googlegroups.com, netdev@vger.kernel.org,
Nicolas Dichtel <nicolas.dichtel@6wind.com>
Subject: [PATCH ipsec] xfrm: fix rcu lock in xfrm_notify_userpolicy()
Date: Wed, 22 Sep 2021 10:50:06 +0200 [thread overview]
Message-ID: <20210922085006.13570-1-nicolas.dichtel@6wind.com> (raw)
In-Reply-To: <0000000000003533d205cc8a624b@google.com>
As stated in the comment above xfrm_nlmsg_multicast(), rcu read lock must
be held before calling this function.
Reported-by: syzbot+3d9866419b4aa8f985d6@syzkaller.appspotmail.com
Fixes: 703b94b93c19 ("xfrm: notify default policy on update")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
---
net/xfrm/xfrm_user.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 0eba0c27c665..3a3cb09eec12 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1967,6 +1967,7 @@ static int xfrm_notify_userpolicy(struct net *net)
int len = NLMSG_ALIGN(sizeof(*up));
struct nlmsghdr *nlh;
struct sk_buff *skb;
+ int err;
skb = nlmsg_new(len, GFP_ATOMIC);
if (skb == NULL)
@@ -1988,7 +1989,11 @@ static int xfrm_notify_userpolicy(struct net *net)
nlmsg_end(skb, nlh);
- return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_POLICY);
+ rcu_read_lock();
+ err = xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_POLICY);
+ rcu_read_unlock();
+
+ return err;
}
static int xfrm_set_default(struct sk_buff *skb, struct nlmsghdr *nlh,
--
2.33.0
next prev parent reply other threads:[~2021-09-22 8:58 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-09-22 0:13 [syzbot] WARNING: suspicious RCU usage in xfrm_set_default syzbot
2021-09-22 8:50 ` Nicolas Dichtel [this message]
2021-09-25 8:06 ` [PATCH ipsec] xfrm: fix rcu lock in xfrm_notify_userpolicy() Steffen Klassert
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210922085006.13570-1-nicolas.dichtel@6wind.com \
--to=nicolas.dichtel@6wind.com \
--cc=davem@davemloft.net \
--cc=herbert@gondor.apana.org.au \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=steffen.klassert@secunet.com \
--cc=syzbot+3d9866419b4aa8f985d6@syzkaller.appspotmail.com \
--cc=syzkaller-bugs@googlegroups.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.