Commit 0602b3e4 authored by Eric Dumazet's avatar Eric Dumazet Committed by Ben Hutchings

ipv6: tcp: add rcu locking in tcp_v6_send_synack()

commit 3e4006f0 upstream.

When first SYNACK is sent, we already hold rcu_read_lock(), but this
is not true if a SYNACK is retransmitted, as a timer (soft) interrupt
does not hold rcu_read_lock()

Fixes: 45f6fad8 ("ipv6: add complete rcu protection around np->opt")
Reported-by: default avatarDave Jones <davej@codemonkey.org.uk>
Signed-off-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
[bwh: Backported to 3.2: adjust context]
Signed-off-by: default avatarBen Hutchings <ben@decadent.org.uk>
parent 15dabec9
...@@ -513,8 +513,10 @@ static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req, ...@@ -513,8 +513,10 @@ static int tcp_v6_send_synack(struct sock *sk, struct request_sock *req,
__tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr); __tcp_v6_send_check(skb, &treq->loc_addr, &treq->rmt_addr);
ipv6_addr_copy(&fl6.daddr, &treq->rmt_addr); ipv6_addr_copy(&fl6.daddr, &treq->rmt_addr);
rcu_read_lock();
err = ip6_xmit(sk, skb, &fl6, rcu_dereference(np->opt), err = ip6_xmit(sk, skb, &fl6, rcu_dereference(np->opt),
np->tclass); np->tclass);
rcu_read_unlock();
err = net_xmit_eval(err); err = net_xmit_eval(err);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment