diff options
| author |   Wei Wang <weiwan@google.com> | 2017-10-06 12:06:09 -0700 |
|---|---|---|
| committer |   David S. Miller <davem@davemloft.net> | 2017-10-07 21:22:58 +0100 |
| commit | 17ecf590b3cba19d9ecb410e340aa78128382abb (patch) | |
| tree | 4e7110008039b7e656e34f8b098ee0650c831af7 /net/ipv6/ip6_fib.c | |
| parent | ipv6: check fn->leaf before it is used (diff) | |
| download | linux-dev-17ecf590b3cba19d9ecb410e340aa78128382abb.tar.xz linux-dev-17ecf590b3cba19d9ecb410e340aa78128382abb.zip | |
ipv6: add key length check into rt6_select()
After rwlock is replaced with rcu and spinlock, fib6_lookup() could
potentially return an intermediate node if other thread is doing
fib6_del() on a route which is the only route on the node so that
fib6_repair_tree() will be called on this node and potentially assigns
fn->leaf to the its child's fn->leaf.
In order to detect this situation in rt6_select(), we have to check if
fn->fn_bit is consistent with the key length stored in the route. And
depending on if the fn is in the subtree or not, the key is either
rt->rt6i_dst or rt->rt6i_src.
If any inconsistency is found, that means the node no longer holds valid
routes in it. So net->ipv6.ip6_null_entry is returned.
Signed-off-by: Wei Wang <weiwan@google.com>
Signed-off-by: Martin KaFai Lau <kafai@fb.com>
Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv6/ip6_fib.c')
0 files changed, 0 insertions, 0 deletions