Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 20ba40d2 authored by Matteo Croce's avatar Matteo Croce Committed by Greg Kroah-Hartman
Browse files

ipv4: ensure rcu_read_lock() in cipso_v4_error() 



commit 3e72dfdf8227b052393f71d820ec7599909dddc2 upstream.

Similarly to commit c543cb4a ("ipv4: ensure rcu_read_lock() in
ipv4_link_failure()"), __ip_options_compile() must be called under rcu
protection.

Fixes: 3da1ed7a ("net: avoid use IPCB in cipso_v4_error")
Suggested-by: default avatarGuillaume Nault <gnault@redhat.com>
Signed-off-by: default avatarMatteo Croce <mcroce@redhat.com>
Acked-by: default avatarPaul Moore <paul@paul-moore.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 81e0dac3

net/ipv4/cipso_ipv4.c

+6 −1
Original line number Diff line number Diff line
@@ -1724,6 +1724,7 @@ void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway) 
{

	unsigned char optbuf[sizeof(struct ip_options) + 40];

	struct ip_options *opt = (struct ip_options *)optbuf;

	int res;



	if (ip_hdr(skb)->protocol == IPPROTO_ICMP || error != -EACCES)

		return;
@@ -1735,7 +1736,11 @@ void cipso_v4_error(struct sk_buff *skb, int error, u32 gateway) 


	memset(opt, 0, sizeof(struct ip_options));

	opt->optlen = ip_hdr(skb)->ihl*4 - sizeof(struct iphdr);

	if (__ip_options_compile(dev_net(skb->dev), opt, skb, NULL))

	rcu_read_lock();

	res = __ip_options_compile(dev_net(skb->dev), opt, skb, NULL);

	rcu_read_unlock();



	if (res)

		return;



	if (gateway)