android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

xfrm: fix rcu lock in xfrm_notify_userpolicy()

Browse Source 
commit 93ec1320b0170d7a207eda2d119c669b673401ed upstream.

As stated in the comment above xfrm_nlmsg_multicast(), rcu read lock must
be held before calling this function.

Reported-by: syzbot+3d9866419b4aa8f985d6@syzkaller.appspotmail.com
Fixes: 703b94b93c19 ("xfrm: notify default policy on update")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Nicolas Dichtel 2021-09-22 10:50:06 +02:00 committed by Greg Kroah-Hartman
parent 091f85db4c
commit a3a1114aa6
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
net/xfrm/xfrm_user.c
View File

@ -1920,6 +1920,7 @@ static int xfrm_notify_userpolicy(struct net *net)
int len = NLMSG_ALIGN(sizeof(*up));
struct nlmsghdr *nlh;
struct sk_buff *skb;
int err;
skb = nlmsg_new(len, GFP_ATOMIC);
if (skb == NULL)
@ -1938,7 +1939,11 @@ static int xfrm_notify_userpolicy(struct net *net)
nlmsg_end(skb, nlh);
return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_POLICY);
rcu_read_lock();
err = xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_POLICY);
rcu_read_unlock();
return err;
}
static bool xfrm_userpolicy_is_valid(__u8 policy)