On 4/30/19 10:45 AM, Martin KaFai Lau wrote:
> It is a followup after the fix in
> commit 9c69a1320515 ("route: Avoid crash from dereferencing NULL rt->from")
>
> rt6_do_redirect():
> 1. NULL checking is needed on rt->from because a parallel
> fib6_info delete could happen that sets rt->from to NULL.
> (e.g. rt6_remove_exception() and fib6_drop_pcpu_from()).
>
> 2. fib6_info_hold() is not enough. Same reason as (1).
> Meaning, holding dst->__refcnt cannot ensure
> rt->from is not NULL or rt->from->fib6_ref is not 0.
>
> Instead of using fib6_info_hold_safe() which ip6_rt_cache_alloc()
> is already doing, this patch chooses to extend the rcu section
> to keep "from" dereference-able after checking for NULL.
>
> inet6_rtm_getroute():
> 1. NULL checking is also needed on rt->from for a similar reason.
> Note that inet6_rtm_getroute() is using RTNL_FLAG_DOIT_UNLOCKED.
>
> Fixes: a68886a69180 ("net/ipv6: Make from in rt6_info rcu protected")
> Signed-off-by: Martin KaFai Lau <ka...@fb.com>
> ---
>
Reviewed-by: Eric Dumazet <eduma...@google.com>
