From: Jonathan Lemon
Date: Sun, 14 Apr 2019 14:21:29 -0700
> When __ip6_rt_update_pmtu() is called, rt->from is RCU dereferenced, but is
> never checked for null - rt6_flush_exceptions() may have removed the entry.
>
> [ 1913.989004] RIP: 0010:ip6_rt_cache_alloc+0x13/0x170
> [ 1914.209410] Call
On 4/15/19 10:17 AM, Martin Lau wrote:
> Hi David, is similar check also needed in rt6_do_redirect() and
> inet6_rtm_getroute()?
good question. I think both could be returning an rt6_info from the
exception cache so yes they should have a similar check.
On Sun, Apr 14, 2019 at 03:29:30PM -0700, Eric Dumazet wrote:
>
>
> On 04/14/2019 02:21 PM, Jonathan Lemon wrote:
> > When __ip6_rt_update_pmtu() is called, rt->from is RCU dereferenced, but is
> > never checked for null - rt6_flush_exceptions() may have removed the entry.
> >
> > [ 1913.989004]
On Sun, Apr 14, 2019 at 02:21:29PM -0700, Jonathan Lemon wrote:
> When __ip6_rt_update_pmtu() is called, rt->from is RCU dereferenced, but is
> never checked for null - rt6_flush_exceptions() may have removed the entry.
>
> [ 1913.989004] RIP: 0010:ip6_rt_cache_alloc+0x13/0x170
> [ 1914.209410] Ca
On 4/14/19 3:21 PM, Jonathan Lemon wrote:
> When __ip6_rt_update_pmtu() is called, rt->from is RCU dereferenced, but is
> never checked for null - rt6_flush_exceptions() may have removed the entry.
>
> [ 1913.989004] RIP: 0010:ip6_rt_cache_alloc+0x13/0x170
> [ 1914.209410] Call Trace:
> [ 1914.214
On 04/14/2019 02:21 PM, Jonathan Lemon wrote:
> When __ip6_rt_update_pmtu() is called, rt->from is RCU dereferenced, but is
> never checked for null - rt6_flush_exceptions() may have removed the entry.
>
> [ 1913.989004] RIP: 0010:ip6_rt_cache_alloc+0x13/0x170
> [ 1914.209410] Call Trace:
> [ 1
When __ip6_rt_update_pmtu() is called, rt->from is RCU dereferenced, but is
never checked for null - rt6_flush_exceptions() may have removed the entry.
[ 1913.989004] RIP: 0010:ip6_rt_cache_alloc+0x13/0x170
[ 1914.209410] Call Trace:
[ 1914.214798]
[ 1914.219226] __ip6_rt_update_pmtu+0xb0/0x190
