diff options
author | Nicolas Dichtel <nicolas.dichtel@6wind.com> | 2021-09-22 11:50:06 +0300 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2023-01-18 13:44:57 +0300 |
commit | a3a1114aa6159b31319d44314737edcd0cff6932 (patch) | |
tree | e8dedbe2fb5d9365e6cad1b8659fa13a29117fe1 /net | |
parent | 091f85db4c3fb1734a6d7fb4777a2b2831da6631 (diff) | |
download | linux-a3a1114aa6159b31319d44314737edcd0cff6932.tar.xz |
xfrm: fix rcu lock in xfrm_notify_userpolicy()
commit 93ec1320b0170d7a207eda2d119c669b673401ed upstream.
As stated in the comment above xfrm_nlmsg_multicast(), rcu read lock must
be held before calling this function.
Reported-by: syzbot+3d9866419b4aa8f985d6@syzkaller.appspotmail.com
Fixes: 703b94b93c19 ("xfrm: notify default policy on update")
Signed-off-by: Nicolas Dichtel <nicolas.dichtel@6wind.com>
Signed-off-by: Steffen Klassert <steffen.klassert@secunet.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'net')
-rw-r--r-- | net/xfrm/xfrm_user.c | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index d9841f44487f..c6bf3898d1bf 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -1920,6 +1920,7 @@ static int xfrm_notify_userpolicy(struct net *net) int len = NLMSG_ALIGN(sizeof(*up)); struct nlmsghdr *nlh; struct sk_buff *skb; + int err; skb = nlmsg_new(len, GFP_ATOMIC); if (skb == NULL) @@ -1938,7 +1939,11 @@ static int xfrm_notify_userpolicy(struct net *net) nlmsg_end(skb, nlh); - return xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_POLICY); + rcu_read_lock(); + err = xfrm_nlmsg_multicast(net, skb, 0, XFRMNLGRP_POLICY); + rcu_read_unlock(); + + return err; } static bool xfrm_userpolicy_is_valid(__u8 policy) |