From: Florian Westphal <f...@strlen.de>
Date: Thu, 2 Nov 2017 16:02:20 +0100
> syzbot reported yet another regression added with DOIT_UNLOCKED.
> When nexthop is marked as dead, fib_dump_info uses __in_dev_get_rtnl():
>
> ./include/linux/inetdevice.h:230 suspicious rcu_dereference_protected() usage!
> rcu_scheduler_active = 2, debug_locks = 1
> 1 lock held by syz-executor2/23859:
> #0: (rcu_read_lock){....}, at: [<ffffffff840283f0>]
> inet_rtm_getroute+0xaa0/0x2d70 net/ipv4/route.c:2738
> [..]
> lockdep_rcu_suspicious+0x123/0x170 kernel/locking/lockdep.c:4665
> __in_dev_get_rtnl include/linux/inetdevice.h:230 [inline]
> fib_dump_info+0x1136/0x13d0 net/ipv4/fib_semantics.c:1377
> inet_rtm_getroute+0xf97/0x2d70 net/ipv4/route.c:2785
> ..
>
> This isn't safe anymore, callers either hold RTNL mutex or rcu read lock,
> so these spots must use rcu_dereference_rtnl() or plain rcu_derefence()
> (plus unconditional rcu read lock).
>
> This does the latter.
>
> Fixes: 394f51abb3d04f ("ipv4: route: set ipv4 RTM_GETROUTE to not use rtnl")
> Reported-by: syzbot <syzkal...@googlegroups.com>
> Signed-off-by: Florian Westphal <f...@strlen.de>
Applied, thanks Florian.
