On Wed, 2019-02-20 at 18:10 +0100, Paolo Abeni wrote: > We must access rt6_info->from under RCU read lock: move the > dereference under such lock, with proper annotation, and use > rcu_access_pointer() to check for null value outside the lock. > > Fixes: a68886a69180 ("net/ipv6: Make from in rt6_info rcu protected") > Signed-off-by: Paolo Abeni <pab...@redhat.com> > --- > net/ipv6/route.c | 6 +++--- > 1 file changed, 3 insertions(+), 3 deletions(-) > > diff --git a/net/ipv6/route.c b/net/ipv6/route.c > index bd09abd1fb22..cbaa8745d9ff 100644 > --- a/net/ipv6/route.c > +++ b/net/ipv6/route.c > @@ -1610,15 +1610,15 @@ static int rt6_remove_exception_rt(struct rt6_info > *rt) > static void rt6_update_exception_stamp_rt(struct rt6_info *rt) > { > struct rt6_exception_bucket *bucket; > - struct fib6_info *from = rt->from; > struct in6_addr *src_key = NULL; > struct rt6_exception *rt6_ex; > + struct fib6_info *from; > > - if (!from || > - !(rt->rt6i_flags & RTF_CACHE)) > + if (!rcu_access_pointer(rt->from) || !(rt->rt6i_flags & RTF_CACHE)) > return; > > rcu_read_lock(); > + from = rcu_dereference(rt->from);
-ELOWONCOFFEE: even this one is racy, as rt->from can go away due to underlying device removal between the two fetch operation. I'll send a v2. Again, I'm sorry for the noise, Paolo