Commit 9fc12023 authored by Lorenzo Bianconi's avatar Lorenzo Bianconi Committed by David S. Miller

ipv4: remove BUG_ON() from fib_compute_spec_dst

Remove BUG_ON() from fib_compute_spec_dst routine and check
in_dev pointer during flowi4 data structure initialization.
fib_compute_spec_dst routine can be run concurrently with device removal
where ip_ptr net_device pointer is set to NULL. This can happen
if userspace enables pkt info on UDP rx socket and the device
is removed while traffic is flowing

Fixes: 35ebf65e ("ipv4: Create and use fib_compute_spec_dst() helper")
Signed-off-by: default avatarLorenzo Bianconi <lorenzo.bianconi@redhat.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent ab123fe0
...@@ -292,19 +292,19 @@ __be32 fib_compute_spec_dst(struct sk_buff *skb) ...@@ -292,19 +292,19 @@ __be32 fib_compute_spec_dst(struct sk_buff *skb)
return ip_hdr(skb)->daddr; return ip_hdr(skb)->daddr;
in_dev = __in_dev_get_rcu(dev); in_dev = __in_dev_get_rcu(dev);
BUG_ON(!in_dev);
net = dev_net(dev); net = dev_net(dev);
scope = RT_SCOPE_UNIVERSE; scope = RT_SCOPE_UNIVERSE;
if (!ipv4_is_zeronet(ip_hdr(skb)->saddr)) { if (!ipv4_is_zeronet(ip_hdr(skb)->saddr)) {
bool vmark = in_dev && IN_DEV_SRC_VMARK(in_dev);
struct flowi4 fl4 = { struct flowi4 fl4 = {
.flowi4_iif = LOOPBACK_IFINDEX, .flowi4_iif = LOOPBACK_IFINDEX,
.flowi4_oif = l3mdev_master_ifindex_rcu(dev), .flowi4_oif = l3mdev_master_ifindex_rcu(dev),
.daddr = ip_hdr(skb)->saddr, .daddr = ip_hdr(skb)->saddr,
.flowi4_tos = RT_TOS(ip_hdr(skb)->tos), .flowi4_tos = RT_TOS(ip_hdr(skb)->tos),
.flowi4_scope = scope, .flowi4_scope = scope,
.flowi4_mark = IN_DEV_SRC_VMARK(in_dev) ? skb->mark : 0, .flowi4_mark = vmark ? skb->mark : 0,
}; };
if (!fib_lookup(net, &fl4, &res, 0)) if (!fib_lookup(net, &fl4, &res, 0))
return FIB_RES_PREFSRC(net, res); return FIB_RES_PREFSRC(net, res);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment